cmoimas

Membres

Afficher le profil Afficher son activité

Compteur de contenus
128
Inscription
le 3 décembre 2008
Dernière visite
le 13 avril 2021
Jours gagnés
1

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par cmoimas

Lenteur et blocage de Vista

cmoimas a posté un sujet dans Analyses et éradication malwares

bonjour , depuis quelques temps , quand je veux ouvrir un ligiciel ou alors page Google , ou mozilla , ou encor Thunderbird , c'est tres long a s'ouvrir , et entre parentese ,( ne repond pas ) j'utilise . windowws vista , et mozilla anti virus d'origine vista
- le 15 juillet 2016
- 16 réponses
[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

cmoimas a répondu à un(e) sujet de cmoimas dans Windows Vista

moderateur tonton ok j'ai executer ce que tu m'a conseillé , et ça fonctionne normalement merci
- le 9 mars 2014
- 8 réponses
[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

cmoimas a répondu à un(e) sujet de cmoimas dans Windows Vista

ok je vais essayer de faire ça , je revien plus tard . merci
- le 9 mars 2014
- 8 réponses
[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

cmoimas a répondu à un(e) sujet de cmoimas dans Windows Vista

oui , j'ai débranché l'impriment de la freebox
- le 9 mars 2014
- 8 réponses
[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

cmoimas a répondu à un(e) sujet de cmoimas dans Windows Vista

BONJOUR ? non j'ai juste ajouté une imprimente en reseaux par la freebox les drivers de l'imprimente etant deja installé
- le 9 mars 2014
- 8 réponses
- - 1
[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

cmoimas a posté un sujet dans Windows Vista

bonjour , j'ai un probleme avec windows qui fonctionne qu'en mode sans echeque en demarrage normal les programmes ne s'ouvrent plu reste page blanche avec le sablier et rien se passe , mais en mode sans echeque je peux meme aller sur internet , avez vous une idée,? MERCI
- le 9 mars 2014
- 8 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

bonjoue et merci pour tout. resolu
- le 30 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

bonjour , hd plus 4.9 a disparut , c'est super , je te remercie , je met le dernier rapport zhpd. ~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013) ~ Lancé par manolito (28/12/2013 00:58:14) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): ---\\ Navigateurs Internet MSIE: Internet Explorer v7.0.6002.18005 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista Home Premium, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 2V7GR Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système Avira AntiVir Personal - Free Antivirus v10.2.0.167 Malwarebytes Anti-Malware version 1.75.0.1300 Secunia PSI McAfee Security Scan Plus v3.0.285.6 ---\\ Logiciels d'optimisation du système CCleaner v3.01 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer Pando Media Booster v2.3.5.2 ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 45 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3032 MB (48% free) System Restore: Activé (Enable) System drive C: has 99 GB (66%) free of 149 GB ---\\ Mode de connexion au système ~ Computer Name: SYLVIE ~ User Name: manolito ~ All Users Names: manolito, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\manolito\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\manolito\AppData\Roaming\ ~ %Desktop% : C:\Users\manolito\Desktop\ ~ %Favorites% : C:\Users\manolito\Favorites\ ~ %LocalAppData% : C:\Users\manolito\AppData\Local\ ~ %StartMenu% : C:\Users\manolito\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 99 Go of 149 Go) D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 75 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 50 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.B13B730D34BE8999E0B213EAA5F7172C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 03:17:49.) -- C:\Windows\System32\wininet.dll [834048] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/755 ~ Mes musiques (My Musics) : 1/326 ~ Mes Videos (My Videos) : 1/6 ~ Mes Documents (My Documents) : 1/1449 ~ Mon Bureau (My Desktop) : 3/909 ~ Menu demarrer (Programs) : 1/45 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.2428] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2452] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2568] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1508] [MD5.FBB33D6550559030FE42615572FE9FC3] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\PSI_TRAY.exe [565464] [PID.3420] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.3716] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1224] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1640] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1448] [MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.1896] [MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.2108] [MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.2204] [MD5.96633419F4A1E37ACB89B45EBCCFE001] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe [238952] [PID.2224] [MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2296] [MD5.5608ED3957105BC14E3C426BB27AC5A1] - (.Intel® Corporation - Intel® PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [477456] [PID.2348] [MD5.1560C2889A4D508ADA0FF594D9EB66AC] - (...) -- C:\Program Files\Serviio\bin\ServiioService.exe [276480] [PID.2464] [MD5.250B9120C7C103AFDC0C6643F9691055] - (.Fujitsu Siemens Computers - Testhandler Service.) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104] [PID.2736] [MD5.DDEBCC0AA7BD3EB02ABCE6B3D8536DEA] - (.Intel® Corporation - Intel® PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576] [PID.2852] [MD5.C559672F31ABE6BA7277DD73C4502238] - (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\system32\msiexec.exe [73216] [PID.3856] [MD5.398A81D590424441B2F5C5C08073CADB] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [1229528] [PID.3464] [MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.2520] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\2id8v8zw.default-1369406508233\prefs.js (.not file.) C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\prefs.js P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll (.not file.) ~ Firefox Browser: 50 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [manolito]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [manolito]: SquareClock_Castorama_Internet.exe - Raccourci.lnk . (.SquareClock SAS - SquareClock Setup.) -- C:\Users\manolito\Desktop\SquareClock_Castorama_Internet.exe O4 - GS\Program [manolito]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.3.12.904\Badoo.desktop.exe O4 - GS\Program [manolito]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [manolito]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [manolito]: Casto 3D Cuisine.lnk . (...) -- C:\Users\manolito\AppData\Local\SquareClock.Production_Castorama_Internet\SQ.3D.Modeller.exe O4 - GS\Desktop [manolito]: Corbeille - Raccourci.lnk - Clé orpheline ~ Global Startup: 64 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Public]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-2674704853-1526591263-719234467-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.line6.net ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Serviio (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ~ Services: 14 Legitimates Filtered in 00mn 03s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.) ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{02A45A13-0DF3-421E-92C6-ACB95ABE052C}] (...) -- C:\Program Files\NCSoft\Launcher\NCLauncher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{07CB9BCC-6F09-4E81-9E81-94247B518B6A}] (...) -- C:\Users\manolito\Desktop\Nouveau dossier\pbsetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{158C71DF-4F7D-4C0F-B677-3518842636C9}] (...) -- C:\Users\manolito\InstallWoW.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7208A496-E12C-4548-8924-9097FB9BBA43}] (...) -- D:\InstallWoW.exe (.not file.) [0] [MD5.C0567761FDFAAF3099E071D32D4F336E] [APT] [{93AA0288-122C-4C8D-B578-240FE9050ABA}] (...) -- C:\Program Files\VLC\vlc-0.9.9-win32.exe [16742799] [MD5.00000000000000000000000000000000] [APT] [{9B4FDE0B-C100-4E2F-A765-71560E7967EF}] (...) -- C:\Users\manolito\Downloads\InstallWoW.exe (.not file.) [0] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (WINIO) . (.http://www.internals.com - WinIo.) - C:\Windows\system32\WinIo.sys ~ Drivers: 69 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Power Manager 2.8.3 - (.FIC, Inc..) [HKLM] -- Power Manager_is1 ~ Logic: 22 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\Pando Networks] [HKCU\Software\mif2000] [HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램] [HKLM\Software\FIC HotKey] [HKLM\Software\Pando Networks] [HKLM\Software\Power Manager] [HKLM\Software\UrbanTerror] [HKLM\Software\WinIo] [HKLM\Software\ioUrbanTerror] ~ Key Software: 318 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/02/2011 - 21:12:15 - [7,130] ----D C:\Program Files\Pando Networks O43 - CFD: 15/08/2008 - 02:58:01 - [2,269] ----D C:\Program Files\Power Manager O43 - CFD: 20/08/2010 - 02:15:26 - [0,218] --H-D C:\Program Files\SCNvFiles O43 - CFD: 14/11/2010 - 22:00:17 - [0] ----D C:\Users\manolito\AppData\Roaming\mif2000's Hamlet O43 - CFD: 11/01/2010 - 00:33:53 - [0] ----D C:\Users\manolito\AppData\Local\._Revolution_ O43 - CFD: 20/12/2013 - 19:25:35 - [0] ----D C:\Users\manolito\AppData\Local\LXiMediaCenter ~ Program Folder: 257 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7A3D910CF8F6053DC3F5EB7012F6F049] - 20/12/2013 - 19:34:31 ---A- . (...) -- C:\Windows\MezzmoMediaServer.INI [43] ~ Files: 44 Legitimates Filtered in 00mn 02s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{07f54265-18e0-11e1-a73a-00140b4f9d22}\AutoRun\command. (...) -- F:\Startme.exe (.not file.) O51 - MPSK:{13551614-0464-11df-b727-00140b4f9d22}\AutoRun\command. (...) -- G:\SolS.exe (.not file.) O51 - MPSK:{4e5ca27b-2ce5-11de-b184-00140b4f9d22}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) O51 - MPSK:{7a836092-d256-11de-b66e-00140b4f9d22}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.) O51 - MPSK:{b115218b-3622-11df-bdbe-00140b4f9d22}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.) O51 - MPSK:{d2528d38-1c52-11e3-9d63-95a8eee8d206}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BDAgent [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BitDefender Antiphishing Helper [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Exetender [Key] . (...) -- C:\Program Files\Free Ride Games\GPlayer.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\FIC HotKey [Key] . (.Pas de propriétaire - Tray MFC.) -- C:\Program Files\Hotkey Utility\tray.exe O53 - SMSR:HKLM\...\startupreg\LaunchPad [Key] . (.FIC - LaunchPad Application.) -- C:\Program Files\Launch Pad\LaunchPad.exe O53 - SMSR:HKLM\...\startupreg\NPCTray [Key] . (...) -- C:\Program Files\Norman\npc\bin\npc_tray.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O53 - SMSR:HKLM\...\startupreg\PowerManager [Key] . (.Pas de propriétaire - PowerManager Application.) -- C:\Program Files\Power Manager\PM.exe O53 - SMSR:HKLM\...\startupreg\TrialReset [Key] . (...) -- C:\Windows\regx32.exe (.not file.) ~ SMSR Keys: 33 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [66616] O58 - SDL:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\Drivers\avipbb.sys [138192] O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584] O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:[MD5.475048300F9919381C60A3701430CFD7] - 06/10/2013 - 11:49:40 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904] O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 06/12/2013 - 15:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_x86.sys [16024] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.54D0B8343CE8C22412A5F29D32EFD211] - 04/06/2013 - 09:15:02 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 11/04/2009 - 00:46:49 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [5632] O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648] O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:[MD5.5C2BDC152BBAB34F36473DEAF7713F22] - 14/12/2010 - 18:51:20 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.CBE5F69A5E5B918225F420BA748F3742] - 14/06/2010 - 09:32:54 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36608] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] O58 - SDL:[MD5.819C68FF6C4C63886D636FFB2DABF5EF] - 04/01/2007 - 10:15:08 ---A- . (.http://www.internals.com - WinIo.) -- C:\Windows\System32\WinIo.sys [9336] ~ Drivers: 17 Legitimates Filtered in 00mn 04s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 04/01/2007 - C:\Windows\system32\WinIo.sys (WINIO) .(.http://www.internals.com - WinIo.) - LEGACY_WINIO ~ Legacy: 129 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {B72EB5A7-A1EE-45BB-A649-BC7F6B4106AB} - (Yahoo! Search) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.DDC00A87285C106B41FA92098A67AB5B] [sPRF][16/05/2010] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.A71DDE2C29FDA26B1199F5507B0AF2DA] [sPRF][21/12/2010] (...) -- C:\Users\manolito\AppData\Local\d3d9caps.dat [7728] [MD5.6B2B1DC38804916F9535AA655CD7B4B7] [sPRF][22/02/2011] (...) -- C:\Users\manolito\AppData\Local\fusioncache.dat [96] [MD5.475048300F9919381C60A3701430CFD7] [sPRF][06/10/2013] (...) -- C:\Users\manolito\AppData\Roaming\PnkBstrK.sys [138904] [MD5.6510FAD6C442F3FF65BA1E3792031F2C] [sPRF][31/07/2009] (...) -- C:\Users\manolito\AppData\Roaming\wklnhst.dat [102] [MD5.CA1BBBBAF9A7F8F02B49C9B488C82179] [sPRF][30/11/2013] (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\manolito\Desktop\incredimail_install.exe [491784] [MD5.D8B9844FDFD05CD495F110FFF11C1EE5] [sPRF][28/12/2013] (.Secunia - Secunia PSI Installer.) -- C:\Users\manolito\Desktop\PSISetup.exe [5329480] ~ Files: 10 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SS - | Auto 12/09/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SS - | Demand 30/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 10/07/1658 0 | (iPod Service) . (...) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 12/09/2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 05/09/2012 234776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 05/01/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe SR - | Auto 19/07/2010 866576 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 04/07/2010 238952 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe SR - | Auto 06/10/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 19/07/2010 477456 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SR - | Auto 06/12/2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe SR - | Auto 31/01/2012 276480 | (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 05s ---\\ Scan Additionnel (O88) Database Version : 13013 - (14/12/2013) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 267683 Items scanned in 00mn 24s ~ 1320 Legitimates filtered by white list End of the scan (476 lines in 01mn 15s)(0)
- le 28 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.12.27.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 manolito :: SYLVIE [administrateur] 27/12/2013 11:27:25 mbam-log-2013-12-27 (11-27-25).txt Type d'examen: Examen complet (C:\|D:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 360675 Temps écoulé: 1 heure(s), 19 minute(s), 50 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 6 C:\AdwCleaner\Quarantine\C\Windows\system32\jmdp\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> Mis en quarantaine et supprimé avec succès. C:\Users\manolito\Desktop\visionneusepowerpoint_telechargement_01net.exe (PUP.Toolbar.Repacked) -> Mis en quarantaine et supprimé avec succès. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BF6L7MB6\SkywalkerSetup[1].exe (PUP.Optional.InstallBrain.A) -> Mis en quarantaine et supprimé avec succès. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2S7QMC8\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Mis en quarantaine et supprimé avec succès. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2S7QMC8\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Mis en quarantaine et supprimé avec succès. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RRE00PNJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> Mis en quarantaine et supprimé avec succès. (fin)
- le 27 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

ça ne fonctionne pas non plu message "inetrna server error et dichier d'aide idem
- le 27 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

rapport sftg impossible de créer le lien .
- le 26 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

rapport de zhpfix Rapport de ZHPFix 2013.12.14.5 par Nicolas Coolman, Update du 06/12/2013 Fichier d'export Registre : Run by manolito at 26/12/2013 15:54:38 High Elevated Privileges : OK Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Corbeille vidée (00mn 05s) Réparation des raccourcis navigateur ========== Logiciels ========== ABSENT Uninstall Process: c:\program files\accelerer pc\unins000.exe ========== Clés du Registre ========== SUPPRIMÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1] SUPPRIMÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411591118} ========== Valeurs du Registre ========== Aucune Valeur Standard Profile: FirewallRaz : Aucune Valeur Domain Profile: FirewallRaz : SUPPRIMÉ: FirewallRaz (Private) : TCP Query User{396D3C4B-F32C-411B-B146-7BC9BFB615AC}C:\program files\urbanterror\iourbanterror.exe SUPPRIMÉ: FirewallRaz (Private) : UDP Query User{FD53DE1D-EEAE-4BB2-AD1C-53159F35F033}C:\program files\urbanterror\iourbanterror.exe SUPPRIMÉ: FirewallRaz (Domain) : {27746FF8-732D-4CAE-9428-244B17E07EF5} SUPPRIMÉ: FirewallRaz (Domain) : {E771F3E3-1355-4A75-8857-690259CE24C7} SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{B51D5ABA-422A-459F-9076-5407E18FAFBE}C:\world of warcraft\wow-1.12.0-frfr-downloader.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{0042E3B7-8656-4105-87F8-443B7E8C4D75}C:\world of warcraft\wow-1.12.0-frfr-downloader.exe SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{9BF63990-EE70-44DC-939D-858767264B62}F:\world of warcraft\wowbc.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{6BC1A222-1296-490B-A4CF-DFFB9CB6EEB0}F:\world of warcraft\wowbc.exe SUPPRIMÉ: FirewallRaz (Public) : {46CFBF5C-67BB-4B75-B0D9-7D5BA05A57A1} SUPPRIMÉ: FirewallRaz (Public) : {EC3885AD-17B7-4E33-A10B-0F17D5D3C404} SUPPRIMÉ: FirewallRaz (Public) : {4A8D8EC7-3EAC-41BB-8551-3AC2B8A5B227} SUPPRIMÉ: FirewallRaz (Public) : {41979CEC-A019-45BF-A796-6786E03AC157} SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{66978503-8FE0-464C-B4D3-A0C84CDEEB93}D:\world of warcraft\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{8E22EDE0-CAF5-4498-A910-F30C8900C07A}D:\world of warcraft\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{94DA4AD1-4104-4A87-9302-AE2EDBB3C938}F:\world of warcraft wrath of the lich king\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{2B8354E0-FF3D-4B21-A1F9-17BE763D90FA}F:\world of warcraft wrath of the lich king\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{814D2953-305F-439F-946F-17F8C1BEB214}D:\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{57CE0A75-BA5E-49AF-8C97-1E098C118572}D:\world of warcraft\launcher.exe SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{3FA4623E-80BD-46A2-8367-4799565FE7CE}C:\program files\urbanterror\iourbanterror.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{76C4E22A-54CA-438E-8BD7-98D595963E14}C:\program files\urbanterror\iourbanterror.exe SUPPRIMÉ: FirewallRaz (Public) : {679281B5-BACC-48FD-A994-B6F5AC040494} SUPPRIMÉ: FirewallRaz (Public) : {BCC9AC6A-5CAE-44C5-9908-D7910890B1C9} SUPPRIMÉ: FirewallRaz (Public) : {666F4070-87D0-4F76-B74B-AC59CDC6B38C} SUPPRIMÉ: FirewallRaz (Public) : {130CA354-C4A1-4BA5-BA5A-171188699BA5} SUPPRIMÉ: FirewallRaz (Public) : {987E5272-877F-492E-A35B-BD4EA5795339} SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{BF77F14A-9D3A-4F82-946C-440D90DF155D}C:\users\manolito\downloads\wowq.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{EFD76B3B-2881-4519-AB0E-AB8A357D9633}C:\users\manolito\downloads\wowq.exe SUPPRIMÉ: FirewallRaz (Private) : {5437F1F4-BE26-4E44-A5FA-D33985C91CB3} SUPPRIMÉ: FirewallRaz (Private) : {1B11D153-46C9-44E7-80C5-7EC7B206B000} SUPPRIMÉ: FirewallRaz (None) : {734BF5EA-2F39-4375-B99A-79A45798A994} SUPPRIMÉ: FirewallRaz (Public) : {B5C50107-6C9B-408F-B3FC-23D152621DFA} SUPPRIMÉ: FirewallRaz (Public) : {E962B430-4B96-429D-A476-C0B42ABFDC4F} SUPPRIMÉ: FirewallRaz (Public) : {4C9549B7-5609-408B-A460-E8DB5648A814} SUPPRIMÉ: FirewallRaz (Public) : {4697973B-A2C7-4F4B-B8A3-97EAFFA364ED} SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{D3DE0ADE-49B7-43DD-8A1E-C5772EB4F0A5}C:\program files\secondlifeviewer\slvoice.exe SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{FA050087-EC6C-4C9C-A326-AE897E327132}C:\program files\secondlifeviewer\slvoice.exe SUPPRIMÉ: FirewallRaz (Public) : {8F286C9D-B7E9-4B82-BFB8-AC53B892F8AA} SUPPRIMÉ: FirewallRaz (Public) : {84A9056B-F2F0-4550-8AA6-287AA20634B3} ========== Dossiers ========== SUPPRIMÉS Temporaires Windows (88) SUPPRIMÉS Flash Cookies (1) ========== Fichiers ========== SUPPRIMÉ: C:\Users\manolito\AppData\LocalLow\SkwConfig.bin SUPPRIMÉ: C:\Windows\Installer\16e46b63.msi SUPPRIMÉS Temporaires Windows (161) (10 536 067 octets) SUPPRIMÉS Flash Cookies (0) (0 octets) ========== Récapitulatif ========== 2 : Clés du Registre 40 : Valeurs du Registre 2 : Dossiers 4 : Fichiers 1 : Logiciels End of clean in 00mn 06s ========== Chemin de fichier rapport ========== C:\Users\manolito\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/12/2013 15:54:44 [5221]
- le 26 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

voila le rapport ~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013) ~ Lancé par manolito (26/12/2013 10:10:29) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): ---\\ Navigateurs Internet MSIE: Internet Explorer v7.0.6002.18005 MFIE: Mozilla Firefox 26.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista Home Premium, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 2V7GR Windows License : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système Avira AntiVir Personal - Free Antivirus v10.2.0.167 McAfee Security Scan Plus v3.0.285.6 ---\\ Logiciels d'optimisation du système CCleaner v3.01 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer Pando Media Booster v2.3.5.2 ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3032 MB (56% free) System Restore: Activé (Enable) System drive C: has 104 GB (69%) free of 149 GB ---\\ Mode de connexion au système ~ Computer Name: SYLVIE ~ User Name: manolito ~ All Users Names: manolito, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\manolito\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\manolito\AppData\Roaming\ ~ %Desktop% : C:\Users\manolito\Desktop\ ~ %Favorites% : C:\Users\manolito\Favorites\ ~ %LocalAppData% : C:\Users\manolito\AppData\Local\ ~ %StartMenu% : C:\Users\manolito\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 104 Go of 149 Go) D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 75 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 50 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.B13B730D34BE8999E0B213EAA5F7172C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 03:17:49.) -- C:\Windows\System32\wininet.dll [834048] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/755 ~ Mes musiques (My Musics) : 1/326 ~ Mes Videos (My Videos) : 1/6 ~ Mes Documents (My Documents) : 1/1449 ~ Mon Bureau (My Desktop) : 3/910 ~ Menu demarrer (Programs) : 1/45 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.1444] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2088] [MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.2568] [MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3464] [MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.2184] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3940] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1248] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1624] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1840] [MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.2104] [MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.2220] [MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.2276] [MD5.96633419F4A1E37ACB89B45EBCCFE001] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe [238952] [PID.2300] [MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2388] [MD5.5608ED3957105BC14E3C426BB27AC5A1] - (.Intel® Corporation - Intel® PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [477456] [PID.2452] [MD5.1560C2889A4D508ADA0FF594D9EB66AC] - (...) -- C:\Program Files\Serviio\bin\ServiioService.exe [276480] [PID.2512] [MD5.250B9120C7C103AFDC0C6643F9691055] - (.Fujitsu Siemens Computers - Testhandler Service.) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104] [PID.2640] [MD5.DDEBCC0AA7BD3EB02ABCE6B3D8536DEA] - (.Intel® Corporation - Intel® PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576] [PID.2836] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\2id8v8zw.default-1369406508233\prefs.js (.not file.) C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\prefs.js P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll (.not file.) ~ Firefox Browser: 50 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [manolito]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [manolito]: SquareClock_Castorama_Internet.exe - Raccourci.lnk . (.SquareClock SAS - SquareClock Setup.) -- C:\Users\manolito\Desktop\SquareClock_Castorama_Internet.exe O4 - GS\Program [manolito]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.3.12.904\Badoo.desktop.exe O4 - GS\Program [manolito]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [manolito]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [manolito]: Casto 3D Cuisine.lnk . (...) -- C:\Users\manolito\AppData\Local\SquareClock.Production_Castorama_Internet\SQ.3D.Modeller.exe O4 - GS\Desktop [manolito]: Corbeille - Raccourci.lnk - Clé orpheline ~ Global Startup: 62 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-21-2674704853-1526591263-719234467-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.line6.net ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Serviio (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ~ Services: 13 Legitimates Filtered in 00mn 03s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.) ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{02A45A13-0DF3-421E-92C6-ACB95ABE052C}] (...) -- C:\Program Files\NCSoft\Launcher\NCLauncher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{07CB9BCC-6F09-4E81-9E81-94247B518B6A}] (...) -- C:\Users\manolito\Desktop\Nouveau dossier\pbsetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{158C71DF-4F7D-4C0F-B677-3518842636C9}] (...) -- C:\Users\manolito\InstallWoW.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7208A496-E12C-4548-8924-9097FB9BBA43}] (...) -- D:\InstallWoW.exe (.not file.) [0] [MD5.C0567761FDFAAF3099E071D32D4F336E] [APT] [{93AA0288-122C-4C8D-B578-240FE9050ABA}] (...) -- C:\Program Files\VLC\vlc-0.9.9-win32.exe [16742799] [MD5.00000000000000000000000000000000] [APT] [{9B4FDE0B-C100-4E2F-A765-71560E7967EF}] (...) -- C:\Users\manolito\Downloads\InstallWoW.exe (.not file.) [0] ~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (WINIO) . (.http://www.internals.com - WinIo.) - C:\Windows\system32\WinIo.sys ~ Drivers: 69 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Accelerer PC - Désinstallation complète - (.Speedchecker Limited.) [HKLM] -- PCSU-SL_is1 =>Rogue.PCSpeedUp O42 - Logiciel: Power Manager 2.8.3 - (.FIC, Inc..) [HKLM] -- Power Manager_is1 ~ Logic: 23 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\Pando Networks] [HKCU\Software\mif2000] [HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램] [HKLM\Software\FIC HotKey] [HKLM\Software\Pando Networks] [HKLM\Software\Power Manager] [HKLM\Software\UrbanTerror] [HKLM\Software\WinIo] [HKLM\Software\ioUrbanTerror] ~ Key Software: 316 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/02/2011 - 21:12:15 - [7,130] ----D C:\Program Files\Pando Networks O43 - CFD: 15/08/2008 - 02:58:01 - [2,269] ----D C:\Program Files\Power Manager O43 - CFD: 20/08/2010 - 02:15:26 - [0,218] --H-D C:\Program Files\SCNvFiles O43 - CFD: 14/11/2010 - 22:00:17 - [0] ----D C:\Users\manolito\AppData\Roaming\mif2000's Hamlet O43 - CFD: 11/01/2010 - 00:33:53 - [0] ----D C:\Users\manolito\AppData\Local\._Revolution_ O43 - CFD: 20/12/2013 - 19:25:35 - [0] ----D C:\Users\manolito\AppData\Local\LXiMediaCenter ~ Program Folder: 253 Legitimates Filtered in 00mn 21s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7A3D910CF8F6053DC3F5EB7012F6F049] - 20/12/2013 - 19:34:31 ---A- . (...) -- C:\Windows\MezzmoMediaServer.INI [43] ~ Files: 40 Legitimates Filtered in 00mn 02s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{07f54265-18e0-11e1-a73a-00140b4f9d22}\AutoRun\command. (...) -- F:\Startme.exe (.not file.) O51 - MPSK:{13551614-0464-11df-b727-00140b4f9d22}\AutoRun\command. (...) -- G:\SolS.exe (.not file.) O51 - MPSK:{4e5ca27b-2ce5-11de-b184-00140b4f9d22}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) O51 - MPSK:{7a836092-d256-11de-b66e-00140b4f9d22}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.) O51 - MPSK:{b115218b-3622-11df-bdbe-00140b4f9d22}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.) O51 - MPSK:{d2528d38-1c52-11e3-9d63-95a8eee8d206}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BDAgent [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BitDefender Antiphishing Helper [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Exetender [Key] . (...) -- C:\Program Files\Free Ride Games\GPlayer.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\FIC HotKey [Key] . (.Pas de propriétaire - Tray MFC.) -- C:\Program Files\Hotkey Utility\tray.exe O53 - SMSR:HKLM\...\startupreg\LaunchPad [Key] . (.FIC - LaunchPad Application.) -- C:\Program Files\Launch Pad\LaunchPad.exe O53 - SMSR:HKLM\...\startupreg\NPCTray [Key] . (...) -- C:\Program Files\Norman\npc\bin\npc_tray.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O53 - SMSR:HKLM\...\startupreg\PowerManager [Key] . (.Pas de propriétaire - PowerManager Application.) -- C:\Program Files\Power Manager\PM.exe O53 - SMSR:HKLM\...\startupreg\TrialReset [Key] . (...) -- C:\Windows\regx32.exe (.not file.) ~ SMSR Keys: 33 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [66616] O58 - SDL:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\Drivers\avipbb.sys [138192] O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584] O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:[MD5.475048300F9919381C60A3701430CFD7] - 06/10/2013 - 11:49:40 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.54D0B8343CE8C22412A5F29D32EFD211] - 04/06/2013 - 09:15:02 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 11/04/2009 - 00:46:49 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [5632] O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648] O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:[MD5.5C2BDC152BBAB34F36473DEAF7713F22] - 14/12/2010 - 18:51:20 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.CBE5F69A5E5B918225F420BA748F3742] - 14/06/2010 - 09:32:54 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36608] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] O58 - SDL:[MD5.819C68FF6C4C63886D636FFB2DABF5EF] - 04/01/2007 - 10:15:08 ---A- . (.http://www.internals.com - WinIo.) -- C:\Windows\System32\WinIo.sys [9336] ~ Drivers: 17 Legitimates Filtered in 00mn 04s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 04/01/2007 - C:\Windows\system32\WinIo.sys (WINIO) .(.http://www.internals.com - WinIo.) - LEGACY_WINIO ~ Legacy: 128 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {B72EB5A7-A1EE-45BB-A649-BC7F6B4106AB} - (Yahoo! Search) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.DDC00A87285C106B41FA92098A67AB5B] [sPRF][16/05/2010] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.A71DDE2C29FDA26B1199F5507B0AF2DA] [sPRF][21/12/2010] (...) -- C:\Users\manolito\AppData\Local\d3d9caps.dat [7728] [MD5.6B2B1DC38804916F9535AA655CD7B4B7] [sPRF][22/02/2011] (...) -- C:\Users\manolito\AppData\Local\fusioncache.dat [96] [MD5.53E3E113AFC7FECE8DDE459642FFF557] [sPRF][24/12/2013] (...) -- C:\Users\manolito\AppData\Local\Temp\i4jdel0.exe [27585] [MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [sPRF][23/12/2013] (...) -- C:\Users\manolito\AppData\Local\Temp\Quarantine.exe [360051] [MD5.CD7ADF45DD4E48BCC594C867985E8CF4] [sPRF][24/12/2013] (...) -- C:\Users\manolito\AppData\LocalLow\SkwConfig.bin [8220] [MD5.475048300F9919381C60A3701430CFD7] [sPRF][06/10/2013] (...) -- C:\Users\manolito\AppData\Roaming\PnkBstrK.sys [138904] [MD5.6510FAD6C442F3FF65BA1E3792031F2C] [sPRF][31/07/2009] (...) -- C:\Users\manolito\AppData\Roaming\wklnhst.dat [102] [MD5.CA1BBBBAF9A7F8F02B49C9B488C82179] [sPRF][30/11/2013] (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\manolito\Desktop\incredimail_install.exe [491784] ~ Files: 12 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "TCP Query User{396D3C4B-F32C-411B-B146-7BC9BFB615AC}C:\program files\urbanterror\iourbanterror.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\urbanterror\iourbanterror.exe (.not file.) O87 - FAEL: "UDP Query User{FD53DE1D-EEAE-4BB2-AD1C-53159F35F033}C:\program files\urbanterror\iourbanterror.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\urbanterror\iourbanterror.exe (.not file.) O87 - FAEL: "TCP Query User{3FA4623E-80BD-46A2-8367-4799565FE7CE}C:\program files\urbanterror\iourbanterror.exe" |In - Public - P6 - FALSE | .(...) -- C:\program files\urbanterror\iourbanterror.exe (.not file.) O87 - FAEL: "UDP Query User{76C4E22A-54CA-438E-8BD7-98D595963E14}C:\program files\urbanterror\iourbanterror.exe" |In - Public - P17 - FALSE | .(...) -- C:\program files\urbanterror\iourbanterror.exe (.not file.) O87 - FAEL: "TCP Query User{BF77F14A-9D3A-4F82-946C-440D90DF155D}C:\users\manolito\downloads\wowq.exe" |In - Public - P6 - FALSE | .(...) -- C:\users\manolito\downloads\wowq.exe (.not file.) O87 - FAEL: "UDP Query User{EFD76B3B-2881-4519-AB0E-AB8A357D9633}C:\users\manolito\downloads\wowq.exe" |In - Public - P17 - FALSE | .(...) -- C:\users\manolito\downloads\wowq.exe (.not file.) O87 - FAEL: "{B5C50107-6C9B-408F-B3FC-23D152621DFA}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{E962B430-4B96-429D-A476-C0B42ABFDC4F}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) ~ Firewall: 269 Legitimates Filtered in 00mn 01s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.B4FFFB98C7876596E166ECF8A2DCC1F7] [WIS][08/07/2009] (.Spigot, Inc. - Search Settings.) -- C:\Windows\Installer\16e46b63.msi [1555968] =>Adware.SearchSettings ~ WIS: 58 Legitimates Filtered in 00mn 04s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SS - | Auto 12/09/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SS - | Demand 30/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 10/07/1658 0 | (iPod Service) . (...) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 12/09/2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 05/09/2012 234776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 05/01/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe SR - | Auto 19/07/2010 866576 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe SR - | Auto 04/07/2010 238952 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe SR - | Auto 06/10/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 19/07/2010 477456 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SR - | Auto 31/01/2012 276480 | (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 05s ---\\ Scan Additionnel (O88) Database Version : 13013 - (14/12/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1] =>Rogue.PCSpeedUp^ [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411591118}] =>PUP.CrossRider C:\Windows\Installer\16e46b63.msi =>Adware.SearchSettings^ ~ Additionnel Scan: 265801 Items scanned in 00mn 24s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ ~ MSI: 3 link(s) detected in 00mn 24s ~ 1347 Legitimates filtered by white list End of the scan (500 lines in 01mn 32s)(0)
- le 26 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

bonjour, zhp ne demarre pas , j'ai un infobule qui dit "serveur zebulon indisponible ".?
- le 25 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

# AdwCleaner v3.016 - Rapport créé le 24/12/2013 à 15:58:18 # Mis à jour le 23/12/2013 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 2 (32 bits) # Nom d'utilisateur : manolito - SYLVIE # Exécuté depuis : C:\Users\manolito\Desktop\adwcleaner.exe # Option : Nettoyer ***** [ Services ] ***** [#] Service Supprimé : IBUpdaterService ***** [ Fichiers / Dossiers ] ***** Dossier Supprimé : C:\ProgramData\NCH Software Dossier Supprimé : C:\ProgramData\Uniblue\DriverScanner Dossier Supprimé : C:\ProgramData\AlawarWrapper Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accelerer PC Dossier Supprimé : C:\Program Files\Accelerer PC Dossier Supprimé : C:\Program Files\NCH Software Dossier Supprimé : C:\Windows\system32\jmdp Dossier Supprimé : C:\Users\manolito\AppData\Roaming\NCH Software Dossier Supprimé : C:\Users\manolito\AppData\Roaming\Uniblue\DriverScanner Dossier Supprimé : C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\Conduit Dossier Supprimé : C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\ConduitEngine Fichier Supprimé : C:\Windows\system32\dmwu.exe Fichier Supprimé : C:\Windows\system32\ImhxxpComm.dll Fichier Supprimé : C:\Windows\System32\Tasks\NCH Software ***** [ Raccourcis ] ***** ***** [ Registre ] ***** Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Clé Supprimée : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D6598005-A921-4F83-B6E6-F4F030D1BF37} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0F6ECBD3-98B1-4044-8520-69407A70C83C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8A41F062-A222-4322-A8C4-26218BE869B9} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0207057-3461-4F7F-B689-D016B7A03964} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C6A61AAE-D30B-4E7A-A3D8-8A34E5BA3414} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4F9AD2F2-3A64-470E-93F7-A03423E52ACA} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A7C2FCDD-0359-49DD-8339-BE2A5BD60918} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] Clé Supprimée : HKCU\Software\Minibar Clé Supprimée : HKCU\Software\NCH Software Clé Supprimée : HKCU\Software\Search Settings Clé Supprimée : HKCU\Software\wnlt Clé Supprimée : HKLM\Software\Minibar Clé Supprimée : HKLM\Software\NCH Software Clé Supprimée : HKLM\Software\Search Settings Clé Supprimée : HKLM\Software\SimplyGen Clé Supprimée : HKLM\Software\Speedchecker Limited Clé Supprimée : HKLM\Software\Uniblue Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EEE6C374-6118-11DC-9C72-001320C79847} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1 Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask.com Search Assistant Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FaceSmooch Smileys Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1 ***** [ Navigateurs ] ***** -\\ Internet Explorer v7.0.6002.18005 -\\ Mozilla Firefox v26.0 (fr) [ Fichier : C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\prefs.js ] Ligne Supprimée : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{59994074-c06d-4a75-9768-[...] Ligne Supprimée : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"FaceSmooch\",\"description\":\"Spice up your facebook chat with cool Smileys, Emoticons, Winks, Animations and more.\",\"button\":{\"t[...] Ligne Supprimée : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEiElEQVQ4jYWUW1DUdQCFf7D7X3cab4imsSOipjLiJSicwXFITDcVdhdiUHBV8AIokEiKD[...] Ligne Supprimée : user_pref("iminent.adapters", "{\"google\":{\"CountryCode\":\"FR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387565619040259200\"},\"custhelp\":{\"CountryCode\":\"FR\",\"NoAds\":false,\"Status\":[...] Ligne Supprimée : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1387569701668,\"InstallEvent\":\"True\"}"); ************************* AdwCleaner[R0].txt - [10540 octets] - [24/12/2013 15:57:21] AdwCleaner[s0].txt - [10544 octets] - [24/12/2013 15:58:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10605 octets] ########## voila j'ai executé merci
- le 24 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows Vista Home Premium x86 Ran by manolito on 24/12/2013 at 15:49:53,01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] ibupdaterservice ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.BHO Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.BHO.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.Sandbox Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0045918.Sandbox.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455595518} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466596618} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444594418} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.BHO Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.BHO.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.Sandbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0045918.Sandbox.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2567681 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455595518} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466596618} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444594418} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411591118} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411591118} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411591118} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ~~~ Files Successfully deleted: [File] "C:\Users\manolito\appdata\locallow\SkwConfig.bin" Failed to delete: [File] "C:\Windows\system32\dmwu.exe" Failed to delete: [File] "C:\Windows\system32\imhttpcomm.dll" ~~~ Folders Failed to delete: [Folder] "C:\Windows\system32\jmdp" ~~~ FireFox Successfully deleted: [File] C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\user.js Successfully deleted: [File] C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\searchplugins\mystart search.xml Successfully deleted: [File] C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\searchplugins\sweetim search.xml Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com" Successfully deleted: [Folder] C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com Successfully deleted the following from C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\prefs.js user_pref("CT2567681.CTID", "CT2567681"); user_pref("CT2567681.CurrentServerDate", "3-11-2010"); user_pref("CT2567681.DialogsAlignMode", "LTR"); user_pref("CT2567681.DownloadReferralCookieData", ""); user_pref("CT2567681.EMailNotifierPollDate", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedLastCount129132852755156787", 415); user_pref("CT2567681.FeedPollDate128746777097562523", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746777252093961", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746777461468985", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746790824594437", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746790988031938", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746791145844439", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746791280844460", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.FeedPollDate128746791444750814", "Wed Nov 03 2010 11:08:19 GMT+0100"); user_pref("CT2567681.FeedPollDate128746791615375007", "Wed Nov 03 2010 11:08:19 GMT+0100"); user_pref("CT2567681.FeedPollDate128746791787562545", "Wed Nov 03 2010 11:08:19 GMT+0100"); user_pref("CT2567681.FeedTTL128746777252093961", 60); user_pref("CT2567681.FeedTTL128746777461468985", 60); user_pref("CT2567681.FeedTTL128746791787562545", 5); user_pref("CT2567681.FirstServerDate", "16-5-2010"); user_pref("CT2567681.FirstTime", true); user_pref("CT2567681.FirstTimeFF3", true); user_pref("CT2567681.FirstTimeSettingsDone", true); user_pref("CT2567681.FixPageNotFoundErrors", true); user_pref("CT2567681.GroupingServerCheckInterval", 1440); user_pref("CT2567681.Initialize", true); user_pref("CT2567681.InitializeCommonPrefs", true); user_pref("CT2567681.InstallationAndCookieDataSentCount", 3); user_pref("CT2567681.InstallationType", "UnknownIntegration"); user_pref("CT2567681.InstalledDate", "Sun May 16 2010 19:12:19 GMT+0200"); user_pref("CT2567681.InvalidateCache", false); user_pref("CT2567681.IsGrouping", false); user_pref("CT2567681.IsMulticommunity", false); user_pref("CT2567681.IsOpenThankYouPage", false); user_pref("CT2567681.IsOpenUninstallPage", true); user_pref("CT2567681.LanguagePackLastCheckTime", "Wed Nov 03 2010 11:08:19 GMT+0100"); user_pref("CT2567681.LanguagePackReloadIntervalMM", 1440); user_pref("CT2567681.LastLogin_2.6.0.15", "Sat Jun 19 2010 14:56:54 GMT+0200"); user_pref("CT2567681.LastLogin_2.7.2.0", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.LatestVersion", "2.7.2.0"); user_pref("CT2567681.Locale", "fr-fr"); user_pref("CT2567681.LoginCache", 4); user_pref("CT2567681.MCDetectTooltipHeight", "83"); user_pref("CT2567681.MCDetectTooltipWidth", "295"); user_pref("CT2567681.RadioIsPodcast", false); user_pref("CT2567681.RadioLastCheckTime", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CT2567681.RadioLastUpdateIPServer", "3"); user_pref("CT2567681.RadioLastUpdateServer", "129315462672570000"); user_pref("CT2567681.RadioMediaID", "9958"); user_pref("CT2567681.RadioMediaType", "Media Player"); user_pref("CT2567681.RadioMenuSelectedID", "EBRadioMenu_CT2567681_RECENT9958"); user_pref("CT2567681.RadioShrinked", "expanded"); user_pref("CT2567681.RadioStationName", "SKY.fm%20Country"); user_pref("CT2567681.SHRINK_TOOLBAR", 1); user_pref("CT2567681.SearchFromAddressBarIsInit", true); user_pref("CT2567681.SearchInNewTabEnabled", true); user_pref("CT2567681.SearchInNewTabIntervalMM", 1440); user_pref("CT2567681.SearchInNewTabLastCheckTime", "Wed Nov 03 2010 11:08:17 GMT+0100"); user_pref("CT2567681.SearchProtectorToolbarDisabled", true); user_pref("CT2567681.SettingsCheckIntervalMin", 120); user_pref("CT2567681.SettingsLastCheckTime", "Wed Nov 03 2010 11:08:17 GMT+0100"); user_pref("CT2567681.SettingsLastUpdate", "1276151559"); user_pref("CT2567681.ThirdPartyComponentsInterval", 504); user_pref("CT2567681.ThirdPartyComponentsLastCheck", "Wed Nov 03 2010 11:08:17 GMT+0100"); user_pref("CT2567681.ThirdPartyComponentsLastUpdate", "1276151559"); user_pref("CT2567681.ToolbarDisabled", true); user_pref("CT2567681.UserID", "UN90392069007313776"); user_pref("CT2567681.ValidationData_Search", 1); user_pref("CT2567681.ValidationData_Toolbar", 2); user_pref("CT2567681.WeatherNetwork", ""); user_pref("CT2567681.WeatherPollDate", "Wed Nov 03 2010 11:08:19 GMT+0100"); user_pref("CT2567681.WeatherUnit", "C"); user_pref("CT2567681.alertChannelId", "960546"); user_pref("CT2567681.clientLogIsEnabled", true); user_pref("CT2567681.myStuffEnabled", true); user_pref("CT2567681.myStuffPublihserMinWidth", 400); user_pref("CT2567681.myStuffServiceIntervalMM", 1440); user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.IsEngineShown", true); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); user_pref("CommunityToolbar.ToolbarsList", "CT2567681,ConduitEngine"); user_pref("CommunityToolbar.ToolbarsList2", "CT2567681"); user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 21:41:33 GMT+0100"); user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 26 2011 16:55:57 GMT+0200"); user_pref("CommunityToolbar.alert.locale", ""); user_pref("CommunityToolbar.alert.loginIntervalMin", 0); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 23:20:11 GMT+0200"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", ""); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "57647c78-11cc-4e68-9789-9fd14414c62d"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Nov 03 2010 11:08:18 GMT+0100"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("ConduitEngine.AppTrackingLastCheckTime", "Wed Jun 22 2011 02:24:22 GMT+0200"); user_pref("ConduitEngine.BrowserCompStateIsOpen_8850132814472675970", true); user_pref("ConduitEngine.CTID", "ConduitEngine"); user_pref("ConduitEngine.CommunitiesChangesLastCheckTime", "0"); user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 16:03:48 GMT+0200"); user_pref("ConduitEngine.FirstServerDate", "01/08/2011 13"); user_pref("ConduitEngine.FirstTime", true); user_pref("ConduitEngine.FirstTimeFF3", true); user_pref("ConduitEngine.GroupingInvalidateCache", false); user_pref("ConduitEngine.GroupingLastCheckTime", "0"); user_pref("ConduitEngine.GroupingLastServerUpdateTime", "0"); user_pref("ConduitEngine.HasUserGlobalKeys", true); user_pref("ConduitEngine.Initialize", true); user_pref("ConduitEngine.InitializeCommonPrefs", true); user_pref("ConduitEngine.InstalledDate", "Sat Jan 08 2011 11:01:12 GMT+0100"); user_pref("ConduitEngine.InvalidateCache", false); user_pref("ConduitEngine.IsMulticommunity", false); user_pref("ConduitEngine.IsOpenThankYouPage", false); user_pref("ConduitEngine.IsOpenUninstallPage", true); user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 23:20:14 GMT+0200"); user_pref("ConduitEngine.LastLogin_3.2.3.3", "Sat Jan 08 2011 11:01:12 GMT+0100"); user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 27 2011 07:03:47 GMT+0200"); user_pref("ConduitEngine.RadioLastCheckTime", "0"); user_pref("ConduitEngine.RadioLastUpdateIPServer", "0"); user_pref("ConduitEngine.RadioLastUpdateServer", "0"); user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 27 2011 23:20:14 GMT+0200"); user_pref("ConduitEngine.UserID", "UN35311574588474460"); user_pref("ConduitEngine.apps6801178666090758873", false); user_pref("ConduitEngine.componentAlertEnabled", true); user_pref("ConduitEngine.counterAppsAdded", 2); user_pref("ConduitEngine.counterAppsRemoved", 1); user_pref("ConduitEngine.engineLocale", "fr"); user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jun 26 2011 16:03:48 GMT+0200"); user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 27 2011 08:10:20 GMT+0200"); user_pref("ConduitEngine.initDone", true); user_pref("ConduitEngine.isAppTrackingManagerOn", true); user_pref("ConduitEngine.usagesFlag", 2); user_pref("extensions.BabylonToolbar.aflt", "babclient"); user_pref("extensions.BabylonToolbar.bbDpng", 29); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.dfltSrch", true); user_pref("extensions.BabylonToolbar.hmpg", true); user_pref("extensions.BabylonToolbar.id", "6ef016810000000000000016ead0866a"); user_pref("extensions.BabylonToolbar.instlDay", "15274"); user_pref("extensions.BabylonToolbar.instlRef", "std"); user_pref("extensions.BabylonToolbar.lastDP", 29); user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.100:28:00"); user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); user_pref("extensions.BabylonToolbar.newTab", true); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.propectorlck", 58475942); user_pref("extensions.BabylonToolbar.prtkDS", 1); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.ptch_0717", true); user_pref("extensions.BabylonToolbar.smplGrp", "none"); user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); user_pref("extensions.BabylonToolbar.tlbrId", "base"); user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.100:28:00"); user_pref("extensions.crossrider.bic", "143115b0cfb1ddce2826425f678d3ba5"); user_pref("extensions.engine@conduit.com.install-event-fired", true); user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true); user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"FaceSmooch\",\"description\":\"Spice up your facebook chat with cool Smileys, Emoticons, Winks, Animations an user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAEiElEQVQ4jYWUW1DUdQCFf7D7X3cab4imsSOipjLiJSic user_pref("extensions.search@searchsettings.com.install-event-fired", true); user_pref("iminent.LayoutId", "28"); user_pref("iminent.ShowThankyouPixel", "0"); user_pref("iminent.adapters", "{\"google\":{\"CountryCode\":\"FR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387565619040259200\"},\"custhelp\":{\"CountryCode\":\"FR\",\" user_pref("iminent.enabledAds", "false"); user_pref("iminent.registerToolbarEvent100", "1387569159264"); user_pref("iminent.registerToolbarEvent102", "1387565620826"); user_pref("iminent.version", "7.51.3.1"); user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1387569701668,\"InstallEvent\":\"True\"}"); user_pref("surfcanyon.coupons_enabled", true); user_pref("surfcanyon.display_similar_product_images", true); user_pref("surfcanyon.initialized_roaming_suggestions", true); user_pref("surfcanyon.initialized_search_links", true); user_pref("surfcanyon.initialized_similar_product_images", true); user_pref("surfcanyon.inst_id", "b5fcea9b4e494116"); user_pref("surfcanyon.inst_timestamp", "27 10 2011 Thursday 22 28 00"); user_pref("surfcanyon.last_seen_splash", "335"); user_pref("surfcanyon.partner_code", "AFA"); user_pref("surfcanyon.price_trace_enabled", true); user_pref("surfcanyon.roaming_suggestions_enabled", true); user_pref("surfcanyon.search_links_enabled", true); Emptied folder: C:\Users\manolito\AppData\Roaming\mozilla\firefox\profiles\o4ulk5q6.default\minidumps [162 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/12/2013 at 15:52:46,51 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- le 24 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

je dois partie je refait tout ça plus tard , merci a plus
- le 23 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

message serveur zebulon indisponible
- le 23 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

j'ai executé mais l'analyse ne demare pas
- le 23 décembre 2013
- 23 réponses
[Résolu] Virus Plus-HD-4.9

cmoimas a posté un sujet dans Analyses et éradication malwares

bonjour , j'ai toujours un paneau publicitaire qui m'empoisonne , au nom de "plus hd 4.9" avez- vous une solution? merci.
- le 23 décembre 2013
- 23 réponses
[Résolu] Supprimer Babylone de Mozilla

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

encore une fois merci et désolé pour le retard de réponse
- le 20 juillet 2012
- 4 réponses
[Résolu] Supprimer Babylone de Mozilla

cmoimas a répondu à un(e) sujet de cmoimas dans Analyses et éradication malwares

Bonjours alors je vous montre le rapport : # AdwCleaner v1.702 - Rapport créé le 18/07/2012 à 11:23:56 # Mis à jour le 13/07/2012 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : adri - ADRI-PC # Exécuté depuis : C:\Users\adri\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\adri\AppData\Roaming\Babylon Dossier Supprimé : C:\Users\adri\AppData\Roaming\OpenCandy Dossier Supprimé : C:\ProgramData\Babylon Dossier Supprimé : C:\Program Files (x86)\Object Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml ***** [Registre] ***** Clé Supprimée : HKCU\Software\Conduit Clé Supprimée : HKCU\Software\Softonic Clé Supprimée : HKCU\Software\SweetIm Clé Supprimée : HKCU\Software\Tutorials Clé Supprimée : HKLM\SOFTWARE\Babylon Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL Clé Supprimée : HKLM\SOFTWARE\Conduit Clé Supprimée : HKLM\SOFTWARE\DT Soft Clé Supprimée : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl Clé Supprimée : HKLM\SOFTWARE\Iminent Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Clé Supprimée : HKLM\SOFTWARE\SweetIM Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials] Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] ***** [Registre - GUID] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.7601.17514 Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=111304&babsrc=NT_ss&mntrId=deada7f6000000000000722f6888034c --> hxxp://www.google.com -\\ Mozilla Firefox v13.0.1 (fr) Nom du profil : default Fichier : C:\Users\adri\AppData\Roaming\Mozilla\Firefox\Profiles\rg4ewjnm.default\prefs.js C:\Users\adri\AppData\Roaming\Mozilla\Firefox\Profiles\rg4ewjnm.default\user.js ... Supprimé ! Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Supprimée : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=111304&babsrc=NT_ss&mntrId=deada7f[...] Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Supprimée : user_pref("browser.search.order.1", "Search the web (Babylon)"); Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", ""); Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304"); Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "deada7f6000000000000722f6888034c"); Supprimée : user_pref("extensions.BabylonToolbar_i.id", "deada7f6000000000000722f6888034c"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15536"); Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true); Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111304&babsrc=N[...] Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:26:18"); Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=deada7f6000000[...] ************************* AdwCleaner[s1].txt - [4986 octets] - [18/07/2012 11:23:56] ########## EOF - C:\AdwCleaner[s1].txt - [5114 octets] ########## Et apres l'utilisation du logciel que vous m'avez prescrit babylon a disparu, je vous remercie de votre aide.
- le 18 juillet 2012
- 4 réponses
[Résolu] Supprimer Babylone de Mozilla

cmoimas a posté un sujet dans Analyses et éradication malwares

Bonjour j'ai un souci avec Internet. J'ai window 7 avec un Asus (portable). Voila mon probleme, chaques fois que j'ouvre un nouvel onglet dans mozilla, babylone s'ouvre, j'arrive pas à le supprimer. Y a t'il un tuto pour l'éliminer ? Je vous remercie d'avance
- le 17 juillet 2012
- 4 réponses
Plantage Live Messenger

cmoimas a posté un sujet dans Software

bonjour a tous , j'espere etre tombé sur le bon forum , voila mon probleme , il m'est imposible de mettre a jour live messenger sur xp pro et mon messenger a ctuel ne fonctionne pas bien , la webcam est inexistante , alor q"avent elle fonctionnait tres bien . je suis obligé d'installer win 7?? ou bien y'a t'il un astus? merci a vous
- le 12 mai 2011
- 1 réponse
viris trouvé par avira antivir

cmoimas a posté un sujet dans Analyses et éradication malwares

bonjour , voila mon probleme , apres avoir fai un scan avec avira , en mode sans echec , j'ai trouvé 2 fichiers infecté , 1 avec : tr/meredrop.A.1662 , l'autre worm/sd bot .329143 , apres recherche sur le net , rien de concret , voila un raport hijackthis svp pouvez vous m'aider, merci. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:47:07, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\TweakRAM\TweakRAM.exe C:\Program Files\LClock\lclock.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrateur\Mes documents\probleme virus ect..Zebulon\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.downdz.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - Global Startup: Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10002 bytes
- le 21 septembre 2009

Connexion

cmoimas

Compteur de contenus

Inscription

Dernière visite

Jours gagnés

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par cmoimas

Lenteur et blocage de Vista

[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

[Résolu] Windows Vista ne fonctionne qu'en mode sans échec

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Virus Plus-HD-4.9

[Résolu] Supprimer Babylone de Mozilla

[Résolu] Supprimer Babylone de Mozilla

[Résolu] Supprimer Babylone de Mozilla

Plantage Live Messenger

viris trouvé par avira antivir

Zebulon

Outils en ligne

Naviguer