Aller au contenu

lennon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    8

  • Inscription

  • Dernière visite

lennon's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. lennon
    Oups désolé pour le rapport. Merci en tout cas pour tous vos conseils.
  2. lennon
    oui et depuis plus aucune trace. Comment savoir s'il est "mort" ?
  3. lennon
    Ca y est !!! Je lance mozilla et là je tombe sur ma page d'accueil habituelle. Je pense donc que le virus est "tué" non ?
  4. lennon
    Voici le nouveau 1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 19:45:06 le 29/04/2013 4. 5. Valeur(s) recherchée(s): 6. Qvo6 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Calcul du Hash "MD5" 11. (!) --- Informations supplémentaires 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) ====== 15. 16. Aucun fichier trouvé 17. 18. 19. ====== Entrée(s) du registre ====== 20. 21. Aucun élément dans le registre trouvé 22. 23. ========================= 24. 25. Fin à: 19:48:36 le 29/04/2013 26. 370362 Éléments analysés 27. 28. ========================= 29. E.O.F
  5. lennon
    c'est fait voici le rapport: 1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 19:19:01 le 29/04/2013 4. 5. Valeur(s) recherchée(s): 6. QV06 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Calcul du Hash "MD5" 11. (!) --- Informations supplémentaires 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) ====== 15. 16. Aucun fichier trouvé 17. 18. 19. ====== Entrée(s) du registre ====== 20. 21. Aucun élément dans le registre trouvé 22. 23. ========================= 24. 25. Fin à: 19:22:17 le 29/04/2013 26. 370241 Éléments analysés 27. 28. ========================= 29. E.O.F
  6. lennon
    Opération effectuée et PC redemmaré mais malheureusement, ça continue. Veux tu que je recommence dès le début toutes les opérations ?
  7. lennon
    Bonjour. Désolé pour ce trop grand laps de temps entre votre réponse et maintenant mais PC HS . Sinon, j'ai bien fait votre manip mais lorsque j'ouvre mozilla, je retombe à nouveau sur la page d'accueil qv06. Que faire ? Merci d'avance.
  8. lennon
    Bonjour. Comme beaucoup en ce moment je suis infecté par QVO6. J'ai fait toutes les étapes des autres sujets c'est à dire adwcleaner puis jrt et zhp diag. le 1er: # AdwCleaner v2.115 - Rapport créé le 01/04/2013 à 23:40:27 # Mis à jour le 17/03/2013 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 1 (32 bits) # Nom d'utilisateur : jean jacques - PC-DE-JEANJACQU # Mode de démarrage : Normal # Exécuté depuis : C:\Users\jean jacques\Desktop\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj ***** [Registre] ***** ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.19088 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v19.0.2 (fr) Fichier : C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v26.0.1410.43 Fichier : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [25563 octets] - [05/03/2013 19:43:02] AdwCleaner[s2].txt - [1187 octets] - [01/04/2013 23:40:27] ########## EOF - C:\AdwCleaner[s2].txt - [1247 octets] ########## le 2eme (JRT): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.8 (03.31.2013:1) OS: Windows Vista Home Premium x86 Ran by jean jacques on 01/04/2013 at 23:59:41,55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\jean jacques\AppData\Roaming\mozilla\firefox\profiles\581fpvej.default\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02/04/2013 at 0:04:15,21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ le 3eme (ZHP): Rapport de ZHPDiag v2013.4.1.5 par Nicolas Coolman, Update du 01/04/2013 Run by jean jacques at 02/04/2013 00:04:55 State : Version à jour. High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.19088 MFIE: Mozilla Firefox 19.0.2 v19.0.2 GCIE: Google Chrome v26.0.1410.43 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 6CJ97 Windows License : OK Windows Automatic Updates : OK ---\\ System Information ~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2813 MB (66% free) System Restore: Activé (Enable) System drive C: has 359 GB (78%) free of 457 GB ---\\ Logged in mode ~ Computer Name: PC-DE-JEANJACQU ~ User Name: jean jacques ~ All Users Names: jean jacques, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\jean jacques\AppData\Roaming\ ~ %Desktop% : C:\Users\jean jacques\Desktop\ ~ %Favorites% : C:\Users\jean jacques\Favorites\ ~ %LocalAppData% : C:\Users\jean jacques\AppData\Local\ ~ %StartMenu% : C:\Users\jean jacques\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 359 Go of 457 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go) E:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480] [MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\Windows\System32\Winlogon.exe [314880] [MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:23:00.) -- C:\Windows\system32\Drivers\atapi.sys [21560] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 03:23:02.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 03:23:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984] [MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 03:24:59.) -- C:\Windows\system32\Drivers\netBT.sys [184320] [MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 03:25:00.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 03:24:53.) -- C:\Windows\system32\Drivers\tdx.sys [71680] [MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/01/2008 - 03:23:21.) -- C:\Windows\system32\Drivers\volsnap.sys [227896] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/38 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/45 ~ Mes Documents (My Documents) : 1/110 ~ Mon Bureau (My Desktop) : 1/321 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.2712] [MD5.151B2D097C7182898387994CEA34890B] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [5369856] [PID.2892] [MD5.D7EE83A9257D508656172A2B9DD3C317] - (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672] [PID.2936] [MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2996] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3008] [MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.3028] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3228] [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.3320] [MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3372] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3696] [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3104] [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1288] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3572] [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.2504] [MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508336] [PID.5512] [MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.6020] [MD5.32F68A4A3CEA6F7A3644E4DC00BFD7F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6340608] [PID.2392] [MD5.88426F9A9BF0AD2358C3CC4FBB1B1C62] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.948] [MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1276] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1608] [MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [PID.2552] [MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2660] [MD5.A2B6583A5652A385DFF5E4F49AD48761] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056] [PID.2768] [MD5.40B87FE8A1A9A5AC9E5A91D96F212BCD] - (...) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [PID.2912] [MD5.283195C5301EADBCF56DEE637573ED12] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\bin32\nSvcAppFlt.exe [598016] [PID.3392] [MD5.3C7BD1EC817D300A8826D49C406D5894] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\bin32\nSvcIp.exe [163840] [PID.3456] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] Qvo6.com ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [jean jacques - 581fpvej.default] Google P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_37] - (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Windows\system32\npdeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - (.McAfee, Inc. - McAfee MSS+ NPAPI Plugin.) -- C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} Clé orpheline O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ BHO: 12 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{0BF43445-2F28-4351-9252-17FE6E806AA0} Clé orpheline O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe O4 - HKLM\..\Run: [bkupTray] . (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Incorporated - WR_PopUp.) -- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com O4 - GS\QuickLaunch: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com O4 - GS\Desktop: Mes numérisations - Raccourci.lnk . (...) -- C:\Users\jean jacques\Documents\Mes numérisations O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Microsoft Office.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 6 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) ~ Services: 9 Legitimates Scanned in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\jean jacques\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] [MD5.343E9EFB16136611B0322A1E94353C41] [APT] [Norton Security Scan for jean jacques] (.Symantec Corporation.) -- C:\Program Files\NORTON~2\Engine\351~1.8\Nss.exe [641464] [MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D9E8DCEC-1FF7-47BF-B729-0D30D4785204}] (...) -- D:\Poker 770\_SetupCasino.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F466122A-EC29-4560-9DAC-6D62F5639460}] (...) -- G:\livebox.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Scanned in 00mn 02s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 13 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 86 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AV Input Selection - (.YUAN.) [HKLM] -- {F429ED71-4A8B-457A-85E4-F6398CE73E58} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems, Inc..) [HKLM] -- {922E8525-AC7E-4294-ACAA-43712D4423C0} O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 8.1.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003} O42 - Logiciel: Java 6 Update 37 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216037FF} O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast ~ Logic: 66 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Casino] [HKCU\Software\Full Tilt Poker] [HKCU\Software\Poker 770] [HKLM\Software\Full Tilt Poker] [HKLM\Software\Poker 770] [HKLM\Software\SimDebug] [HKLM\Software\V9] [HKLM\Software\deskSvc] [HKLM\Software\qvo6Software] ~ Key Software: 147 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/05/2008 - 03:33:45 - [31,007] ----D C:\Program Files\bin32 O43 - CFD: 26/01/2011 - 05:01:54 - [0,175] ----D C:\Program Files\Full Tilt Poker O43 - CFD: 09/05/2008 - 03:33:37 - [0] ----D C:\Program Files\log O43 - CFD: 02/03/2013 - 21:22:27 - [11,498] ----D C:\Program Files\McAfee Security Scan O43 - CFD: 01/04/2013 - 20:44:44 - [0] ----D C:\Program Files\PDFReader O43 - CFD: 09/05/2008 - 03:33:44 - [0,061] ----D C:\Program Files\profile O43 - CFD: 11/10/2006 - 00:34:57 - [1,884] ----D C:\Program Files\YUAN O43 - CFD: 01/04/2013 - 20:50:14 - [28,816] ----D C:\Program Files\Common Files\337 O43 - CFD: 08/05/2012 - 18:43:20 - [0,003] ----D C:\Program Files\Common Files\Java(7) O43 - CFD: 05/03/2013 - 20:04:17 - [0,003] ----D C:\Program Files\Common Files\Java( O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\ProgramData\eMule O43 - CFD: 28/03/2013 - 04:12:48 - [0,001] ----D C:\ProgramData\McAfee Security Scan O43 - CFD: 01/04/2013 - 20:38:19 - [0,000] ----D C:\Users\jean jacques\AppData\Roaming\DSite O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\Users\jean jacques\AppData\Local\eMule O43 - CFD: 18/03/2010 - 19:21:48 - [0,013] ----D C:\Users\jean jacques\AppData\Local\FullTiltPoker ~ Program Folder: 160 Legitimates Scanned in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.36C490CCC75DB8FBF643516F38C40D92] - 01/04/2013 - 22:59:26 ---A- . (...) -- C:\AdwCleaner[s3].txt [388] O44 - LFC:[MD5.FF4EE77016D263CCBFF0F0AC2BCB70EF] - 01/04/2013 - 22:59:18 ---A- . (...) -- C:\AdwCleaner[R2].txt [1180] O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 01/04/2013 - 22:49:32 ---A- . (...) -- C:\Windows\System32\agent.log [147] O44 - LFC:[MD5.9EDA7F415FCBE742A0850985D58FF9B8] - 01/04/2013 - 22:40:44 ---A- . (...) -- C:\AdwCleaner[s2].txt [1316] O44 - LFC:[MD5.EB1D986612EE9FB6A57F207B349EE15A] - 31/03/2013 - 17:36:18 ---A- . (...) -- C:\Windows\hpoins46.dat [217545] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:32:54 ---A- . (...) -- C:\Creator.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:43 ---A- . (...) -- C:\PnR.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:40 ---A- . (...) -- C:\CLMS.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:14 ---A- . (...) -- C:\SDMA.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:50 ---A- . (...) -- C:\MDR.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:20 ---A- . (...) -- C:\MDisc.log [90] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/03/2013 - 19:17:28 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0] O44 - LFC:[MD5.9E9586057ABEA3157B49D44AA6450CCD] - 11/06/2009 - 04:02:28 ----- . (...) -- C:\Windows\hpomdl46.dat.temp [606] ~ Files: 39 Legitimates Scanned in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1214CECC1C2F3F23C4DCECC33329756E] - 01/04/2013 - 20:39:35 ---A- - C:\Windows\Prefetch\HPQDIREC.EXE-6B6EA665.pf O45 - LFCP:[MD5.F0A65C2576668FE999B8CB61DF417F95] - 01/04/2013 - 21:58:24 ---A- - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf O45 - LFCP:[MD5.26371395751832F3D1C966AE049AD5E9] - 01/04/2013 - 21:58:25 ---A- - C:\Windows\Prefetch\HPQBAM08.EXE-5B656772.pf O45 - LFCP:[MD5.8CDB2DB299102047FACACBD9969BFED6] - 01/04/2013 - 21:58:26 ---A- - C:\Windows\Prefetch\HPQGPC01.EXE-92C87699.pf O45 - LFCP:[MD5.2F9CFE8C44F4D6619CB5BCD5C43DC4EF] - 01/04/2013 - 22:26:58 ---A- - C:\Windows\Prefetch\EHMSAS.EXE-2D3B2F21.pf O45 - LFCP:[MD5.7407782011A1D1B66B78180374425CBF] - 08/03/2013 - 17:03:16 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-28D2775E.pf O45 - LFCP:[MD5.E5B15C14637B795557DEC1C3EE44440D] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-F43399FA.pf O45 - LFCP:[MD5.C0318E59AC3175849EE8C327F7F98D80] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-BF15185E.pf O45 - LFCP:[MD5.7E1121623AC070D9DD174BCFAD012AF3] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\NSAFE.TMP-F24C7805.pf O45 - LFCP:[MD5.BD7C77A8159DCD7960B95ECD47C7F6A6] - 12/03/2013 - 07:15:15 ---A- - C:\Windows\Prefetch\HPQTRA08.EXE-B5C3CA4D.pf O45 - LFCP:[MD5.7BB7A7386FC6216662A98A7AE7065085] - 12/03/2013 - 19:34:31 ---A- - C:\Windows\Prefetch\NSS.EXE-CF6B0ED9.pf O45 - LFCP:[MD5.09C349B92E2A56979059550C49D39C56] - 13/03/2013 - 10:51:39 ---A- - C:\Windows\Prefetch\FLASHPLAYERINSTALLER.EXE-7A827B6D.pf O45 - LFCP:[MD5.9072188FC14B05021DF598DF2F79B893] - 20/03/2013 - 02:36:52 ---A- - C:\Windows\Prefetch\AGENTSVC.EXE-EDF9C0DC.pf O45 - LFCP:[MD5.0F36FD0C1F34D1395D7E4F8080B92E47] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\BKUPTRAY.EXE-5F69D960.pf O45 - LFCP:[MD5.212F6495ACFBD0319815B0CB5E8F6847] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\SCHEDULERSVC.EXE-F3CF4F15.pf O45 - LFCP:[MD5.4548989FB81AC4D724058030AC519265] - 29/03/2013 - 18:08:38 ---A- - C:\Windows\Prefetch\NSS.EXE-08DE1F60.pf O45 - LFCP:[MD5.4D5BEA817AD34DFFEE734AE285A6BA25] - 30/03/2013 - 20:22:11 ---A- - C:\Windows\Prefetch\MCUICNT.EXE-9B22BF7E.pf O45 - LFCP:[MD5.D1F29E5D9723F378B4DAC5B572E0AE67] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQPPROP.EXE-54B2B73F.pf O45 - LFCP:[MD5.B59FEBEF30529AFCD69AEF021165DA33] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQTBX01.EXE-5B14679D.pf O45 - LFCP:[MD5.99344DA37007326A75F14223BDB60BBF] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSHL01.EXE-CDB7A7A8.pf O45 - LFCP:[MD5.03C0754DB7D3E5E6038ADEDF19CB4800] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSTUB.EXE-7C5D0C95.pf O45 - LFCP:[MD5.E5E1B4EB3CC40F0516F600790331DA04] - 31/03/2013 - 17:36:29 ---A- - C:\Windows\Prefetch\HPZHSG01.EXE-4048C477.pf O45 - LFCP:[MD5.01717D9A013F67AEFC427FE5140D8DA2] - 31/03/2013 - 17:37:45 ---A- - C:\Windows\Prefetch\SETUP_GUIDE.EXE-72E9BBFD.pf O45 - LFCP:[MD5.9AC646BE1E889BED5F7C2EB39DA31072] - 31/03/2013 - 17:39:08 ---A- - C:\Windows\Prefetch\HPZDUI01.EXE-91EC6427.pf ~ Prefetcher: 140 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 3 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 18 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/04/2013 - 17:25:24 ---A- C:\Users\jean jacques\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.43\26.0.1410.43_25.0.1364.172_chrome_updater.exe [11304288] O61 - LFC: 01/04/2013 - 17:25:44 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\setup.exe [1642448] O61 - LFC: 01/04/2013 - 17:26:00 R--A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\chrome.7z [122395900] O61 - LFC: 01/04/2013 - 17:26:12 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\VisualElementsManifest.xml [396] O61 - LFC: 01/04/2013 - 18:18:54 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163] O61 - LFC: 01/04/2013 - 18:54:49 ---A- C:\Users\jean jacques\Downloads\PDFCreator-1_6_2_setup.exe [17464864] O61 - LFC: 01/04/2013 - 19:09:44 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\4202808359 [14552] O61 - LFC: 01/04/2013 - 19:13:50 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505] O61 - LFC: 01/04/2013 - 19:13:51 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337] O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\OptimizationSettings\QualitySettings.xml [2128] O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\817012237 [14385] O61 - LFC: 01/04/2013 - 19:26:26 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar\broker_metrics.xml [2743] O61 - LFC: 01/04/2013 - 19:37:04 ---A- C:\Users\jean jacques\Downloads\PDFReaderSetup.exe [653584] O61 - LFC: 01/04/2013 - 19:38:19 ---A- C:\Users\jean jacques\AppData\Roaming\DSite\UpdateProc\prod.dat [31] O61 - LFC: 01/04/2013 - 19:48:45 ---A- C:\Users\jean jacques\Downloads\sun-pdf-import-extension-windows-downloader.exe [145866] O61 - LFC: 01/04/2013 - 19:49:25 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eGdpSvc.exe [969280] O61 - LFC: 01/04/2013 - 19:49:32 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eXQ.exe [691256] O61 - LFC: 01/04/2013 - 19:55:31 ---A- C:\Users\jean jacques\Downloads\pdf24-creator-5.4.0.exe [15898712] O61 - LFC: 01/04/2013 - 20:16:08 ---A- C:\Users\jean jacques\Downloads\nitro_pdf_pro_32_dlm.exe [1451400] O61 - LFC: 01/04/2013 - 20:17:48 ---A- C:\Users\jean jacques\AppData\Roaming\Downloaded Installations\{F4022F19-96A2-4B2D-B5AA-DAA72206C318}\{A098E759-960F-4279-952A-B7995278D5FF}.msi [171335680] O61 - LFC: 01/04/2013 - 20:19:47 ---A- C:\Users\jean jacques\AppData\Roaming\FileOpen\Fowpmadi.txt [60] O61 - LFC: 01/04/2013 - 20:38:43 ---A- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126] O61 - LFC: 01/04/2013 - 20:39:35 ---A- C:\Users\jean jacques\AppData\Roaming\HP\ScLogs\SolutionCenter.htm [51560] O61 - LFC: 01/04/2013 - 20:41:17 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\OIS\Toolbars.dat [666] O61 - LFC: 01/04/2013 - 21:07:21 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Local State [25867] O61 - LFC: 01/04/2013 - 21:07:22 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] ~ 39 Fichiers temporaires (Temporary files) ~ Files: 128 Legitimates Scanned in 00mn 02s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) ~ Legacy: 77 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Keys: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe" Qvo6.com O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 31 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.3DA292CF3335CCBCD6E077FE7BEC8E85] [sPRF][26/02/2013] (...) -- C:\Users\jean jacques\AppData\Local\d3d9caps.dat [1356] [MD5.399027C21521470E0C51A3D1B53C517E] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\HomePageQvo6.exe [235299] [MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/03/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\mlv_ar_qvo6.exe [93776] [MD5.0D66DD89DED055BED52F0137C863ED9B] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\NitroSysFonts01.dat [322939] [MD5.2A436F48A34FD5115745782830FE94CA] [sPRF][01/04/2013] (.Nitro PDF Software - Installation and setup files for Nitro PDF Professional (fr-FR).) -- C:\Users\jean jacques\AppData\Local\Temp\nitro_pro8.exe [45635128] [MD5.36179B382A989075FF5FA282434F6892] [sPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe [394736] [MD5.FA015A8FE1D5717B950BD5067C202CCD] [sPRF][15/05/2009] (...) -- C:\Users\jean jacques\AppData\LocalLow\prvlcl.dat [188496] [MD5.938CB5882EB4873608BDE711AA28BCFF] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126] [MD5.EC4961D7E0F6ACEF4E8446E062048D88] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\Desktop\adwcleaner.exe [609993] [MD5.848AC3CDFC084212914E873629FC974F] [sPRF][01/04/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\jean jacques\Desktop\JRT.exe [550772] ~ Files: Scanned in 00mn 04s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{5CAB4D76-BB08-4DF5-AE39-60EBC8819404}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "UDP Query User{19066067-107E-4158-A8FD-1E8C394B335B}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "{77AE73EB-8112-46AF-80D7-88515F995292}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) O87 - FAEL: "{A1FE1C5D-2C20-4E9C-B7B1-7F07976CFF05}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) ~ Firewall: 196 Legitimates Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11360 - (01/04/2013) Clés trouvées (Keys found) : 9 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKCU\Software\poker 770] =>Adware.Casino [HKLM\Software\poker 770] =>Adware.Casino [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\qvo6Software] =>Hijacker.Qvo6 C:\Program Files\Common Files\337 =>Hijacker.22find C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon ~ Additionnel: Scanned in 00mn 15s ---\\ Product Upgrade Codes (O90) O90 - PUC: "17DE924FB8A4A754584E6F93C87EE385" . (.AV Input Selection.) -- C:\Windows\Installer\{F429ED71-4A8B-457A-85E4-F6398CE73E58}\ARPPRODUCTICON.exe ~ Update Products: 76 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 03/03/2008 16384 | (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe SR - | Auto 598016 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\bin32\nSvcAppFlt.exe SS - | Auto 15/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 15/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 163840 | (nSvcIp) . (...) - C:\Program Files\bin32\nSvcIp.exe SR - | Auto 25/04/2008 45056 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 131072 | (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 22/04/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by jean jacques at 02/04/2013 00:06:14 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce SATA Driver 1 ntkrnlpa!IofCallDriver[0x820F3FEF] => \Device\Harddisk0\DR0[0x85E7DAC8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by jean jacques at 02/04/2013 00:06:16 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s End of the scan (679 lines in 01mn 21s)(0) Merci d'avance pour votre aide car je ne connais pas les effets de ce virus.
×
×
  • Créer...