Aller au contenu

lennon

Membres
  • Compteur de contenus

    8
  • Inscription

  • Dernière visite

lennon's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Oups désolé pour le rapport. Merci en tout cas pour tous vos conseils.
  2. oui et depuis plus aucune trace. Comment savoir s'il est "mort" ?
  3. Ca y est !!! Je lance mozilla et là je tombe sur ma page d'accueil habituelle. Je pense donc que le virus est "tué" non ?
  4. Voici le nouveau 1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 19:45:06 le 29/04/2013 4. 5. Valeur(s) recherchée(s): 6. Qvo6 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Calcul du Hash "MD5" 11. (!) --- Informations supplémentaires 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) ====== 15. 16. Aucun fichier trouvé 17. 18. 19. ====== Entrée(s) du registre ====== 20. 21. Aucun élément dans le registre trouvé 22. 23. ========================= 24. 25. Fin à: 19:48:36 le 29/04/2013 26. 370362 Éléments analysés 27. 28. ========================= 29. E.O.F
  5. c'est fait voici le rapport: 1. ========================= SEAF 1.0.1.0 - C_XX 2. 3. Commencé à: 19:19:01 le 29/04/2013 4. 5. Valeur(s) recherchée(s): 6. QV06 7. 8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès 9. 10. (!) --- Calcul du Hash "MD5" 11. (!) --- Informations supplémentaires 12. (!) --- Recherche registre 13. 14. ====== Fichier(s) ====== 15. 16. Aucun fichier trouvé 17. 18. 19. ====== Entrée(s) du registre ====== 20. 21. Aucun élément dans le registre trouvé 22. 23. ========================= 24. 25. Fin à: 19:22:17 le 29/04/2013 26. 370241 Éléments analysés 27. 28. ========================= 29. E.O.F
  6. Opération effectuée et PC redemmaré mais malheureusement, ça continue. Veux tu que je recommence dès le début toutes les opérations ?
  7. Bonjour. Désolé pour ce trop grand laps de temps entre votre réponse et maintenant mais PC HS . Sinon, j'ai bien fait votre manip mais lorsque j'ouvre mozilla, je retombe à nouveau sur la page d'accueil qv06. Que faire ? Merci d'avance.
  8. Bonjour. Comme beaucoup en ce moment je suis infecté par QVO6. J'ai fait toutes les étapes des autres sujets c'est à dire adwcleaner puis jrt et zhp diag. le 1er: # AdwCleaner v2.115 - Rapport créé le 01/04/2013 à 23:40:27 # Mis à jour le 17/03/2013 par Xplode # Système d'exploitation : Windows Vista Home Premium Service Pack 1 (32 bits) # Nom d'utilisateur : jean jacques - PC-DE-JEANJACQU # Mode de démarrage : Normal # Exécuté depuis : C:\Users\jean jacques\Desktop\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj ***** [Registre] ***** ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.19088 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v19.0.2 (fr) Fichier : C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v26.0.1410.43 Fichier : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [25563 octets] - [05/03/2013 19:43:02] AdwCleaner[s2].txt - [1187 octets] - [01/04/2013 23:40:27] ########## EOF - C:\AdwCleaner[s2].txt - [1247 octets] ########## le 2eme (JRT): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.8 (03.31.2013:1) OS: Windows Vista Home Premium x86 Ran by jean jacques on 01/04/2013 at 23:59:41,55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\jean jacques\AppData\Roaming\mozilla\firefox\profiles\581fpvej.default\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02/04/2013 at 0:04:15,21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ le 3eme (ZHP): Rapport de ZHPDiag v2013.4.1.5 par Nicolas Coolman, Update du 01/04/2013 Run by jean jacques at 02/04/2013 00:04:55 State : Version à jour. High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.19088 MFIE: Mozilla Firefox 19.0.2 v19.0.2 GCIE: Google Chrome v26.0.1410.43 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 6CJ97 Windows License : OK Windows Automatic Updates : OK ---\\ System Information ~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2813 MB (66% free) System Restore: Activé (Enable) System drive C: has 359 GB (78%) free of 457 GB ---\\ Logged in mode ~ Computer Name: PC-DE-JEANJACQU ~ User Name: jean jacques ~ All Users Names: jean jacques, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\jean jacques\AppData\Roaming\ ~ %Desktop% : C:\Users\jean jacques\Desktop\ ~ %Favorites% : C:\Users\jean jacques\Favorites\ ~ %LocalAppData% : C:\Users\jean jacques\AppData\Local\ ~ %StartMenu% : C:\Users\jean jacques\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 359 Go of 457 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go) E:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480] [MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\Windows\System32\Winlogon.exe [314880] [MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:23:00.) -- C:\Windows\system32\Drivers\atapi.sys [21560] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 03:23:02.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 03:23:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984] [MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 03:24:59.) -- C:\Windows\system32\Drivers\netBT.sys [184320] [MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 03:25:00.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 03:24:53.) -- C:\Windows\system32\Drivers\tdx.sys [71680] [MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/01/2008 - 03:23:21.) -- C:\Windows\system32\Drivers\volsnap.sys [227896] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/38 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/45 ~ Mes Documents (My Documents) : 1/110 ~ Mon Bureau (My Desktop) : 1/321 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.2712] [MD5.151B2D097C7182898387994CEA34890B] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [5369856] [PID.2892] [MD5.D7EE83A9257D508656172A2B9DD3C317] - (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672] [PID.2936] [MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2996] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3008] [MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.3028] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3228] [MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.3320] [MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3372] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3696] [MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3104] [MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1288] [MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3572] [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.2504] [MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508336] [PID.5512] [MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.6020] [MD5.32F68A4A3CEA6F7A3644E4DC00BFD7F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6340608] [PID.2392] [MD5.88426F9A9BF0AD2358C3CC4FBB1B1C62] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.948] [MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1276] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1608] [MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [PID.2552] [MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2660] [MD5.A2B6583A5652A385DFF5E4F49AD48761] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056] [PID.2768] [MD5.40B87FE8A1A9A5AC9E5A91D96F212BCD] - (...) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [PID.2912] [MD5.283195C5301EADBCF56DEE637573ED12] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\bin32\nSvcAppFlt.exe [598016] [PID.3392] [MD5.3C7BD1EC817D300A8826D49C406D5894] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\bin32\nSvcIp.exe [163840] [PID.3456] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] Qvo6.com ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [jean jacques - 581fpvej.default] Google P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_37] - (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Windows\system32\npdeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - (.McAfee, Inc. - McAfee MSS+ NPAPI Plugin.) -- C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} Clé orpheline O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ BHO: 12 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{0BF43445-2F28-4351-9252-17FE6E806AA0} Clé orpheline O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe O4 - HKLM\..\Run: [bkupTray] . (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Incorporated - WR_PopUp.) -- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com O4 - GS\QuickLaunch: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com O4 - GS\Desktop: Mes numérisations - Raccourci.lnk . (...) -- C:\Users\jean jacques\Documents\Mes numérisations O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Microsoft Office.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 6 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) ~ Services: 9 Legitimates Scanned in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\jean jacques\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] [MD5.343E9EFB16136611B0322A1E94353C41] [APT] [Norton Security Scan for jean jacques] (.Symantec Corporation.) -- C:\Program Files\NORTON~2\Engine\351~1.8\Nss.exe [641464] [MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D9E8DCEC-1FF7-47BF-B729-0D30D4785204}] (...) -- D:\Poker 770\_SetupCasino.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F466122A-EC29-4560-9DAC-6D62F5639460}] (...) -- G:\livebox.exe (.not file.) [0] ~ Scheduled Task: 20 Legitimates Scanned in 00mn 02s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 13 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 86 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AV Input Selection - (.YUAN.) [HKLM] -- {F429ED71-4A8B-457A-85E4-F6398CE73E58} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems, Inc..) [HKLM] -- {922E8525-AC7E-4294-ACAA-43712D4423C0} O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 8.1.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003} O42 - Logiciel: Java 6 Update 37 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216037FF} O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast ~ Logic: 66 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Casino] [HKCU\Software\Full Tilt Poker] [HKCU\Software\Poker 770] [HKLM\Software\Full Tilt Poker] [HKLM\Software\Poker 770] [HKLM\Software\SimDebug] [HKLM\Software\V9] [HKLM\Software\deskSvc] [HKLM\Software\qvo6Software] ~ Key Software: 147 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/05/2008 - 03:33:45 - [31,007] ----D C:\Program Files\bin32 O43 - CFD: 26/01/2011 - 05:01:54 - [0,175] ----D C:\Program Files\Full Tilt Poker O43 - CFD: 09/05/2008 - 03:33:37 - [0] ----D C:\Program Files\log O43 - CFD: 02/03/2013 - 21:22:27 - [11,498] ----D C:\Program Files\McAfee Security Scan O43 - CFD: 01/04/2013 - 20:44:44 - [0] ----D C:\Program Files\PDFReader O43 - CFD: 09/05/2008 - 03:33:44 - [0,061] ----D C:\Program Files\profile O43 - CFD: 11/10/2006 - 00:34:57 - [1,884] ----D C:\Program Files\YUAN O43 - CFD: 01/04/2013 - 20:50:14 - [28,816] ----D C:\Program Files\Common Files\337 O43 - CFD: 08/05/2012 - 18:43:20 - [0,003] ----D C:\Program Files\Common Files\Java(7) O43 - CFD: 05/03/2013 - 20:04:17 - [0,003] ----D C:\Program Files\Common Files\Java( O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\ProgramData\eMule O43 - CFD: 28/03/2013 - 04:12:48 - [0,001] ----D C:\ProgramData\McAfee Security Scan O43 - CFD: 01/04/2013 - 20:38:19 - [0,000] ----D C:\Users\jean jacques\AppData\Roaming\DSite O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\Users\jean jacques\AppData\Local\eMule O43 - CFD: 18/03/2010 - 19:21:48 - [0,013] ----D C:\Users\jean jacques\AppData\Local\FullTiltPoker ~ Program Folder: 160 Legitimates Scanned in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.36C490CCC75DB8FBF643516F38C40D92] - 01/04/2013 - 22:59:26 ---A- . (...) -- C:\AdwCleaner[s3].txt [388] O44 - LFC:[MD5.FF4EE77016D263CCBFF0F0AC2BCB70EF] - 01/04/2013 - 22:59:18 ---A- . (...) -- C:\AdwCleaner[R2].txt [1180] O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 01/04/2013 - 22:49:32 ---A- . (...) -- C:\Windows\System32\agent.log [147] O44 - LFC:[MD5.9EDA7F415FCBE742A0850985D58FF9B8] - 01/04/2013 - 22:40:44 ---A- . (...) -- C:\AdwCleaner[s2].txt [1316] O44 - LFC:[MD5.EB1D986612EE9FB6A57F207B349EE15A] - 31/03/2013 - 17:36:18 ---A- . (...) -- C:\Windows\hpoins46.dat [217545] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:32:54 ---A- . (...) -- C:\Creator.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:43 ---A- . (...) -- C:\PnR.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:40 ---A- . (...) -- C:\CLMS.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:14 ---A- . (...) -- C:\SDMA.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:50 ---A- . (...) -- C:\MDR.log [90] O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:20 ---A- . (...) -- C:\MDisc.log [90] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/03/2013 - 19:17:28 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0] O44 - LFC:[MD5.9E9586057ABEA3157B49D44AA6450CCD] - 11/06/2009 - 04:02:28 ----- . (...) -- C:\Windows\hpomdl46.dat.temp [606] ~ Files: 39 Legitimates Scanned in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1214CECC1C2F3F23C4DCECC33329756E] - 01/04/2013 - 20:39:35 ---A- - C:\Windows\Prefetch\HPQDIREC.EXE-6B6EA665.pf O45 - LFCP:[MD5.F0A65C2576668FE999B8CB61DF417F95] - 01/04/2013 - 21:58:24 ---A- - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf O45 - LFCP:[MD5.26371395751832F3D1C966AE049AD5E9] - 01/04/2013 - 21:58:25 ---A- - C:\Windows\Prefetch\HPQBAM08.EXE-5B656772.pf O45 - LFCP:[MD5.8CDB2DB299102047FACACBD9969BFED6] - 01/04/2013 - 21:58:26 ---A- - C:\Windows\Prefetch\HPQGPC01.EXE-92C87699.pf O45 - LFCP:[MD5.2F9CFE8C44F4D6619CB5BCD5C43DC4EF] - 01/04/2013 - 22:26:58 ---A- - C:\Windows\Prefetch\EHMSAS.EXE-2D3B2F21.pf O45 - LFCP:[MD5.7407782011A1D1B66B78180374425CBF] - 08/03/2013 - 17:03:16 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-28D2775E.pf O45 - LFCP:[MD5.E5B15C14637B795557DEC1C3EE44440D] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-F43399FA.pf O45 - LFCP:[MD5.C0318E59AC3175849EE8C327F7F98D80] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-BF15185E.pf O45 - LFCP:[MD5.7E1121623AC070D9DD174BCFAD012AF3] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\NSAFE.TMP-F24C7805.pf O45 - LFCP:[MD5.BD7C77A8159DCD7960B95ECD47C7F6A6] - 12/03/2013 - 07:15:15 ---A- - C:\Windows\Prefetch\HPQTRA08.EXE-B5C3CA4D.pf O45 - LFCP:[MD5.7BB7A7386FC6216662A98A7AE7065085] - 12/03/2013 - 19:34:31 ---A- - C:\Windows\Prefetch\NSS.EXE-CF6B0ED9.pf O45 - LFCP:[MD5.09C349B92E2A56979059550C49D39C56] - 13/03/2013 - 10:51:39 ---A- - C:\Windows\Prefetch\FLASHPLAYERINSTALLER.EXE-7A827B6D.pf O45 - LFCP:[MD5.9072188FC14B05021DF598DF2F79B893] - 20/03/2013 - 02:36:52 ---A- - C:\Windows\Prefetch\AGENTSVC.EXE-EDF9C0DC.pf O45 - LFCP:[MD5.0F36FD0C1F34D1395D7E4F8080B92E47] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\BKUPTRAY.EXE-5F69D960.pf O45 - LFCP:[MD5.212F6495ACFBD0319815B0CB5E8F6847] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\SCHEDULERSVC.EXE-F3CF4F15.pf O45 - LFCP:[MD5.4548989FB81AC4D724058030AC519265] - 29/03/2013 - 18:08:38 ---A- - C:\Windows\Prefetch\NSS.EXE-08DE1F60.pf O45 - LFCP:[MD5.4D5BEA817AD34DFFEE734AE285A6BA25] - 30/03/2013 - 20:22:11 ---A- - C:\Windows\Prefetch\MCUICNT.EXE-9B22BF7E.pf O45 - LFCP:[MD5.D1F29E5D9723F378B4DAC5B572E0AE67] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQPPROP.EXE-54B2B73F.pf O45 - LFCP:[MD5.B59FEBEF30529AFCD69AEF021165DA33] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQTBX01.EXE-5B14679D.pf O45 - LFCP:[MD5.99344DA37007326A75F14223BDB60BBF] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSHL01.EXE-CDB7A7A8.pf O45 - LFCP:[MD5.03C0754DB7D3E5E6038ADEDF19CB4800] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSTUB.EXE-7C5D0C95.pf O45 - LFCP:[MD5.E5E1B4EB3CC40F0516F600790331DA04] - 31/03/2013 - 17:36:29 ---A- - C:\Windows\Prefetch\HPZHSG01.EXE-4048C477.pf O45 - LFCP:[MD5.01717D9A013F67AEFC427FE5140D8DA2] - 31/03/2013 - 17:37:45 ---A- - C:\Windows\Prefetch\SETUP_GUIDE.EXE-72E9BBFD.pf O45 - LFCP:[MD5.9AC646BE1E889BED5F7C2EB39DA31072] - 31/03/2013 - 17:39:08 ---A- - C:\Windows\Prefetch\HPZDUI01.EXE-91EC6427.pf ~ Prefetcher: 140 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 3 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 18 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/04/2013 - 17:25:24 ---A- C:\Users\jean jacques\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.43\26.0.1410.43_25.0.1364.172_chrome_updater.exe [11304288] O61 - LFC: 01/04/2013 - 17:25:44 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\setup.exe [1642448] O61 - LFC: 01/04/2013 - 17:26:00 R--A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\chrome.7z [122395900] O61 - LFC: 01/04/2013 - 17:26:12 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\VisualElementsManifest.xml [396] O61 - LFC: 01/04/2013 - 18:18:54 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163] O61 - LFC: 01/04/2013 - 18:54:49 ---A- C:\Users\jean jacques\Downloads\PDFCreator-1_6_2_setup.exe [17464864] O61 - LFC: 01/04/2013 - 19:09:44 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\4202808359 [14552] O61 - LFC: 01/04/2013 - 19:13:50 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505] O61 - LFC: 01/04/2013 - 19:13:51 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337] O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\OptimizationSettings\QualitySettings.xml [2128] O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\817012237 [14385] O61 - LFC: 01/04/2013 - 19:26:26 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar\broker_metrics.xml [2743] O61 - LFC: 01/04/2013 - 19:37:04 ---A- C:\Users\jean jacques\Downloads\PDFReaderSetup.exe [653584] O61 - LFC: 01/04/2013 - 19:38:19 ---A- C:\Users\jean jacques\AppData\Roaming\DSite\UpdateProc\prod.dat [31] O61 - LFC: 01/04/2013 - 19:48:45 ---A- C:\Users\jean jacques\Downloads\sun-pdf-import-extension-windows-downloader.exe [145866] O61 - LFC: 01/04/2013 - 19:49:25 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eGdpSvc.exe [969280] O61 - LFC: 01/04/2013 - 19:49:32 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eXQ.exe [691256] O61 - LFC: 01/04/2013 - 19:55:31 ---A- C:\Users\jean jacques\Downloads\pdf24-creator-5.4.0.exe [15898712] O61 - LFC: 01/04/2013 - 20:16:08 ---A- C:\Users\jean jacques\Downloads\nitro_pdf_pro_32_dlm.exe [1451400] O61 - LFC: 01/04/2013 - 20:17:48 ---A- C:\Users\jean jacques\AppData\Roaming\Downloaded Installations\{F4022F19-96A2-4B2D-B5AA-DAA72206C318}\{A098E759-960F-4279-952A-B7995278D5FF}.msi [171335680] O61 - LFC: 01/04/2013 - 20:19:47 ---A- C:\Users\jean jacques\AppData\Roaming\FileOpen\Fowpmadi.txt [60] O61 - LFC: 01/04/2013 - 20:38:43 ---A- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126] O61 - LFC: 01/04/2013 - 20:39:35 ---A- C:\Users\jean jacques\AppData\Roaming\HP\ScLogs\SolutionCenter.htm [51560] O61 - LFC: 01/04/2013 - 20:41:17 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\OIS\Toolbars.dat [666] O61 - LFC: 01/04/2013 - 21:07:21 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Local State [25867] O61 - LFC: 01/04/2013 - 21:07:22 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] ~ 39 Fichiers temporaires (Temporary files) ~ Files: 128 Legitimates Scanned in 00mn 02s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) ~ Legacy: 77 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Keys: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe" Qvo6.com O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 31 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.3DA292CF3335CCBCD6E077FE7BEC8E85] [sPRF][26/02/2013] (...) -- C:\Users\jean jacques\AppData\Local\d3d9caps.dat [1356] [MD5.399027C21521470E0C51A3D1B53C517E] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\HomePageQvo6.exe [235299] [MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/03/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\mlv_ar_qvo6.exe [93776] [MD5.0D66DD89DED055BED52F0137C863ED9B] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\NitroSysFonts01.dat [322939] [MD5.2A436F48A34FD5115745782830FE94CA] [sPRF][01/04/2013] (.Nitro PDF Software - Installation and setup files for Nitro PDF Professional (fr-FR).) -- C:\Users\jean jacques\AppData\Local\Temp\nitro_pro8.exe [45635128] [MD5.36179B382A989075FF5FA282434F6892] [sPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe [394736] [MD5.FA015A8FE1D5717B950BD5067C202CCD] [sPRF][15/05/2009] (...) -- C:\Users\jean jacques\AppData\LocalLow\prvlcl.dat [188496] [MD5.938CB5882EB4873608BDE711AA28BCFF] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126] [MD5.EC4961D7E0F6ACEF4E8446E062048D88] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\Desktop\adwcleaner.exe [609993] [MD5.848AC3CDFC084212914E873629FC974F] [sPRF][01/04/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\jean jacques\Desktop\JRT.exe [550772] ~ Files: Scanned in 00mn 04s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{5CAB4D76-BB08-4DF5-AE39-60EBC8819404}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "UDP Query User{19066067-107E-4158-A8FD-1E8C394B335B}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.) O87 - FAEL: "{77AE73EB-8112-46AF-80D7-88515F995292}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) O87 - FAEL: "{A1FE1C5D-2C20-4E9C-B7B1-7F07976CFF05}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) ~ Firewall: 196 Legitimates Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11360 - (01/04/2013) Clés trouvées (Keys found) : 9 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKCU\Software\poker 770] =>Adware.Casino [HKLM\Software\poker 770] =>Adware.Casino [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find [HKLM\Software\qvo6Software] =>Hijacker.Qvo6 C:\Program Files\Common Files\337 =>Hijacker.22find C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon ~ Additionnel: Scanned in 00mn 15s ---\\ Product Upgrade Codes (O90) O90 - PUC: "17DE924FB8A4A754584E6F93C87EE385" . (.AV Input Selection.) -- C:\Windows\Installer\{F429ED71-4A8B-457A-85E4-F6398CE73E58}\ARPPRODUCTICON.exe ~ Update Products: 76 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 03/03/2008 16384 | (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe SR - | Auto 598016 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\bin32\nSvcAppFlt.exe SS - | Auto 15/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 15/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 163840 | (nSvcIp) . (...) - C:\Program Files\bin32\nSvcIp.exe SR - | Auto 25/04/2008 45056 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 131072 | (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 22/04/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by jean jacques at 02/04/2013 00:06:14 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce SATA Driver 1 ntkrnlpa!IofCallDriver[0x820F3FEF] => \Device\Harddisk0\DR0[0x85E7DAC8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by jean jacques at 02/04/2013 00:06:16 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s End of the scan (679 lines in 01mn 21s)(0) Merci d'avance pour votre aide car je ne connais pas les effets de ce virus.
×
×
  • Créer...