Jibs

Oui ils y sont encore, même quand je reboot et que je refait un scan avec Rogue Killer, il m'affiche toujours la même chose et finalement ne supprime rien... J'ai fait les deux premières étapes de ce que vous m'avez dit, voici les 2 rapports AdwCleaner et de JRT : © CJoint.com, 2012 => AdwCleaner[R1] © CJoint.com, 2012 => AdwCleaner[s1] © CJoint.com, 2012 => JRT Je vais maintenant effectuer le 3), je posterai le rapport dès que le scan de MBAM sera terminé ! En attendant merci beaucoup pour votre aide !

Bonsoir ! Cela fait plus de 24h que je me bat contre ce satané trojan. Il s'agit de Win32/sirefef.AB et Win32/sirefef.P. J'ai fait de multiples scan/reboot avec Rogue Killer dont voici le dernier rapport : RogueKiller V8.6.3 _x64_ [Jul 17 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : Forum Site Web : Télécharger RogueKiller (Site Officiel) Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : LAURENCE [Droits d'admin] Mode : Suppression -- Date : 07/17/2013 18:27:13 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT [ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++ --- User --- [MBR] 10190ad40b44bab49cc3f5458909bdf8 [bSP] 797752d2246d199be9f784e2c1c32309 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 463838 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD5000BEVT-22A0RT0 +++++ --- User --- [MBR] fe600eba04aadb4a515551c28e994c28 [bSP] f33e704ec38d5c6804bdf9ba48908d96 : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1966 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[0]_D_07172013_182713.txt >> RKreport[0]_D_07162013_234750.txt;RKreport[0]_D_07162013_235843.txt;RKreport[0]_D_07172013_000821.txt RKreport[0]_D_07172013_122716.txt;RKreport[0]_D_07172013_135922.txt;RKreport[0]_D_07172013_141603.txt RKreport[0]_D_07172013_143423.txt;RKreport[0]_D_07172013_144223.txt;RKreport[0]_D_07172013_145232.txt RKreport[0]_D_07172013_145701.txt;RKreport[0]_D_07172013_150157.txt;RKreport[0]_D_07172013_174035.txt RKreport[0]_D_07172013_181300.txt;RKreport[0]_S_07162013_234725.txt;RKreport[0]_S_07162013_235717.txt RKreport[0]_S_07172013_000811.txt;RKreport[0]_S_07172013_122534.txt;RKreport[0]_S_07172013_135343.txt RKreport[0]_S_07172013_135833.txt;RKreport[0]_S_07172013_141355.txt;RKreport[0]_S_07172013_143254.txt RKreport[0]_S_07172013_144211.txt;RKreport[0]_S_07172013_145013.txt;RKreport[0]_S_07172013_145642.txt RKreport[0]_S_07172013_150140.txt;RKreport[0]_S_07172013_174025.txt;RKreport[0]_S_07172013_181250.txt RKreport[0]_S_07172013_182704.txt Voici également le rapport de ZHPDiag : Rapport de ZHPDiag v2013.7.16.29 par Nicolas Coolman, Update du 17/07/2013 Run by LAURENCE at 18/07/2013 01:59:59 WebSite: Home - Malicius Software Information State : Problème connexion internet WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16635 GCIE: Google Chrome v28.0.1500.72 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection McAfee Internet Security Suite v11.6.511 McAfee Security Scan Plus v3.0.318.3 Windows Defender W7 ---\\ System Optimizer CCleaner v3.22 =>Piriform Ltd ---\\ Peer To Peer (P2P) eMule ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.1 MUI ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Sans échec (Fail-safe boot) Total RAM: 4090 MB (77% free) System Restore: Activé (Enable) System drive C: has 134 GB (29%) free of 453 GB ---\\ Logged in mode ~ Computer Name: LAURENCE-PC ~ User Name: LAURENCE ~ All Users Names: LAURENCE, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\LAURENCE\AppData\Roaming\ ~ %Desktop% : C:\Users\LAURENCE\Desktop\ ~ %Favorites% : C:\Users\LAURENCE\Favorites\ ~ %LocalAppData% : C:\Users\LAURENCE\AppData\Local\ ~ %StartMenu% : C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 134 Go of 453 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2587 ~ Mes musiques (My Musics) : 3/1323 ~ Mes Videos (My Videos) : 2/264 ~ Mes Favoris (My Favorites) : 1/30 ~ Mes Documents (My Documents) : 1/6484 ~ Mon Bureau (My Desktop) : 1/3909 ~ Menu demarrer (Programs) : 1/67 ~ Hidden Files: Scanned in 00mn 29s ---\\ Processus lancés [MD5.9F419AD2EBFF9044CA845484CFBEAC48] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7719936] [PID.1300] [MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288] [PID.1356] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [user Data\Default][HomePage] http://mystart.incredibar.com =>Adware.IncrediBar G2 - GCE: Preference [user Data\Default] [jaomfkhlibpgkpmjjkfjpfjhebhbgcah] Panel+ v.5.3.5 (Désactivé) G2 - GCE: Preference [user Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG SafeGuard toolbar v.15.3.0.11 (Désactivé) ~ Google Browser: 16 Legitimates Filtered in 00mn 14s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) M3 - MFPP: Plugins - [LAURENCE] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll P2 - FPN: [HKCU] [@IpsosPanelPlus@ipsosinteractive.com] - (.IDM - Ipsos communication pipe plugin.) -- C:\Users\LAURENCE\AppData\Local\Panel+\toolbar_ff\plugins\npIpsosCommPlugin.dll ~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- C:\Program Files\mcafee\msk\mskapbho.dll O2 - BHO: IB Updater Helper [64Bits] - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll =>Adware.InstallBrain O2 - BHO: AVG SafeGuard toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch ~ BHO: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [iAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKLM\..\Wow6432Node\Run: [Tutorials] Clé orpheline =>Spyware.AgenceExcusive O4 - HKLM\..\Wow6432Node\Run: [backupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3153984944-1611638011-4197923085-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd O4 - HKUS\S-1-5-21-3153984944-1611638011-4197923085-1000\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd O4 - GS\TaskBar: DAEMON Tools Lite.lnk . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - GS\TaskBar: Gestionnaire des tâches de Windows.lnk . (.Microsoft Corporation - Gestionnaire des tâches de Windows.) -- C:\Windows\System32\taskmgr.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: GeneaSoft par GeneaNet.lnk . (.GeneaNet - GeneaSoft par GeneaNet.) -- C:\Program Files (x86)\GeneaSoft par GeneaNet\GeneaSoft par GeneaNet.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENCE\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - GS\QuickLaunch: Free PDF to Word Converter.lnk . (.Free-PDF-to-Word.com - Free PDF to Word Converter.) -- C:\Program Files (x86)\Free PDF to Word Converter\PDF2Word.exe O4 - GS\QuickLaunch: GeneaSoft par GeneaNet.lnk . (.GeneaNet - GeneaSoft par GeneaNet.) -- C:\Program Files (x86)\GeneaSoft par GeneaNet\GeneaSoft par GeneaNet.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe O4 - GS\QuickLaunch: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - GS\Desktop: adsl TV.lnk . (.adsl TV / FM - adsl TV.) -- C:\Program Files (x86)\adslTV\adsltv.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: wordgen.lnk . (...) -- C:\Program Files (x86)\WinWordGen\winwordgen.exe O4 - Global Startup: C:\Users\LAURENCE\Desktop\Worms Reloaded.url . (...) -- C:\Users\LAURENCE\Desktop\Worms Reloaded.url O4 - GS\Desktop: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll ~ Winsock: 6 Legitimates Filtered in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CS1\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CS2\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CS2\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: McAfee Application Installer Cleanup (02 (0252641374103052mcinstcleanup) . (...) - C:\Windows\TEMP\025264~1.exe (.not file.) O23 - Service: IB Updater Updater (IB Updater Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe =>Adware.InstallBrain O23 - Service: (vToolbarUpdater15.3.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 23 Legitimates Filtered in 00mn 03s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OfferBoxUpdate.job [266] =>PUP.OfferBox ~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Black & White® 2 - (.Lionhead Studios.) [HKLM][64Bits] -- {D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B} O42 - Logiciel: Endless Space - (...) [HKLM][64Bits] -- Endless Space_is1 O42 - Logiciel: IB Updater 2.0.0.575 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain O42 - Logiciel: IB Updater Service - (...) [HKLM][64Bits] -- WNLT =>Adware.IncrediBar O42 - Logiciel: Panel+ - (.Ipsos.) [HKLM][64Bits] -- {71021155-C92D-4EFA-809B-B6F6C3957A8E} O42 - Logiciel: WinWordGen 1.0 - (...) [HKLM][64Bits] -- WinWordGen 1.0 ~ Logic: 120 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Complitly] =>Adware.PredictAd [HKCU\Software\IM] [HKCU\Software\ImInstaller] [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Ipsos] [HKCU\Software\Krillbite Studio] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\Russobit-M] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\TutoTag] =>Spyware.AgenceExcusive [HKCU\Software\Tutorials] =>Spyware.AgenceExcusive [HKCU\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\IB Updater] =>Adware.InstallBrain [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\PIP] [HKLM\Software\Wow6432Node\Paradox] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM ~ Key Software: 287 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/12/2012 - 19:57:58 - [1,137] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore O43 - CFD: 09/06/2013 - 03:40:58 - [60,318] ----D C:\Program Files (x86)\Defcon O43 - CFD: 09/06/2013 - 19:08:39 - [-1878,353] ----D C:\Program Files (x86)\Iceberg Interactive O43 - CFD: 04/04/2013 - 14:30:39 - [160,282] ----D C:\Program Files (x86)\PST O43 - CFD: 03/03/2012 - 12:57:29 - [0] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM O43 - CFD: 11/04/2013 - 14:33:25 - [2,457] ----D C:\Program Files (x86)\WinWordGen O43 - CFD: 25/02/2012 - 17:28:16 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 05/05/2011 - 20:20:52 - [0,001] ----D C:\ProgramData\Partner O43 - CFD: 04/04/2013 - 14:30:38 - [0,002] ----D C:\ProgramData\Pst O43 - CFD: 20/04/2013 - 01:29:19 - [1,198] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma O43 - CFD: 07/07/2013 - 20:02:33 - [0,007] ----D C:\Users\LAURENCE\AppData\Roaming\10tons O43 - CFD: 25/02/2012 - 17:28:15 - [0,008] ----D C:\Users\LAURENCE\AppData\Roaming\Babylon =>Toolbar.Babylon O43 - CFD: 08/07/2013 - 01:25:30 - [0,004] ----D C:\Users\LAURENCE\AppData\Roaming\com.northwayGames.Incredipede O43 - CFD: 29/12/2011 - 02:26:29 - [0,005] ----D C:\Users\LAURENCE\AppData\Roaming\OfferBox =>PUP.OfferBox O43 - CFD: 11/03/2013 - 21:44:34 - [6,973] ----D C:\Users\LAURENCE\AppData\Roaming\Panel+ O43 - CFD: 04/04/2013 - 14:38:46 - [3,024] ----D C:\Users\LAURENCE\AppData\Roaming\Pst O43 - CFD: 25/02/2012 - 17:28:20 - [3,745] ----D C:\Users\LAURENCE\AppData\Local\Babylon =>Toolbar.Babylon O43 - CFD: 11/03/2013 - 21:44:13 - [24,831] ----D C:\Users\LAURENCE\AppData\Local\Panel+ O43 - CFD: 04/04/2013 - 14:34:57 - [0,987] ----D C:\Users\LAURENCE\AppData\Local\Pst O43 - CFD: 07/07/2013 - 23:45:02 - [0,003] ----D C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eufloria O43 - CFD: 11/04/2013 - 14:25:40 - [0] ----D C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinWordGen 1.0 ~ Program Folder: 250 Legitimates Filtered in 02mn 21s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7E74E9FD62F1383AD546CDBB649FA976] - 18/07/2013 - 01:02:01 ---A- . (...) -- C:\Windows\ntbtlog.txt [235054] O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17600] O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17600] O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17600] O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17600] O44 - LFC:[MD5.F988ADC8AD0492B984D4600F337D7C4C] - 17/07/2013 - 14:02:53 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_17.07.2013_15.02.11_log.txt [143390] O44 - LFC:[MD5.82CB323ABC3299C0CCA433E9A4CD9F3A] - 16/07/2013 - 23:09:55 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_17.07.2013_00.08.49_log.txt [142368] O44 - LFC:[MD5.4D307533FD7D80AAF7147957A2F6986B] - 16/07/2013 - 22:36:44 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.35.18_log.txt [143954] O44 - LFC:[MD5.2F581093AB530E0C8BF1A9CF577CA8AC] - 16/07/2013 - 22:30:06 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.27.59_log.txt [144510] O44 - LFC:[MD5.67FF4F1492074790071713D04A052729] - 16/07/2013 - 22:25:38 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.23.53_log.txt [144510] ~ Files: 68 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.BBEB7434454CD61564497A78CEC33F31] - 16/07/2013 - 19:26:05 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-ED78563F.pf =>P2P.BitTorrent O45 - LFCP:[MD5.3F0DBC6789DF3573F92E5C699656FF75] - 17/07/2013 - 13:12:30 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-A4C46442.pf O45 - LFCP:[MD5.06BA987596D2A045F146BE6E61E46686] - 17/07/2013 - 16:45:22 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-BE0F6F46.pf O45 - LFCP:[MD5.008FC402DB42A4E9AF965055D3A00289] - 18/07/2013 - 00:16:26 ---A- - C:\Windows\Prefetch\MCINSUPD.EXE-616C7579.pf O45 - LFCP:[MD5.CB57321A272FA69B722FDBF61EB5C6B4] - 23/06/2013 - 21:23:28 ---A- - C:\Windows\Prefetch\BB_CHAOS.EXE-83913D29.pf O45 - LFCP:[MD5.DF2C87E2FEC567CF877048B25FDAB377] - 25/06/2013 - 18:19:09 ---A- - C:\Windows\Prefetch\DXLIST.EXE-5510F64F.pf O45 - LFCP:[MD5.B7C954BD66ED75D43F9BF00192C7449E] - 28/06/2013 - 00:57:45 ---A- - C:\Windows\Prefetch\E-STUDIO.EXE-487298C6.pf O45 - LFCP:[MD5.3591308F420C1F1E4B3814B8E709D996] - 28/06/2013 - 00:59:56 ---A- - C:\Windows\Prefetch\LICENSEMANAGER.EXE-54F25DE2.pf O45 - LFCP:[MD5.F2B43F229673E0D4A51795F8462F6F75] - 29/06/2013 - 18:35:20 ---A- - C:\Windows\Prefetch\E-MERGE.EXE-99A26BF6.pf O45 - LFCP:[MD5.C81D4EDBC7A5A313903A03C4B769ADB0] - 29/06/2013 - 18:40:20 ---A- - C:\Windows\Prefetch\E-DATAAID.EXE-8DC94306.pf ~ Prefetcher: 141 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{3dae5540-a725-11e2-bf5f-806e6f6e6963}\AutoRun\command. (...) -- G:\setup.exe (.not file.) O51 - MPSK:{94b0a38f-cb8c-11e2-b8c6-5cac4ca7d98d}\AutoRun\command. (...) -- E:\Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Kujytuo [Key] . (...) -- C:\Users\LAURENCE\AppData\Roaming\kujytuo.exe (.not file.) =>Virus.Kujytuo O53 - SMSR:HKLM\...\startupreg\Panel+ [Key] . (.Ipsos - PanelPlusService.) -- C:\Users\LAURENCE\AppData\Local\Panel+\service\PanelPlusService.exe O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.D5BCB77BE83CF99F508943945D46343D] - 26/03/2009 - 20:16:08 ---A- . (.Dritek System Inc. - Dritek 64-bit PS/2 Keyboard Filter Driver.) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys [25608] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 12/02/2002 - 20:23:00 ---A- C:\Users\LAURENCE\Downloads\Praetorians\ikernel.ex_ [344923] O61 - LFC: 15/07/2013 - 02:08:27 R--A- C:\Users\LAURENCE\Downloads\BB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY-DeGun TPB\Films et series sur www.OMGTORRENT.com.txt [60] O61 - LFC: 15/07/2013 - 02:08:27 R--A- C:\Users\LAURENCE\Downloads\BB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY-DeGun TPB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY.nfo [5367] O61 - LFC: 15/07/2013 - 02:16:35 R--A- C:\Users\LAURENCE\Downloads\BB\[www.OMGTORRENT.com] World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY.nfo [5367] O61 - LFC: 15/07/2013 - 03:13:58 R--A- C:\Users\LAURENCE\Videos\300 HDDVDRiP.x264.AC3-iDHD.mkv [4693522393] O61 - LFC: 15/07/2013 - 03:20:31 ---A- C:\Users\LAURENCE\Downloads\BB\New\Good morning England - VOST - Richard Curtis.wmv [1616653655] O61 - LFC: 15/07/2013 - 03:45:29 R--A- C:\Users\LAURENCE\Videos\300 VostFr\Lisez.Moi.txt [1164] O61 - LFC: 15/07/2013 - 12:06:56 -SHA- C:\Users\LAURENCE\Videos\Superman Returns\Thumbs.db [10240] O61 - LFC: 15/07/2013 - 15:00:42 ---A- C:\Users\LAURENCE\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_15_07_00_43.db [1406720] O61 - LFC: 16/07/2013 - 15:42:28 ---A- C:\Users\LAURENCE\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_16_07_42_31.db [1493248] O61 - LFC: 16/07/2013 - 15:42:48 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.3 [1024233] O61 - LFC: 16/07/2013 - 16:24:32 ---A- C:\Users\LAURENCE\Downloads\BB\New\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}.txt [442] O61 - LFC: 16/07/2013 - 16:30:05 ---A- C:\Users\LAURENCE\Downloads\BB\New\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}.rar [732955233] O61 - LFC: 16/07/2013 - 16:46:05 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.2 [1024018] O61 - LFC: 16/07/2013 - 17:00:59 ---A- C:\Users\LAURENCE\Downloads\BB\New\tnm-inception-720p.mkv [7041512439] O61 - LFC: 16/07/2013 - 17:18:38 ---A- C:\Users\LAURENCE\Documents\cc_20130716_181830.reg [63006] O61 - LFC: 16/07/2013 - 19:49:37 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\Torrent downloaded from Demonoid.me.txt [46] O61 - LFC: 16/07/2013 - 20:07:16 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\Bonus Content.zip [187398851] O61 - LFC: 16/07/2013 - 20:07:34 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\eXperience112.iso [1147092992] O61 - LFC: 16/07/2013 - 20:59:12 ---A- C:\Users\LAURENCE\Downloads\BB\New\Experience 112 FR + Crack\Experience 112.iso [4624875520] O61 - LFC: 16/07/2013 - 21:32:05 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\PanelPlusNet.sdf [86016] O61 - LFC: 16/07/2013 - 21:34:50 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.1 [1024111] O61 - LFC: 16/07/2013 - 21:39:08 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt [3779] O61 - LFC: 16/07/2013 - 21:39:40 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\service.txt [663967] O61 - LFC: 16/07/2013 - 21:40:22 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\toolbar.sdf [413696] O61 - LFC: 17/07/2013 - 14:17:43 ---A- C:\Users\LAURENCE\Downloads\mbam-setup-1.75.0.1300.exe [10285040] O61 - LFC: 17/07/2013 - 16:34:33 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\First Run [0] O61 - LFC: 17/07/2013 - 16:34:58 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744] O61 - LFC: 17/07/2013 - 16:45:36 ---A- C:\Users\LAURENCE\Downloads\FRST64.exe [1778209] O61 - LFC: 17/07/2013 - 17:30:31 ---A- C:\Users\LAURENCE\Downloads\seaf.exe [498868] O61 - LFC: 17/07/2013 - 22:36:45 -SHA- C:\Users\LAURENCE\Videos\300 VostFr\Thumbs.db [20992] O61 - LFC: 17/07/2013 - 22:36:46 -SHA- C:\Users\LAURENCE\Videos\JR [DVDRIP]\Thumbs.db [8704] O61 - LFC: 17/07/2013 - 22:38:36 -SHA- C:\Users\LAURENCE\Videos\Thumbs.db [740352] O61 - LFC: 18/07/2013 - 00:35:17 ---A- C:\Users\LAURENCE\Downloads\fairyta.bat [188] O61 - LFC: 18/07/2013 - 00:35:21 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [258723] O61 - LFC: 18/07/2013 - 00:48:56 ---A- C:\Users\LAURENCE\Downloads\OTM.exe [522240] O61 - LFC: 18/07/2013 - 00:59:38 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Local State [32487] O61 - LFC: 27/05/1999 - 11:17:52 ---A- C:\Users\LAURENCE\Downloads\WA\WA2\Install\_INST32I.EX_ [320127] ~ 11 Fichiers temporaires (Temporary files) ~ Files: 702 Legitimates Filtered in 00mn 26s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 15/03/2013 - C:\Windows\system32\drivers\aksdf.sys (aksdf) .(.SafeNet Inc. - Safenet Inc. Sentinel Data Filter Driver.) - LEGACY_AKSDF O64 - Services: CurCS - 15/06/2012 - C:\Windows\System32\Drivers\PRTDRV.sys (PRTDRV) .(.Psychology Software Tools - Port Driver.) - LEGACY_PRTDRV ~ Legacy: 91 Legitimates Filtered in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - Babylon Search =>Adware.IMBooster O69 - SBI: SearchScopes [HKCU] {571C3EF3-5DBA-4427-BBF7-D8A6E41C1337} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) H:\Mark.of.the.Ninja.v1.0.multi6.cracked-THETA\!!Mreader.exe H:\Mark.of.the.Ninja.v1.0.multi6.cracked-THETA\Mark of the Ninja.exe ~ Files: Scanned in 01mn 14s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.6ACBD475647D7A160657CB3E460F0F35] [sPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472] [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][15/04/2011] (...) -- C:\Users\LAURENCE\AppData\Roaming\wklnhst.dat [0] [MD5.AEDB6AA9598337DA300942DEF6B5EFC5] [sPRF][16/07/2013] (.AVAST Software - avast! Antirootkit.) -- C:\Users\LAURENCE\Desktop\aswMBR.exe [4745728] [MD5.E8D3E34FFDAF21DF7C09CBBBA5763237] [sPRF][16/07/2013] (.ESET - ESET Smart Installer.) -- C:\Users\LAURENCE\Desktop\esetsmartinstaller_enu.exe [2347384] [MD5.59A46F65BBDAF49DEF0257F7D0017571] [sPRF][18/07/2013] (...) -- C:\Users\LAURENCE\Desktop\fairyta.bat [188] [MD5.BE36FC21D6ED7E665A9310CF23E4640E] [sPRF][16/07/2013] (.Symantec Corporation - Zero Access Fix Tool.) -- C:\Users\LAURENCE\Desktop\FixZeroAccess.exe [1805736] [MD5.683FDD3D773C58B262DC07CD0C6CE938] [sPRF][16/07/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\LAURENCE\Desktop\mbam-setup-1.75.0.1300.exe [10285040] [MD5.30FADBA93E9430A63F19DA9935DE4369] [sPRF][14/09/2011] (.Gabest - Media Player Classic.) -- C:\Users\LAURENCE\Desktop\mplayerc.exe [4411392] [MD5.430A389AE785F228F28234D7C161D351] [sPRF][17/07/2013] (...) -- C:\Users\LAURENCE\Desktop\RogueKillerX64.exe [3778560] [MD5.95A960B7C3C05CB9BBF0EDD80086F770] [sPRF][17/07/2013] (.C_XX - SEAF.) -- C:\Users\LAURENCE\Desktop\seaf.exe [498868] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12771 - (17/07/2013) Clés trouvées (Keys found) : 95 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 16 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>PUP.ToparcadeHits [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA}] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7555B87D-D711-48B2-B97D-04DF700652BA}] =>Adware.Boxore [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso [HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso [HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.Agent [HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso [HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.Agent [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fjglfdldpdljgfjkfgieaocdapejkdlh] =>Adware.Boxore [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca] =>Adware.IncrediBar [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox [HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>Toolbar.Tarma [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\WNLT] =>Adware.IncrediBar [HKCU\Software\Complitly] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA8002CF-2914-493A-B7E8-79740E2E15DB}] =>Toolbar.Babylon [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Wow6432Node\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\BabylonHelper.EXE] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Mozilla\Firefox\Extensions]:offerbox@spointer.com =>Adware.SPointer C:\Program Files (x86)\Boxore =>Adware.Boxore C:\Program Files (x86)\Software =>Adware.Boxore C:\Program Files (x86)\SweetIM =>PUP.SweetIM C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\Babylon =>Toolbar.Babylon C:\ProgramData\Software =>Adware.Boxore C:\ProgramData\Partner =>Spyware.Partner C:\Users\LAURENCE\AppData\Roaming\Babylon =>Toolbar.Babylon C:\Users\LAURENCE\AppData\Roaming\OfferBox =>PUP.OfferBox C:\Users\LAURENCE\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch C:\Users\LAURENCE\AppData\Local\Babylon =>Toolbar.Babylon C:\Users\LAURENCE\AppData\Local\Software =>Adware.Boxore C:\Users\LAURENCE\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon C:\Users\LAURENCE\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar C:\Users\LAURENCE\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch ~ Additionnel Scan: 294812 Items scanned in 00mn 19s ---\\ Product Upgrade Codes (O90) O90 - PUC: "0462B58F8EDCA834486F112B0B23DE64" . (.E-Prime 2.0 (2.0.10.242).) -- C:\Windows\Installer\{F85B2640-CDE8-438A-84F6-11B2B032ED46}\ARPPRODUCTICON.exe ~ Update Products: 140 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 0 | (0252641374103052mcinstcleanup) . (...) - C:\Windows\TEMP\025264~1.exe SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe SS - | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SS - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe SS - | Auto 30/09/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SS - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe SS - | Auto 11/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Auto 15/03/2013 4466120 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Auto 05/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe SS - | Auto 188760 | (IB Updater Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe =>Adware.InstallBrain SS - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe SS - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 04/05/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SS - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SS - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SS - | Auto 11/07/2013 1598128 | (vToolbarUpdater15.3.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by LAURENCE at 18/07/2013 02:05:44 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Malicius Software Information ~ Adware.Incredibar - Malicius Software Information =>Adware.Incredibar ~ Toolbar.Babylon - Malicius Software Information =>Toolbar.Babylon ~ Adware.InstallBrain - Malicius Software Information =>Adware.InstallBrain ~ PUP.OfferBox - Malicius Software Information =>PUP.OfferBox ~ Adware.PriceGong - Malicius Software Information =>Adware.PriceGong ~ Adware.SmartSuggestor - Malicius Software Information =>Adware.SmartSuggestor ~ Hijacker.SmartBar - Malicius Software Information =>Hijacker.SmartBar ~ Adware.PredictAd - Malicius Software Information =>Adware.PredictAd ~ Adware.InstallCore - Malicius Software Information =>Adware.InstallCore ~ Toolbar.Conduit - Malicius Software Information =>Toolbar.Conduit ~ PUP.SweetIM - Malicius Software Information =>PUP.SweetIM ~ Toolbar.Tarma - Malicius Software Information =>Toolbar.Tarma ~ Adware.Boxore - Malicius Software Information =>Adware.Boxore ~ Virus.Kujytuo - Malicius Software Information =>Virus.Kujytuo ~ Adware.IMBooster - Malicius Software Information =>Adware.IMBooster ~ PUP.ToparcadeHits - Malicius Software Information =>PUP.ToparcadeHits ~ Adware.Yontoo - Malicius Software Information =>Adware.Yontoo ~ Toolbar.Ask - Malicius Software Information =>Toolbar.Ask ~ Spyware.AgenceExclusive - Malicius Software Information =>Spyware.AgenceExclusive ~ Adware.SPointer - Malicius Software Information =>Adware.SPointer ~ Spyware.Partner - Malicius Software Information =>Spyware.Partner ~ MSI: 21 link(s) detected in 00mn 04s ~ 1970 Legitimates filtered by white list End of the scan (727 lines in 05mn 46s)(2) J'ai également essayé TDSSKiller et MalwareByte sans succès... Il me reste toujours ces deux fichiers "Desktop.ini" que je n'arrive pas à supprimer. Je tente un scan avec Microsoft Safety Scanner en ce moment même, je posterais le rapport demain matin. Si quelqu'un peu m'aider je lui serais vraiment reconnaissant. Merci d'avance. Jibs