paulo86

Membres

Afficher le profil Afficher son activité

Compteur de contenus
1
Inscription
le 18 août 2013
Dernière visite
le 20 août 2013

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par paulo86

Comment supprimer VisualBee ?

paulo86 a posté un sujet dans Analyses et éradication malwares

Bonjour, j'essaye de supprimer visualbee, sans succès. Il est déjà supprimé de mes moteurs de recherches, de mes programmes, j'ai déjà fait tourner malwarebytes, mais quand j'ouvre un nouvel onglet sur mozilla, visualbee apparait encore! J'ai lu sur une autre page du forum de ce site que quelqu'un avait eu le même problème...j'ai donc suivi la même démarche, en utilisant ZHPDiag. Voici le rapport que j'ai obtenu : ~ Rapport de ZHPDiag v2013.8.17.25 - Nicolas Coolman (17/08/2013) ~ Lancé par palevy (18/08/2013 12:04:09) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.7601.17514 MFIE: Mozilla Firefox 23.0.1 (Defaut) GCIE: Google Chrome v28.0.1500.95 ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista Business Edition, 32-bit (Build 6000) Windows Server License Manager Script : OK ~ Windows® 7, VOLUME_MAK channel Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK ---\\ Logiciels de protection du système avast! Free Antivirus v7.0.1474.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.1.0522.0 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader 9.5.5 - Français Java 7 Update 25 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3240 MB (41% free) System Restore: Désactivé (Disabled) System drive C: has 173 GB (74%) free of 233 GB ---\\ Mode de connexion au système ~ Computer Name: L-BE-14771 ~ User Name: palevy ~ All Users Names: Guest, Altran, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\palevy\AppData\Roaming\ ~ %Desktop% : C:\Users\palevy\Desktop\ ~ %Favorites% : C:\Users\palevy\Favorites\ ~ %LocalAppData% : C:\Users\palevy\AppData\Local\ ~ %StartMenu% : C:\Users\palevy\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 173 Go of 233 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.42C671E0525618E23371D0E68282F37C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/10/2012 - 07:26:55.) -- C:\Windows\System32\wininet.dll [981504] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - NT File System Driver.) (.31/08/2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/3410 ~ Mes musiques (My Musics) : 1/481 ~ Mes Videos (My Videos) : 1/8 ~ Mes Favoris (My Favorites) : 1/62 ~ Mes Documents (My Documents) : 4/262 ~ Mon Bureau (My Desktop) : 1/336 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés au démarrage su système [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2576] [MD5.8F64B17B4E000081C70393C24292F034] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [488816] [PID.792] [MD5.5B81B8DD1BC00584113F1208FC9F0799] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [143384] [PID.2348] [MD5.B99A8044B17C0E10507CA8EDB5D33A8B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177176] [PID.2412] [MD5.91D3DF8C4CC95359BEEE51E7FD30E821] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.2564] [MD5.5335A701EAA54F879520892E2395265F] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [536668] [PID.3812] [MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.2848] [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.3672] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2928] [MD5.F108D6DD4FF65B362FAC52FE3ACA8BEE] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54640] [PID.3088] [MD5.DFC8186972EB21F75E5B532194AF4C3A] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [54640] [PID.4600] [MD5.7A42A8E161DC32C5A40C5813ED64DF03] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [54744] [PID.4752] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [276376] [PID.5112] [MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5400] [MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.5336] [MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.5084] [MD5.31EC2C367F440422C93FBF31B7D1314F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7824896] [PID.4284] [MD5.BAA8BB58716390463298661281662E21] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [2727936] [PID.4724] [MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [PID.920] [MD5.C98DF3FFEBAC8AF2BBB4457C0D3089C3] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [262226] [PID.1164] [MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1612] [MD5.827DBC22C96EECF6D36A13162FABAFD3] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Program Files\IDT\WDM\aestsrv.exe [81920] [PID.1884] [MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1940] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2044] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.304] [MD5.4E37455DB16AEC75862B1D0BC35B589E] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Windows\system32\DRIVERS\o2flash.exe [72296] [PID.492] [MD5.675C575444AAFD56B4E8A99EF8A570CD] - (.Absolute Software Corp. - rpcnet.) -- C:\Windows\system32\rpcnet.exe [69792] [PID.660] [MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\Windows\system32\CCM\Ccmexec.exe [764768] [PID.2116] [MD5.3B846434055F80D9E89D0742F3ADAD34] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [287824] [PID.2648] [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Microsoft Software Protection Platform Serv.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3092] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\palevy\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\prefs.js C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\user.js M3 - MFPP: Plugins - [palevy] -- C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\searchplugins\visualbee.xml P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix CCM SDK DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\CCMSDK.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Program Neighborhood CGPCFG dll.) -- C:\Program Files\Mozilla Firefox\Plugins\cgpcfg.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - CGP Core.) -- C:\Program Files\Mozilla Firefox\Plugins\CgpCore.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in Configuration DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\confmgr.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix ICA Client Logging DLL.) -- C:\Program Files\Mozilla Firefox\Plugins\ctxlogging.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in MUI DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\ctxmui.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix Configuration Manager.) -- C:\Program Files\Mozilla Firefox\Plugins\icafile.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in Logon (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\icalogon.dll P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\Plugins\npicaN.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix SSL SDK (OpenSSL).) -- C:\Program Files\Mozilla Firefox\Plugins\sslsdk_b.dll P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - TCP Proxy Service.) -- C:\Program Files\Mozilla Firefox\Plugins\TcpPServ.dll ~ Firefox Browser: 35 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://directv2.altran.com ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll ~ Winsock: 7 Legitimates Filtered in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.altran.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.corp.altran.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Titr_HJT34=Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [294] =>PUP.DealPly O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Managers Newsletter.job [494] [MD5.00000000000000000000000000000000] [APT] [Dealply] (...) -- C:\Users\palevy\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly ~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BabSolution] =>Hijacker.BabSolution [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\DealPlyLive] =>PUP.DealPly [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\DealPlyLive] =>PUP.DealPly [HKLM\Software\VBMZ] [HKLM\Software\f6df8ce26fbe47] ~ Key Software: 103 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 18/08/2013 - 00:55:46 - [0,851] ----D C:\Program Files\DealPly =>PUP.DealPly O43 - CFD: 18/08/2013 - 00:49:28 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon O43 - CFD: 18/08/2013 - 00:49:39 - [0] ----D C:\Users\palevy\AppData\Local\DealPlyLive =>PUP.DealPly ~ Program Folder: 109 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.51B0F4146F408026E91AA334498B0DD0] - 18/08/2013 - 10:23:53 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17920] O44 - LFC:[MD5.C1B19AD11821780B67F4C545BEB270C0] - 14/08/2013 - 17:59:06 ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17920] ~ Files: 13 Legitimates Filtered in 00mn 10s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.ACD6362AA90BF7BF7227BF0049FB0D90] - 17/08/2013 - 11:04:07 ---A- - C:\Windows\Prefetch\INSTW32.EXE-F3CF76D5.pf O45 - LFCP:[MD5.193B5522E29C30EFC28D1A407EFEFA15] - 17/08/2013 - 14:03:00 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-613714CB.pf =>P2P.BitTorrent O45 - LFCP:[MD5.1269C455709451042E4E14B267D6728B] - 17/08/2013 - 23:05:49 ---A- - C:\Windows\Prefetch\MP3FILEMANAGER_1.1_UPDATE_FRA-75148E58.pf O45 - LFCP:[MD5.502543FD342980AC891FF80939575154] - 17/08/2013 - 23:06:23 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-DB2C02B5.pf O45 - LFCP:[MD5.FCE0A49DA7D85170F69B503E5C9E996A] - 17/08/2013 - 23:07:51 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-8BD64E15.pf O45 - LFCP:[MD5.3A86BB9F0AD93337D2DEC2C6B97520C8] - 17/08/2013 - 23:08:35 ---A- - C:\Windows\Prefetch\MP3FILEMANAGER_1.1_UPDATE_FRA-9A68E053.pf O45 - LFCP:[MD5.5C6C0FD72A5742CEB15811D7D0642E1C] - 17/08/2013 - 23:08:36 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-FB681EF0.pf O45 - LFCP:[MD5.0E8EE710CB464962E30777301825C48D] - 17/08/2013 - 23:15:54 ---A- - C:\Windows\Prefetch\SONICSTAGESECURITYUPDATEPROGR-361FCCF9.pf O45 - LFCP:[MD5.C571C2B7B6A957264A81D20D64DE6193] - 17/08/2013 - 23:16:40 ---A- - C:\Windows\Prefetch\SONICSTAGESECURITYUPDATEPROGR-D919FAFF.pf O45 - LFCP:[MD5.B3C8B2DCF37D83EEF2938207B0C0F2B0] - 17/08/2013 - 23:30:50 ---A- - C:\Windows\Prefetch\SETUPSS.EXE-69C00EA5.pf O45 - LFCP:[MD5.14560BD38A016C79C8E7A442EE4E618E] - 17/08/2013 - 23:31:15 ---A- - C:\Windows\Prefetch\SONICSTAGEINSTALLER_4.3.EXE-2D1B0866.pf O45 - LFCP:[MD5.D2D32194D19E278FABD26A12068B1FE6] - 17/08/2013 - 23:48:33 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SONIC-B17C6324.pf =>Toolbar.Conduit O45 - LFCP:[MD5.3FB963E4CF3ACD2A0F13746AE357B045] - 17/08/2013 - 23:49:06 ---A- - C:\Windows\Prefetch\SETUPSS.EXE-7CF669D9.pf O45 - LFCP:[MD5.8BABD985E5E8D1E11A986CAEDB0C1174] - 17/08/2013 - 23:49:06 ---A- - C:\Windows\Prefetch\SONICSTAGEINSTALLER.EXE-DD4CFE8D.pf O45 - LFCP:[MD5.BBE73CD61E4017ADB105692DC341AD89] - 17/08/2013 - 23:49:23 ---A- - C:\Windows\Prefetch\VISUALBEESILENT-1-.EXE-23618161.pf O45 - LFCP:[MD5.3CD564250E168B436D60B229744505DE] - 17/08/2013 - 23:49:30 ---A- - C:\Windows\Prefetch\VBMZ7.EXE-70C9567F.pf O45 - LFCP:[MD5.2A366F53FBB1E8A9F278FB4FCE3C5901] - 17/08/2013 - 23:49:37 ---A- - C:\Windows\Prefetch\VISUALBEETB_YH.EXE-A03CF3E7.pf O45 - LFCP:[MD5.2DAA495B961663F3305EF4C3F683A2A4] - 17/08/2013 - 23:49:40 ---A- - C:\Windows\Prefetch\DP.EXE-CA3EDD3D.pf O45 - LFCP:[MD5.815638CBB586ED5CF28D3AE915907C17] - 17/08/2013 - 23:49:43 ---A- - C:\Windows\Prefetch\UNINST.EXE-FF304FB5.pf O45 - LFCP:[MD5.F9DD4829372E3AE793DC076D8F04EDD2] - 17/08/2013 - 23:49:47 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7ADB3CBB.pf =>PUP.DealPly O45 - LFCP:[MD5.F66D76987EEC81FC6C81F9B5A774177C] - 17/08/2013 - 23:49:49 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-5043716C.pf =>Hijacker.BabSolution O45 - LFCP:[MD5.DEF6A48263628FECAEADED28EE56D25C] - 17/08/2013 - 23:49:49 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-50388A13.pf =>PUP.DealPly O45 - LFCP:[MD5.A869A5FD7F8E108659674AB1EBE1E870] - 17/08/2013 - 23:49:51 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-0BDA8C7F.pf O45 - LFCP:[MD5.059055472FC2B67A96369654159FF33C] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEE4FFX.EXE-67CC4036.pf O45 - LFCP:[MD5.4950CF808F22A196F378C9B4239BE639] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEE4IE.EXE-84663260.pf O45 - LFCP:[MD5.74BEDE4C1F8FCA2DB6A0788675C7176B] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEESOFTWARE.EXE-E4E52CEB.pf O45 - LFCP:[MD5.5711BC6009AEEC6C212B065DD97B1EDD] - 17/08/2013 - 23:49:57 ---A- - C:\Windows\Prefetch\MYVBEETB.EXE-049F601D.pf O45 - LFCP:[MD5.881B2D78AD21EB6589A3C5A151874BCD] - 17/08/2013 - 23:50:00 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel O45 - LFCP:[MD5.7F751E9C2BF0940BE11FEC118ED19869] - 17/08/2013 - 23:50:12 ---A- - C:\Windows\Prefetch\VISUALBEEDB.EXE-53B3FFC2.pf O45 - LFCP:[MD5.B9A61A233C80185AE020084601C1A851] - 17/08/2013 - 23:55:56 ---A- - C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-64AE3D08.pf =>PUP.DealPly O45 - LFCP:[MD5.E38E79A172670569B2A7872359DA9C18] - 18/08/2013 - 09:23:38 ---A- - C:\Windows\Prefetch\VPNGUI.EXE-00816EC6.pf O45 - LFCP:[MD5.252B04884932DF5D3FB78EA7ABAABAA0] - 18/08/2013 - 09:24:56 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-9DC930B3.pf =>PUP.DealPly O45 - LFCP:[MD5.558D0210ACA32A7A5E42948278BF066E] - 18/08/2013 - 09:54:10 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-BF809A22.pf =>PUP.DealPly ~ Prefetcher: 140 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\ConnectionCenter [Key] . (.Citrix Systems, Inc. - Citrix online plug-in Connection Center.) -- C:\Program Files\Citrix\ICA Client\concentr.exe ~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1 ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.3E58933198689F24CFA6ED4B93A80DEB] - 31/01/2011 - 06:46:06 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [43888] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 17/08/2013 - 14:05:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\00. Danny Cudd - Released Upon Inception.m3u8 [676] O61 - LFC: 17/08/2013 - 14:09:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\00. Hang Massive - Beat For Your Feet.m3u8 [814] O61 - LFC: 17/08/2013 - 14:09:56 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\00. Danny Cudd - Timelessly Free.m3u8 [561] O61 - LFC: 17/08/2013 - 14:13:16 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\05. Hang Massive - Increasing Obviousness (live).flac [21280087] O61 - LFC: 17/08/2013 - 14:13:19 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\03. Danny Cudd - Once again (2012 remix).flac [25912734] O61 - LFC: 17/08/2013 - 14:13:19 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\03. Hang Massive - Once Again (live).flac [26426523] O61 - LFC: 17/08/2013 - 14:13:20 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\02. Danny Cudd - From the view.flac [47070367] O61 - LFC: 17/08/2013 - 14:13:22 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\02. Hang Massive - From the view (live).flac [33114912] O61 - LFC: 17/08/2013 - 14:13:24 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\03. Danny Cudd - Once Again (2011).flac [24826050] O61 - LFC: 17/08/2013 - 14:13:25 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\07. Hang Massive feat. Baba Alex - Increasing Obviousness.flac [20172492] O61 - LFC: 17/08/2013 - 14:13:26 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\05. Danny Cudd - Increasing Obviousness.flac [36174728] O61 - LFC: 17/08/2013 - 14:13:27 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\07. Danny Cudd - At Last.flac [19391996] O61 - LFC: 17/08/2013 - 14:13:31 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\06. Danny Cudd - Sky like eyes.flac [34871597] O61 - LFC: 17/08/2013 - 14:13:33 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\04. Danny Cudd - Timelessly Free.flac [49622032] O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\01. Danny Cudd - Omat Odat.flac [43443265] O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\08. Danny Cudd - Tingless Tings.flac [38499255] O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\06. Hang Massive - At Last (live).flac [16602868] O61 - LFC: 17/08/2013 - 14:13:37 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\08. Hang Massive feat. Baba Alex - From the View.flac [23870902] O61 - LFC: 17/08/2013 - 14:13:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\01. Danny Cudd feat. Daniel Waples - Double D.flac [42319242] O61 - LFC: 17/08/2013 - 14:13:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\01. Hang Massive - Omat Odat (live).flac [31400021] O61 - LFC: 17/08/2013 - 14:13:42 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\05. Danny Cudd - Rain Drops.flac [27249669] O61 - LFC: 17/08/2013 - 14:13:44 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\07. Danny Cudd - Released upon inception.flac [28741010] O61 - LFC: 17/08/2013 - 14:13:44 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\04. Hang Massive - Skånegatan (live).flac [19589414] O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\02. Danny Cudd - Remind.flac [52523121] O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\06. Danny Cudd - To the mirage.flac [44737444] O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\04. Danny Cudd - Skånegatan.flac [22994785] O61 - LFC: 17/08/2013 - 23:05:35 ---A- C:\Users\palevy\Downloads\MP3FileManager_1.1_Update_FRA.exe [1140610] O61 - LFC: 17/08/2013 - 23:46:42 ---A- C:\Users\palevy\Downloads\MP3FileManager_1.1_Update_FRA(1).exe [1140610] O61 - LFC: 17/08/2013 - 23:50:21 ---A- C:\Users\palevy\AppData\Local\Google\Chrome\User Data\Local State [37450] O61 - LFC: 17/08/2013 - 23:50:21 ---A- C:\Users\palevy\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 17/08/2013 - 23:54:16 ---A- C:\Users\palevy\AppData\Local\avgchrome\avgp [107844] O61 - LFC: 18/08/2013 - 09:25:53 ---A- C:\Users\palevy\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter O61 - LFC: 18/08/2013 - 09:43:36 ---A- C:\Users\palevy\AppData\Roaming\Google\Local Search History\google%2Eweb.w [170] O61 - LFC: 18/08/2013 - 09:55:46 ---A- C:\Users\palevy\AppData\Local\Google\Toolbar DNS data\data [801] O61 - LFC: 18/08/2013 - 09:56:12 ---A- C:\Users\palevy\Downloads\SpyHunter-Installer(1).exe [725952] =>Crapware.SpyHunter O61 - LFC: 18/08/2013 - 10:06:41 ---A- C:\Users\palevy\AppData\Local\Google\Toolbar\broker_metrics.xml [15491] O61 - LFC: 18/08/2013 - 10:10:06 ---A- C:\Users\palevy\Downloads\mbam-setup-1.75.0.1300.exe [10285040] ~ 54 Fichiers temporaires (Temporary files) ~ Files: 181 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter ~ Legacy: 94 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (VisualBee Search) - O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {D0207488-2AA7-4995-A506-0501C01E38BC} [DefaultScope] - (Google) - http://www.google.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [sPRF][22/08/2011] (...) -- C:\Users\palevy\AppData\Local\Temp\ExchangePerflog_8484fa31035dba1258f3750c.dat [28] [MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [sPRF][23/07/2012] (...) -- C:\Users\palevy\AppData\Local\Temp\ExchangePerflog_8484fa31035dba12df5e13a8.dat [28] [MD5.0CE6C2EC9A54F521A33529C46491E6EA] [sPRF][13/05/2013] (.Pas de propriétaire - GetCC.) -- C:\Users\palevy\AppData\Local\Temp\GetCC.dll [4608] [MD5.32B309808450E377DF8B5D3CCE05547A] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\ICReinstall_iTunesSetup.exe [629856] [MD5.466C4732BC4B126B94B0E69C6B5A2348] [sPRF][13/05/2013] (.Pas de propriétaire - SendMsg.) -- C:\Users\palevy\AppData\Local\Temp\SendMsg.dll [9216] [MD5.46B4EC40DCB1026711FDE778F9C8E56D] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\sh4plist.dat [148] [MD5.B71D0C3278AC5FF3A592DA3EFC7DA58E] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\SHSetup.exe [33531032] =>Crapware.SpyHunter [MD5.DB521C3DC7B679226322033B09719ECA] [sPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\palevy\AppData\Local\Temp\uninst1.exe [339440] =>Toolbar.Babylon [MD5.E13BE6A280AD574EC3BE472B51E633A3] [sPRF][17/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\vbmz7.exe [85400] ~ Files: Scanned in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKLM\Software\f6df8ce26fbe47] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.5056F846851DE4917902DE500B695028] [WIS][28/01/2010] (.ThinPrint AG - ThinPrint .print Client Windows.) -- C:\Windows\Installer\1a97da.msi [1816576] [MD5.60FB52C07D89635DDEBDA4B51DF05196] [WIS][22/02/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\7f09e0.msi [28160] =>Toolbar.Google ~ WIS: 89 Legitimates Filtered in 00mn 01s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 31/01/2011 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\aestsrv.exe SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe SS - | Auto 22/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 22/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 22/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 14/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 31/01/2011 72296 | (O2FLASH) . (.O2Micro International.) - C:\Windows\System32\DRIVERS\o2flash.exe SR - | Auto 7/03/2013 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe SR - | Auto 31/01/2011 262226 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by palevy at 18/08/2013 12:05:13 device: opened successfully user: error reading MBR Disk trace: error: Read The handle is invalid. kernel: error reading MBR ~ MBR: 18 Legitimates Filtered in 00mn 02s ---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by palevy at 18/08/2013 12:05:15 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : v2.12859 - (17/08/2013) Clés trouvées (Keys found) : 13 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 22 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\VBMZ] =>Toolbar.Conduit [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =>Crapware.SpyHunter [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Program Files\DealPly =>PUP.DealPly^ C:\ProgramData\Babylon =>Toolbar.Babylon^ C:\Users\palevy\AppData\Local\DealPlyLive =>PUP.DealPly^ C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ Windows\Tasks\Dealply.job =>PUP.DealPly^ [HKCU\Software\BabSolution] =>Hijacker.BabSolution^ [HKCU\Software\DealPlyLive] =>PUP.DealPly^ [HKLM\Software\DealPlyLive] =>PUP.DealPly^ C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SONIC-B17C6324.pf =>Toolbar.Conduit^ C:\Windows\Prefetch\DEALPLYLIVE.EXE-7ADB3CBB.pf =>PUP.DealPly^ C:\Windows\Prefetch\BABMAINT.EXE-5043716C.pf =>Hijacker.BabSolution^ C:\Windows\Prefetch\DEALPLYLIVE.EXE-50388A13.pf =>PUP.DealPly^ C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel^ C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-64AE3D08.pf =>PUP.DealPly^ C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-9DC930B3.pf =>PUP.DealPly^ C:\Windows\Prefetch\DEALPLYLIVE.EXE-BF809A22.pf =>PUP.DealPly^ C:\Users\palevy\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter^ C:\Users\palevy\Downloads\SpyHunter-Installer(1).exe [725952] =>Crapware.SpyHunter^ Users\palevy\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^ Users\palevy\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^ Windows\Installer\7f09e0.msi =>Toolbar.Google^ C:\Users\palevy\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon C:\Users\palevy\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon C:\Users\palevy\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon ~ Additionnel Scan: 223291 Items scanned in 00mn 23s ---\\ Récapitulatif des détections trouvées sur votre station ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ MSI: 11 link(s) detected in 00mn 23s ~ 1301 Legitimates filtered by white list End of the scan (616 lines in 01mn 29s)(0) Pourriez-vous m'aider svp? Merci d'avance Paulo
- le 18 août 2013
- 1 réponse

Connexion

paulo86

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par paulo86

Comment supprimer VisualBee ?

Zebulon

Outils en ligne

Naviguer