Helln

Membres

Afficher le profil Afficher son activité

Compteur de contenus
10
Inscription
le 27 novembre 2013
Dernière visite
le 30 novembre 2013
Jours gagnés
1

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Helln

Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

YESSSS!!!! Ça marche, pu de Do-Search!!! Merci énormément Apollo! Voici le rapport pareille : http://cjoint.com/?CKEc2kQORhu J'imagine que ça peut vous aider avec d'autres cas comme le mien!
- le 30 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Désolé pour le délai... Le bloc d'alimentation de mon modem était défectueux et je n'ai pas pu t'envoyer le plus récent rapport... Le voici : http://cjoint.com/?CKDvVjLl8ev Merci Apollo!
- le 29 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Voici le rapport après la suppression par MBAB... http://cjoint.com/?CKCwIl8Cr95 Et toujours do-search lorsque j'ouvre Chrome
- le 28 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Voici le rapport MBAB http://cjoint.com/?CKCwxC3enJt Helln
- le 28 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Voici le rapport de SFTGC : http://cjoint.com/?CKCo4dmjjbo Helln
- le 28 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Bonjour Apollo, J'ai toujours été habitué à résoudre mes problèmes techniques moi-même. Désolé si j'ai fait des étapes déjà à l'avance, mais je n'ai pas d'aide d'ailleurs qu'ici je te le jure. J'ai déjà utilisé JRT le rapport est plus haut et lorsque je l'ai réutilisé maintenant... Il n'y a plus rien... Voici le rapport... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Home Premium x64 Ran by Helene on 2013-11-28 at 8:38:58,59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2013-11-28 at 8:48:41,87 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- le 28 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Le voici... # AdwCleaner v3.013 - Report created 27/11/2013 at 18:44:51 # Updated 24/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Helene - HELENE-PC # Running from : C:\Users\Helene\Downloads\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v [ File : C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [5793 octets] - [26/09/2013 16:42:15] AdwCleaner[R1].txt - [3593 octets] - [27/11/2013 12:43:39] AdwCleaner[R2].txt - [994 octets] - [27/11/2013 12:49:19] AdwCleaner[R3].txt - [795 octets] - [27/11/2013 18:44:51] AdwCleaner[s0].txt - [5616 octets] - [26/09/2013 16:43:10] AdwCleaner[s1].txt - [3423 octets] - [27/11/2013 12:44:21] AdwCleaner[s2].txt - [1054 octets] - [27/11/2013 12:50:36] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1034 octets] ##########
- le 27 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

J'ai installé AdwCleaner avant même de venir sur ce site et fait les étapes... le *&&*% dosearch est toujours par défaut dans mes navigateurs
- le 27 novembre 2013
- 20 réponses
Do-Search :-(

Helln a répondu à un(e) sujet de Helln dans Analyses et éradication malwares

Voici le rapport de JRT : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 7 Home Premium x64 Ran by Helene on 2013-11-27 at 14:13:55,63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim ~~~ Files Successfully deleted: [File] "C:\Users\Helene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks" Successfully deleted: [Empty Folder] C:\Users\Helene\appdata\local\{59933410-0E6C-4B41-ABCE-6929A232A305} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 2013-11-27 at 14:24:06,25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- le 27 novembre 2013
- 20 réponses
Do-Search :-(

Helln a posté un sujet dans Analyses et éradication malwares

J'ai Chrome et j'ai installé un malware... J'aimerais m'en débarrasser... Aidez-moi svp Voici le résultat du ZHPDiag ~ Rapport de ZHPDiag v2013.11.26.56 - Nicolas Coolman (2013-11-26) ~ Lancé par Helene (2013-11-27 13:23:58) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16736 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.4259 Windows Defender W7 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 ActiveX Adobe Reader X Java 7 Update 45 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4028 MB (37% free) System Restore: Activé (Enable) System drive C: has 105 GB (47%) free of 223 GB ---\\ Mode de connexion au système ~ Computer Name: HELENE-PC ~ User Name: Helene ~ All Users Names: HomeGroupUser$, Helene, Guest, ASPNET, Administrator, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Helene\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Helene\AppData\Roaming\ ~ %Desktop% : C:\Users\Helene\Desktop\ ~ %Favorites% : C:\Users\Helene\Favorites\ ~ %LocalAppData% : C:\Users\Helene\AppData\Local\ ~ %StartMenu% : C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 105 Go of 223 Go) D: Hard drive, Flash drive, Thumb drive (Free 222 Go of 223 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2013-10-12 - 03:45:20.) -- C:\Windows\System32\wininet.dll [2241536] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.2010-11-20 - 08:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.2010-11-20 - 08:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-09-27 - 20:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 04:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 04:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 05:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 04:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.2013-04-12 - 09:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 05:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 04:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2010-11-20 - 08:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/1251 ~ Mes musiques (My Musics) : 2/2547 ~ Mes Videos (My Videos) : 1/489 ~ Mes Favoris (My Favorites) : 1/41 ~ Mes Documents (My Documents) : 1/1632 ~ Mon Bureau (My Desktop) : 1/13 ~ Menu demarrer (Programs) : 1/63 ~ Hidden Files: Scanned in 00mn 04s ---\\ Processus lancés [MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2444] [MD5.E3735DC796E5183D63F35921B058934C] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800] [PID.2520] [MD5.EAD394EAD9312C8AFB37FC627711383B] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [834560] [PID.2548] [MD5.167F9E5AF87B57763DAAA27D3144C2A0] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192] [PID.2556] [MD5.10760383AA50CCFC7DB9B5AB0D326AAF] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1749504] [PID.2604] [MD5.23C2FCAA50C4F80F7D1B8A0771D45328] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3516] [MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.3608] [MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.3692] [MD5.643F7A81B4FC27845886AB9650AD2C61] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176] [PID.4080] [MD5.FB1A303207C1124C2B61A50E5A32AC21] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.960] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2344] [MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2240] [MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.5252] [MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Users\Helene\AppData\Local\Google\Chrome\Application\chrome.exe [863184] [PID.5224] [MD5.9E237EB754D86D63B1E39AD3D97292FA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8253952] [PID.5848] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1616] [MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1668] [MD5.F89B2DACE0FBE54CF65D12B7081C19C3] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544] [PID.1692] [MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008] [PID.1728] [MD5.140692763A50BFFF322CDC076300587E] - (.Eastman Kodak Company - EKAiOHostService Module for Kodak AiO Print.) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [395640] [PID.1920] [MD5.E29F999616D7C08B0E91296908C47CAF] - (.Eastman Kodak Company - Status Monitor SDK for KODAK AiO Printer (3.) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152] [PID.1992] [MD5.7CCAEBCAB6FC1ED0206C07E083E79207] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.2040] [MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2028] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [user Data\Default] [acfbekphmapfjpdkfedomagjpccekhaa] Dark Legends v.2.0.0.0 (Désactivé) G2 - GCE: Preference [user Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [fpneimdnjbljdjjbpbpaiempjjnmmldb] Battle Stations v.3.0.0.1 (Désactivé) G2 - GCE: Preference [user Data\Default] [jklnclajhlcbghmgkljidaofhcnmjffo] FRQc - Flash Render Quality changer v.2.0.4 (Désactivé) ~ Google Browser: 19 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com =>PUP.DoSearches R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com =>PUP.DoSearches R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com =>PUP.DoSearches ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch [Helene]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\QuickLaunch [Helene]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Helene\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Helene]: Chrome App Launcher.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Helene\AppData\Local\Google\Chrome\Application\chrome.exe http://do-search.com =>PUP.DoSearches O4 - GS\Program [Helene]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\SystemTools [Helene]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches O4 - GS\Desktop [Helene]: Ski Patrol - Shortcut.lnk . (...) -- C:\Users\Helene\Documents\Ski Patrol ~ Global Startup: 55 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] . (.Eastman Kodak Company - Status Monitor for KODAK AiO Printer (64-Bi.) -- C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Helene\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe O4 - HKLM\..\Wow6432Node\Run: [updateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe O4 - HKLM\..\Wow6432Node\Run: [updateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [updatePDRShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Wow6432Node\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Wow6432Node\Run: [updatePPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [updatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [uCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [EKStatusMonitor] . (.Eastman Kodak Company - Status Monitor for KODAK AiO Printer (32-Bi.) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) O4 - HKLM\..\Wow6432Node\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll (.not file.) O4 - HKLM\..\Wow6432Node\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll (.not file.) O4 - HKLM\..\Wow6432Node\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll (.not file.) O4 - HKLM\..\Wow6432Node\RunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll (.not file.) O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] . (.Eastman Kodak Company - KODAK AiO Home Center.) -- C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-1056982319-2553961964-3523495383-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-1056982319-2553961964-3523495383-1001\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-1056982319-2553961964-3523495383-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Helene\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-1056982319-2553961964-3523495383-1001\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{983C2BC8-3CE9-4556-8966-CCE7099128FE}: DhcpNameServer = 206.47.201.246 207.231.231.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{EA301D79-AE86-48F8-ACDB-9DAAB4D5BFB9}: DhcpNameServer = 192.168.1.5 192.168.1.15 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpDomain = gateway.2wire.net O17 - HKLM\System\CS1\Services\Tcpip\..\{983C2BC8-3CE9-4556-8966-CCE7099128FE}: DhcpNameServer = 206.47.201.246 207.231.231.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{EA301D79-AE86-48F8-ACDB-9DAAB4D5BFB9}: DhcpNameServer = 192.168.1.5 192.168.1.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpDomain = gateway.2wire.net O17 - HKLM\System\CS2\Services\Tcpip\..\{983C2BC8-3CE9-4556-8966-CCE7099128FE}: DhcpNameServer = 206.47.201.246 207.231.231.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{EA301D79-AE86-48F8-ACDB-9DAAB4D5BFB9}: DhcpNameServer = 192.168.1.5 192.168.1.15 O17 - HKLM\System\CS2\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{FAEFEC37-3277-4974-81F4-12938C4581B8}: DhcpDomain = gateway.2wire.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: McAfee Real-time Scanner (McShield) . (...) - C:\Program Files (x86)\McAfee\VIRUSS~1\mcshield.exe (.not file.) O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe ~ Services: 11 Legitimates Filtered in 00mn 06s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ROC_REG_JAN_DELETE.job [298] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SaveSense.job [296] =>PUP.SaveSense [MD5.FB1A303207C1124C2B61A50E5A32AC21] [APT] [Divx online update program] (...) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [MD5.C78234DCAFDA1C5D4440977DF9A39F51] [APT] [ROC_REG_JAN_DELETE] (...) -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe [1234000] [MD5.6F2939B1EC17A6631106CFD013A9CD77] [APT] [saveSense] (...) -- C:\Users\Helene\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe [199176] =>PUP.SaveSense ~ Scheduled Task: 19 Legitimates Filtered in 00mn 06s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Pando Networks] [HKCU\Software\SaveSenseLive] =>PUP.SaveSense [HKCU\Software\encryptX] [HKLM\Software\ASK] [HKLM\Software\Wow6432Node\Pando Networks] [HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\epubforwindows] ~ Key Software: 277 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2012-04-09 - 23:03:43 - [15,343] ----D C:\Program Files (x86)\Battle of the Immortals O43 - CFD: 2013-03-07 - 10:23:05 - [0] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 2013-11-27 - 12:13:08 - [0] ----D C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense O43 - CFD: 2013-11-27 - 09:00:08 - [0] ----D C:\Program Files (x86)\Sk-Enhancer =>Adware.SurfAndKeep O43 - CFD: 2013-08-19 - 21:16:49 - [0] ----D C:\Program Files (x86)\SweetPacks =>PUP.SweetIM O43 - CFD: 2012-11-02 - 22:42:03 - [12,621] ----D C:\Program Files (x86)\WEB Partner O43 - CFD: 2013-11-27 - 08:59:45 - [0,064] ----D C:\ProgramData\7e83486598e1d7b7 O43 - CFD: 2013-11-27 - 08:59:07 - [0,100] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 2013-11-27 - 09:08:32 - [0,105] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense O43 - CFD: 2012-02-05 - 00:18:24 - [0,296] ----D C:\Users\Helene\AppData\Roaming\FreeTorrentViewer O43 - CFD: 2013-11-27 - 09:08:30 - [0,190] ----D C:\Users\Helene\AppData\Roaming\SaveSense =>PUP.SaveSense O43 - CFD: 2013-11-27 - 09:08:32 - [0] ----D C:\Users\Helene\AppData\Local\SaveSenseLive =>PUP.SaveSense ~ Program Folder: 191 Legitimates Filtered in 00mn 04s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C667A0A4D08227ED19D7720FAF7E2D54] - 2013-11-27 - 00:39:52 ---A- . (...) -- C:\Windows\win.ini [510] ~ Files: 79 Legitimates Filtered in 00mn 08s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{136e1612-2513-11e2-abe7-002454baa880}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.) O51 - MPSK:{6bd201f4-a79f-11df-b018-806e6f6e6963}\AutoRun\command. (...) -- E:\Diablo III Setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Conime [Key] . (...) -- C:\Windows\system32\conime.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (...) -- C:\Program Files (x86)\raidcall\raidcall.exe (.not file.) ~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F572B7467B5CB4FA8FB6319575902E41] - 2010-10-08 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.15E399875C850B54FC253A2323AD8021] - 2010-08-06 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 2012-12-13 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:[MD5.64F88AF327AA74E03658AE32B48CCB8B] - 2009-09-28 - 04:22:00 ---A- . (...) -- C:\Windows\System32\Drivers\yk62x64.sys [395264] O58 - SDL:[MD5.4CA0DBA9E224473D664C25E411F5A3BD] - 2010-08-14 - 07:30:05 ---A- . (.Windows ® 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144] ~ Drivers: 16 Legitimates Filtered in 00mn 06s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Helene\AppData\Local\Google\Chrome\Application\chrome.exe" http://do-search.com =>PUP.DoSearches O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com =>PUP.DoSearches ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.8D5BC4BB512A7D2BBE230C63F83C5D18] [sPRF][2010-11-22] (...) -- C:\ProgramData\ezsidmv.dat [48] [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [sPRF][2010-01-16] (...) -- C:\ProgramData\FullRemove.exe [131368] [MD5.84D256FFCF48D66E92A6ACE062C5663D] [sPRF][2011-02-14] (...) -- C:\Users\Helene\AppData\Local\fusioncache.dat [94] [MD5.858D895AD40DE9779E78C39A116F9553] [sPRF][2013-10-13] (...) -- C:\Users\Helene\AppData\Local\Temp\BackupSetup.exe [10355400] [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-01] (.Conduit - SP Usage Sender.) -- C:\Users\Helene\AppData\Local\Temp\nse7DD4.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-01] (.Conduit - SP Usage Sender.) -- C:\Users\Helene\AppData\Local\Temp\nsj79FC.exe [110936] =>Toolbar.Conduit [MD5.C67BCF6441E378371F0D6EEFB7EF0861] [sPRF][2013-09-17] (.Conduit - SP Usage Sender.) -- C:\Users\Helene\AppData\Local\Temp\nss80DA.exe [167812] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-01] (.Conduit - SP Usage Sender.) -- C:\Users\Helene\AppData\Local\Temp\nsz2D42.exe [110936] =>Toolbar.Conduit [MD5.CBB0857B4E4C5D947A0933733F19AFFC] [sPRF][2013-09-01] (.Conduit - SP Usage Sender.) -- C:\Users\Helene\AppData\Local\Temp\nsz304F.exe [110936] =>Toolbar.Conduit [MD5.3BF79E6868B44D3ADB2796BA99521891] [sPRF][2013-09-07] (...) -- C:\Users\Helene\AppData\Local\Temp\Quarantine.exe [344583] [MD5.43564E025775B526BB8A5B087A6568E4] [sPRF][2013-11-27] (...) -- C:\Users\Helene\AppData\Local\Temp\setupA9_.exe [17294856] [MD5.47822BC4FAF1F088507A44474E2D9AE9] [sPRF][2013-09-17] (.Conduit - Search Protect by Conduit.) -- C:\Users\Helene\AppData\Local\Temp\SPSetup.exe [5611672] =>Toolbar.Conduit [MD5.3AD3DAA38A2D7801AF5A254CE3DEB94A] [sPRF][2013-09-22] (...) -- C:\Users\Helene\AppData\Local\Temp\utt1FC6.tmp.bat [96] [MD5.CBF9C44A4C35599989CA8BDA97DDC586] [sPRF][2013-09-22] (...) -- C:\Users\Helene\AppData\Local\Temp\uttBCDF.tmp.bat [77] [MD5.03BCF1D196E7A6B6A00A0C84EE183D60] [sPRF][2013-09-22] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Helene\AppData\Local\Temp\uttC93F.tmp.exe [1130576] =>P2P.BitTorrent [MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [sPRF][2013-09-22] (.Conduit - Search Protect by conduit.) -- C:\Users\Helene\AppData\Local\Temp\uttCDE1.tmp.exe [66368] =>Toolbar.Conduit [MD5.9A317D3BF6170A293853929083E087D0] [sPRF][2013-01-30] (...) -- C:\Users\Helene\AppData\LocalLow\dt.dat [26900] [MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][2012-06-03] (...) -- C:\Users\Helene\AppData\LocalLow\prvlcl.dat [0] ~ Files: 23 Legitimates Filtered in 00mn 02s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{E75D4A3E-830F-4C63-8F7F-8CCAD9FA2C24}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{DEB60369-9FE7-429C-8FAE-C2A8094E765C}" |In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{233B06D2-3A73-4786-8876-18E6AF14A3FF}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "{94C932D4-5717-4953-9F91-5F118655BB2E}" |In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe (.not file.) O87 - FAEL: "TCP Query User{F1BF0B52-EE2B-41AD-ACD1-FB8F215DC95A}C:\program files (x86)\torntv.com\torntv downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV O87 - FAEL: "UDP Query User{46351346-6244-4C68-BF9A-C54049ABEA23}C:\program files (x86)\torntv.com\torntv downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\torntv.com\torntv downloader.exe (.not file.) =>Hijacker.TornTV ~ Firewall: 252 Legitimates Filtered in 00mn 02s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "186C49EB2E861654A8CBD8E29719864B" . (.essentials.) -- C:\Windows\Installer\{BE94C681-68E2-4561-8ABC-8D2E799168B4}\ARPPRODUCTICON.exe O90 - PUC: "F142AB65C0852D344830492714AA6E33" . (.center.) -- C:\Windows\Installer\{56BA241F-580C-43D2-8403-947241AAE633}\ARPPRODUCTICON.exe O90 - PUC: "F69FCBFB1637A68469C5451BA73C4512" . (.ocr.) -- C:\Windows\Installer\{BFBCF96F-7361-486A-965C-54B17AC35421}\ARPPRODUCTICON.exe ~ Update Products: 127 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118} ~ MNS: 1 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2013-10-08 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 1658-07-10 0 | (aspnet_state) . (...) - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe SS - | Auto 1658-07-10 0 | (McAfee SiteAdvisor Service) . (...) - C:\Program Files (x86)\mcafee\SITEAD~1\mcsacore.exe SS - | Disabled 1658-07-10 0 | (McSysmon) . (...) - C:\Program Files (x86)\McAfee\VIRUSS~1\mcsysmon.exe SS - | Auto 2012-11-09 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 2013-05-10 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2013-09-07 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 2013-11-11 3478544 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SR - | Auto 2013-09-24 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 2011-03-14 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe SR - | Demand 2013-11-02 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 2013-03-15 395640 | (Kodak AiO Network Discovery Service) . (.Eastman Kodak Company.) - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe SR - | Auto 2013-01-15 780152 | (Kodak AiO Status Monitor Service) . (.Eastman Kodak Company.) - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe SR - | Auto 1658-07-10 0 | (McShield) . (...) - C:\Program Files (x86)\McAfee\VIRUSS~1\mcshield.exe SR - | Auto 2009-07-07 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 2012-01-22 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 20s ---\\ Scan Additionnel (O88) Database Version : 13000 - (2013-11-26) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 5 Dossiers trouvés (Folders found) : 8 Fichiers trouvés (Files found) : 19 [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense^ C:\Program Files (x86)\Sk-Enhancer =>Adware.SurfAndKeep^ C:\Program Files (x86)\SweetPacks =>PUP.SweetIM^ C:\ProgramData\InstallMate =>PUP.Tarma^ C:\ProgramData\SaveSenseLive =>PUP.SaveSense^ C:\Users\Helene\AppData\Roaming\SaveSense =>PUP.SaveSense^ C:\Users\Helene\AppData\Local\SaveSenseLive =>PUP.SaveSense^ C:\ProgramData\AVG January 2013 Campaign =>Toolbar.AVGSearch C:\Windows\Tasks\SaveSense.job =>PUP.SaveSense^ C:\Users\Helene\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe =>PUP.SaveSense^ [HKCU\Software\SaveSenseLive] =>PUP.SaveSense^ [HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^ C:\Users\Helene\AppData\Local\Temp\nse7DD4.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\nsj79FC.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\nss80DA.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\nsz2D42.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\nsz304F.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\SPSetup.exe =>Toolbar.Conduit^ C:\Users\Helene\AppData\Local\Temp\uttC93F.tmp.exe =>P2P.BitTorrent^ C:\Users\Helene\AppData\Local\Temp\uttCDE1.tmp.exe =>Toolbar.Conduit^ ~ Additionnel Scan: 321303 Items scanned in 00mn 28s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/33477786-pup-dosearches =>PUP.DoSearches ~ http://nicolascoolman.webs.com/apps/blog/show/36853930-pup-savesense =>PUP.SaveSense ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep =>Adware.SurfAndKeep ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV ~ MSI: 7 link(s) detected in 00mn 28s ~ 1211 Legitimates filtered by white list End of the scan (515 lines in 02mn 38s)(0) Helln
- le 27 novembre 2013
- 20 réponses
- - 1

Connexion

Helln

Compteur de contenus

Inscription

Dernière visite

Jours gagnés

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Helln

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Do-Search :-(

Zebulon

Outils en ligne

Naviguer