[Résolu] Virus Qvo6

lennon · le 1 avril 2013

Bonjour.

Comme beaucoup en ce moment je suis infecté par QVO6.

J'ai fait toutes les étapes des autres sujets c'est à dire adwcleaner puis jrt et zhp diag.

le 1er:

# AdwCleaner v2.115 - Rapport créé le 01/04/2013 à 23:40:27

# Mis à jour le 17/03/2013 par Xplode

# Système d'exploitation : Windows Vista Home Premium Service Pack 1 (32 bits)

# Nom d'utilisateur : jean jacques - PC-DE-JEANJACQU

# Mode de démarrage : Normal

# Exécuté depuis : C:\Users\jean jacques\Desktop\adwcleaner.exe

# Option [suppression]

***** [services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

***** [Registre] *****

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v26.0.1410.43

Fichier : C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [25563 octets] - [05/03/2013 19:43:02]

AdwCleaner[s2].txt - [1187 octets] - [01/04/2013 23:40:27]

########## EOF - C:\AdwCleaner[s2].txt - [1247 octets] ##########

le 2eme (JRT):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.8 (03.31.2013:1)

OS: Windows Vista Home Premium x86

Ran by jean jacques on 01/04/2013 at 23:59:41,55

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\jean jacques\AppData\Roaming\mozilla\firefox\profiles\581fpvej.default\minidumps [17 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 02/04/2013 at 0:04:15,21

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

le 3eme (ZHP):

Rapport de ZHPDiag v2013.4.1.5 par Nicolas Coolman, Update du 01/04/2013

Run by jean jacques at 02/04/2013 00:04:55

State : Version à jour.

High Elevated Privileges : OK

UAC : Deactivate by program

---\\ Web Browser

MSIE: Internet Explorer v8.0.6001.19088

MFIE: Mozilla Firefox 19.0.2 v19.0.2

GCIE: Google Chrome v26.0.1410.43 (Defaut)

---\\ Windows Product Information

~ Langage: Français

Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)

Windows Server License Manager Script : OK

~ Vista, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : 6CJ97

Windows License : OK

Windows Automatic Updates : OK

---\\ System Information

~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 2813 MB (66% free)

System Restore: Activé (Enable)

System drive C: has 359 GB (78%) free of 457 GB

---\\ Logged in mode

~ Computer Name: PC-DE-JEANJACQU

~ User Name: jean jacques

~ All Users Names: jean jacques, Administrateur,

~ Unselected Option: None

Logged in as Administrator

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\jean jacques\AppData\Roaming\

~ %Desktop% : C:\Users\jean jacques\Desktop\

~ %Favorites% : C:\Users\jean jacques\Favorites\

~ %LocalAppData% : C:\Users\jean jacques\AppData\Local\

~ %StartMenu% : C:\Users\jean jacques\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 359 Go of 457 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go)

E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

G:\ CD-ROM drive (Not Inserted)

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date

~ Security Center: Scanned in 00mn 00s

---\\ Recherche particulière de fichiers génériques

[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104]

[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]

[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480]

[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\Windows\System32\Winlogon.exe [314880]

[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]

[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:23:00.) -- C:\Windows\system32\Drivers\atapi.sys [21560]

[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]

[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 03:23:02.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]

[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]

[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 03:23:22.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]

[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]

[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]

[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]

[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 03:24:59.) -- C:\Windows\system32\Drivers\netBT.sys [184320]

[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]

[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]

[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]

[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]

[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 03:25:00.) -- C:\Windows\system32\Drivers\smb.sys [66560]

[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 03:24:53.) -- C:\Windows\system32\Drivers\tdx.sys [71680]

[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/01/2008 - 03:23:21.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]

~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 1/38

~ Mes musiques (My Musics) : 1/2

~ Mes Videos (My Videos) : 1/2

~ Mes Favoris (My Favorites) : 1/45

~ Mes Documents (My Documents) : 1/110

~ Mon Bureau (My Desktop) : 1/321

~ Menu demarrer (Programs) : 1/29

~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés

[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.2712]

[MD5.151B2D097C7182898387994CEA34890B] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [5369856] [PID.2892]

[MD5.D7EE83A9257D508656172A2B9DD3C317] - (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672] [PID.2936]

[MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2996]

[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3008]

[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896] [PID.3028]

[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3228]

[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [275768] [PID.3320]

[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3372]

[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3696]

[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3104]

[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1288]

[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3572]

[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.2504]

[MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] - (.Sun Microsystems, Inc. - Java Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [508336] [PID.5512]

[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.6020]

[MD5.32F68A4A3CEA6F7A3644E4DC00BFD7F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6340608] [PID.2392]

[MD5.88426F9A9BF0AD2358C3CC4FBB1B1C62] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.1.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.948]

[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1276]

[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1608]

[MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [PID.2552]

[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2660]

[MD5.A2B6583A5652A385DFF5E4F49AD48761] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056] [PID.2768]

[MD5.40B87FE8A1A9A5AC9E5A91D96F212BCD] - (...) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [PID.2912]

[MD5.283195C5301EADBCF56DEE637573ED12] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\bin32\nSvcAppFlt.exe [598016] [PID.3392]

[MD5.3C7BD1EC817D300A8826D49C406D5894] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\bin32\nSvcIp.exe [163840] [PID.3456]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Default\Preferences

G1 - GCS: Preference [user Data\Default] Qvo6.com

~ Google Browser: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\jean jacques\AppData\Roaming\Mozilla\Firefox\Profiles\581fpvej.default\prefs.js

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [jean jacques] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M0 - MFSP: prefs.js [jean jacques - 581fpvej.default] Google

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\Windows\system32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_37] - (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Windows\system32\npdeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - (.McAfee, Inc. - McAfee MSS+ NPAPI Plugin.) -- C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\jean jacques\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

~ Firefox Browser: Scanned in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Google

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1

~ IE Browser: Scanned in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

~ Keys: Scanned in 00mn 00s

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 20

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} Clé orpheline

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

~ BHO: 12 Legitimates Scanned in 00mn 00s

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: (no name) - [HKLM]{0BF43445-2F28-4351-9252-17FE6E806AA0} Clé orpheline

O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

~ Toolbar: Scanned in 00mn 00s

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe

O4 - HKLM\..\Run: [bkupTray] . (.Pas de propriétaire - NTI Backup Now 5 Tray Module.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll

O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll

O4 - HKLM\..\Run: [WarReg_PopUp] . (.Acer Incorporated - WR_PopUp.) -- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll

O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\jean jacques\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-1782021112-367470743-615835157-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

~ Application: Scanned in 00mn 00s

---\\ Autres liens utilisateurs (O4)

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com

O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe

O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com

O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com

O4 - GS\QuickLaunch: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com

O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com

O4 - GS\Desktop: Mes numérisations - Raccourci.lnk . (...) -- C:\Users\jean jacques\Documents\Mes numérisations

O4 - GS\Desktop: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

O4 - GS\Desktop: Microsoft Office.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

~ Global Startup: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)

~ Winsock: 6 Legitimates Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/s hoc k wave/cab s /director/s w.cab

~ Objets ActiveX: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{083F75C6-7301-438D-8BE1-A6EE798E5CD1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)

O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

~ SSODL: 1 Legitimates Scanned in 00mn 00s

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll

~ STS/SSO: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)

~ Services: 9 Legitimates Scanned in 00mn 05s

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg

O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg

~ Desktop Component: 1 Legitimates Scanned in 00mn 00s

---\\ BootExecute (O34)

~ BEX: 1 Legitimates Scanned in 00mn 00s

---\\ Tâches planifiées en automatique (O39)

[MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\jean jacques\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0]

[MD5.343E9EFB16136611B0322A1E94353C41] [APT] [Norton Security Scan for jean jacques] (.Symantec Corporation.) -- C:\Program Files\NORTON~2\Engine\351~1.8\Nss.exe [641464]

[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{D9E8DCEC-1FF7-47BF-B729-0D30D4785204}] (...) -- D:\Poker 770\_SetupCasino.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{F466122A-EC29-4560-9DAC-6D62F5639460}] (...) -- G:\livebox.exe (.not file.) [0]

~ Scheduled Task: 20 Legitimates Scanned in 00mn 02s

---\\ Composants installés (ActiveSetup Installed Components) (O40)

~ Active Setup: 13 Legitimates Scanned in 00mn 00s

---\\ Pilotes lancés au démarrage (O41)

~ Drivers: 86 Legitimates Scanned in 00mn 00s

---\\ Logiciels installés (O42)

O42 - Logiciel: AV Input Selection - (.YUAN.) [HKLM] -- {F429ED71-4A8B-457A-85E4-F6398CE73E58}

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems, Inc..) [HKLM] -- {922E8525-AC7E-4294-ACAA-43712D4423C0}

O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader 8.1.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A81300000003}

O42 - Logiciel: Java 6 Update 37 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216037FF}

O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan

O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast

~ Logic: 66 Legitimates Scanned in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Casino]

[HKCU\Software\Full Tilt Poker]

[HKCU\Software\Poker 770]

[HKLM\Software\Full Tilt Poker]

[HKLM\Software\Poker 770]

[HKLM\Software\SimDebug]

[HKLM\Software\V9]

[HKLM\Software\deskSvc]

[HKLM\Software\qvo6Software]

~ Key Software: 147 Legitimates Scanned in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 09/05/2008 - 03:33:45 - [31,007] ----D C:\Program Files\bin32

O43 - CFD: 26/01/2011 - 05:01:54 - [0,175] ----D C:\Program Files\Full Tilt Poker

O43 - CFD: 09/05/2008 - 03:33:37 - [0] ----D C:\Program Files\log

O43 - CFD: 02/03/2013 - 21:22:27 - [11,498] ----D C:\Program Files\McAfee Security Scan

O43 - CFD: 01/04/2013 - 20:44:44 - [0] ----D C:\Program Files\PDFReader

O43 - CFD: 09/05/2008 - 03:33:44 - [0,061] ----D C:\Program Files\profile

O43 - CFD: 11/10/2006 - 00:34:57 - [1,884] ----D C:\Program Files\YUAN

O43 - CFD: 01/04/2013 - 20:50:14 - [28,816] ----D C:\Program Files\Common Files\337

O43 - CFD: 08/05/2012 - 18:43:20 - [0,003] ----D C:\Program Files\Common Files\Java(7)

O43 - CFD: 05/03/2013 - 20:04:17 - [0,003] ----D C:\Program Files\Common Files\Java(

O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\ProgramData\eMule

O43 - CFD: 28/03/2013 - 04:12:48 - [0,001] ----D C:\ProgramData\McAfee Security Scan

O43 - CFD: 01/04/2013 - 20:38:19 - [0,000] ----D C:\Users\jean jacques\AppData\Roaming\DSite

O43 - CFD: 12/03/2010 - 18:34:17 - [0] ----D C:\Users\jean jacques\AppData\Local\eMule

O43 - CFD: 18/03/2010 - 19:21:48 - [0,013] ----D C:\Users\jean jacques\AppData\Local\FullTiltPoker

~ Program Folder: 160 Legitimates Scanned in 00mn 01s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.36C490CCC75DB8FBF643516F38C40D92] - 01/04/2013 - 22:59:26 ---A- . (...) -- C:\AdwCleaner[s3].txt [388]

O44 - LFC:[MD5.FF4EE77016D263CCBFF0F0AC2BCB70EF] - 01/04/2013 - 22:59:18 ---A- . (...) -- C:\AdwCleaner[R2].txt [1180]

O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 01/04/2013 - 22:49:32 ---A- . (...) -- C:\Windows\System32\agent.log [147]

O44 - LFC:[MD5.9EDA7F415FCBE742A0850985D58FF9B8] - 01/04/2013 - 22:40:44 ---A- . (...) -- C:\AdwCleaner[s2].txt [1316]

O44 - LFC:[MD5.EB1D986612EE9FB6A57F207B349EE15A] - 31/03/2013 - 17:36:18 ---A- . (...) -- C:\Windows\hpoins46.dat [217545]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:32:54 ---A- . (...) -- C:\Creator.log [90]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:43 ---A- . (...) -- C:\PnR.log [90]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:40 ---A- . (...) -- C:\CLMS.log [90]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:14 ---A- . (...) -- C:\SDMA.log [90]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:50 ---A- . (...) -- C:\MDR.log [90]

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:20 ---A- . (...) -- C:\MDisc.log [90]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/03/2013 - 19:17:28 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0]

O44 - LFC:[MD5.9E9586057ABEA3157B49D44AA6450CCD] - 11/06/2009 - 04:02:28 ----- . (...) -- C:\Windows\hpomdl46.dat.temp [606]

~ Files: 39 Legitimates Scanned in 00mn 01s

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.1214CECC1C2F3F23C4DCECC33329756E] - 01/04/2013 - 20:39:35 ---A- - C:\Windows\Prefetch\HPQDIREC.EXE-6B6EA665.pf

O45 - LFCP:[MD5.F0A65C2576668FE999B8CB61DF417F95] - 01/04/2013 - 21:58:24 ---A- - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf

O45 - LFCP:[MD5.26371395751832F3D1C966AE049AD5E9] - 01/04/2013 - 21:58:25 ---A- - C:\Windows\Prefetch\HPQBAM08.EXE-5B656772.pf

O45 - LFCP:[MD5.8CDB2DB299102047FACACBD9969BFED6] - 01/04/2013 - 21:58:26 ---A- - C:\Windows\Prefetch\HPQGPC01.EXE-92C87699.pf

O45 - LFCP:[MD5.2F9CFE8C44F4D6619CB5BCD5C43DC4EF] - 01/04/2013 - 22:26:58 ---A- - C:\Windows\Prefetch\EHMSAS.EXE-2D3B2F21.pf

O45 - LFCP:[MD5.7407782011A1D1B66B78180374425CBF] - 08/03/2013 - 17:03:16 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-28D2775E.pf

O45 - LFCP:[MD5.E5B15C14637B795557DEC1C3EE44440D] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-F43399FA.pf

O45 - LFCP:[MD5.C0318E59AC3175849EE8C327F7F98D80] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-BF15185E.pf

O45 - LFCP:[MD5.7E1121623AC070D9DD174BCFAD012AF3] - 08/03/2013 - 17:03:17 ---A- - C:\Windows\Prefetch\NSAFE.TMP-F24C7805.pf

O45 - LFCP:[MD5.BD7C77A8159DCD7960B95ECD47C7F6A6] - 12/03/2013 - 07:15:15 ---A- - C:\Windows\Prefetch\HPQTRA08.EXE-B5C3CA4D.pf

O45 - LFCP:[MD5.7BB7A7386FC6216662A98A7AE7065085] - 12/03/2013 - 19:34:31 ---A- - C:\Windows\Prefetch\NSS.EXE-CF6B0ED9.pf

O45 - LFCP:[MD5.09C349B92E2A56979059550C49D39C56] - 13/03/2013 - 10:51:39 ---A- - C:\Windows\Prefetch\FLASHPLAYERINSTALLER.EXE-7A827B6D.pf

O45 - LFCP:[MD5.9072188FC14B05021DF598DF2F79B893] - 20/03/2013 - 02:36:52 ---A- - C:\Windows\Prefetch\AGENTSVC.EXE-EDF9C0DC.pf

O45 - LFCP:[MD5.0F36FD0C1F34D1395D7E4F8080B92E47] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\BKUPTRAY.EXE-5F69D960.pf

O45 - LFCP:[MD5.212F6495ACFBD0319815B0CB5E8F6847] - 28/03/2013 - 07:47:58 ---A- - C:\Windows\Prefetch\SCHEDULERSVC.EXE-F3CF4F15.pf

O45 - LFCP:[MD5.4548989FB81AC4D724058030AC519265] - 29/03/2013 - 18:08:38 ---A- - C:\Windows\Prefetch\NSS.EXE-08DE1F60.pf

O45 - LFCP:[MD5.4D5BEA817AD34DFFEE734AE285A6BA25] - 30/03/2013 - 20:22:11 ---A- - C:\Windows\Prefetch\MCUICNT.EXE-9B22BF7E.pf

O45 - LFCP:[MD5.D1F29E5D9723F378B4DAC5B572E0AE67] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQPPROP.EXE-54B2B73F.pf

O45 - LFCP:[MD5.B59FEBEF30529AFCD69AEF021165DA33] - 31/03/2013 - 17:35:52 ---A- - C:\Windows\Prefetch\HPQTBX01.EXE-5B14679D.pf

O45 - LFCP:[MD5.99344DA37007326A75F14223BDB60BBF] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSHL01.EXE-CDB7A7A8.pf

O45 - LFCP:[MD5.03C0754DB7D3E5E6038ADEDF19CB4800] - 31/03/2013 - 17:36:19 ---A- - C:\Windows\Prefetch\HPZSTUB.EXE-7C5D0C95.pf

O45 - LFCP:[MD5.E5E1B4EB3CC40F0516F600790331DA04] - 31/03/2013 - 17:36:29 ---A- - C:\Windows\Prefetch\HPZHSG01.EXE-4048C477.pf

O45 - LFCP:[MD5.01717D9A013F67AEFC427FE5140D8DA2] - 31/03/2013 - 17:37:45 ---A- - C:\Windows\Prefetch\SETUP_GUIDE.EXE-72E9BBFD.pf

O45 - LFCP:[MD5.9AC646BE1E889BED5F7C2EB39DA31072] - 31/03/2013 - 17:39:08 ---A- - C:\Windows\Prefetch\HPZDUI01.EXE-91EC6427.pf

~ Prefetcher: 140 Legitimates Scanned in 00mn 00s

---\\ Déni du service (Local Security Authority) (O48)

~ LSA: 7 Legitimates Scanned in 00mn 00s

---\\ Contrôle du Safe Boot (CSB) (O49)

~ CBS: 13 Legitimates Scanned in 00mn 00s

---\\ Trojan Driver Search Data (HKLM) (O52)

~ TDSD: 3 Legitimates Scanned in 00mn 00s

---\\ Microsoft Control Security Providers (O54)

~ MSCP: 2 Legitimates Scanned in 00mn 00s

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

~ MWPS: 18 Legitimates Scanned in 00mn 00s

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]

~ Drivers: Scanned in 00mn 00s

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 01/04/2013 - 17:25:24 ---A- C:\Users\jean jacques\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.43\26.0.1410.43_25.0.1364.172_chrome_updater.exe [11304288]

O61 - LFC: 01/04/2013 - 17:25:44 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\setup.exe [1642448]

O61 - LFC: 01/04/2013 - 17:26:00 R--A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\chrome.7z [122395900]

O61 - LFC: 01/04/2013 - 17:26:12 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\VisualElementsManifest.xml [396]

O61 - LFC: 01/04/2013 - 18:18:54 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]

O61 - LFC: 01/04/2013 - 18:54:49 ---A- C:\Users\jean jacques\Downloads\PDFCreator-1_6_2_setup.exe [17464864]

O61 - LFC: 01/04/2013 - 19:09:44 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\4202808359 [14552]

O61 - LFC: 01/04/2013 - 19:13:50 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505]

O61 - LFC: 01/04/2013 - 19:13:51 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337]

O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\OptimizationSettings\QualitySettings.xml [2128]

O61 - LFC: 01/04/2013 - 19:20:57 ---A- C:\Users\jean jacques\AppData\Roaming\PDF Architect\Thumbnails\817012237 [14385]

O61 - LFC: 01/04/2013 - 19:26:26 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar\broker_metrics.xml [2743]

O61 - LFC: 01/04/2013 - 19:37:04 ---A- C:\Users\jean jacques\Downloads\PDFReaderSetup.exe [653584]

O61 - LFC: 01/04/2013 - 19:38:19 ---A- C:\Users\jean jacques\AppData\Roaming\DSite\UpdateProc\prod.dat [31]

O61 - LFC: 01/04/2013 - 19:48:45 ---A- C:\Users\jean jacques\Downloads\sun-pdf-import-extension-windows-downloader.exe [145866]

O61 - LFC: 01/04/2013 - 19:49:25 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eGdpSvc.exe [969280]

O61 - LFC: 01/04/2013 - 19:49:32 ---A- C:\Users\jean jacques\AppData\Roaming\eIntaller\76248D3029DD418f99F9271226FAAEF2\eXQ.exe [691256]

O61 - LFC: 01/04/2013 - 19:55:31 ---A- C:\Users\jean jacques\Downloads\pdf24-creator-5.4.0.exe [15898712]

O61 - LFC: 01/04/2013 - 20:16:08 ---A- C:\Users\jean jacques\Downloads\nitro_pdf_pro_32_dlm.exe [1451400]

O61 - LFC: 01/04/2013 - 20:17:48 ---A- C:\Users\jean jacques\AppData\Roaming\Downloaded Installations\{F4022F19-96A2-4B2D-B5AA-DAA72206C318}\{A098E759-960F-4279-952A-B7995278D5FF}.msi [171335680]

O61 - LFC: 01/04/2013 - 20:19:47 ---A- C:\Users\jean jacques\AppData\Roaming\FileOpen\Fowpmadi.txt [60]

O61 - LFC: 01/04/2013 - 20:38:43 ---A- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126]

O61 - LFC: 01/04/2013 - 20:39:35 ---A- C:\Users\jean jacques\AppData\Roaming\HP\ScLogs\SolutionCenter.htm [51560]

O61 - LFC: 01/04/2013 - 20:41:17 ---A- C:\Users\jean jacques\AppData\Roaming\Microsoft\OIS\Toolbars.dat [666]

O61 - LFC: 01/04/2013 - 21:07:21 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\Local State [25867]

O61 - LFC: 01/04/2013 - 21:07:22 ---A- C:\Users\jean jacques\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]

~ 39 Fichiers temporaires (Temporary files)

~ Files: 128 Legitimates Scanned in 00mn 02s

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

---\\ Liste des services Legacy (O64)

~ Legacy: 77 Legitimates Scanned in 00mn 00s

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

~ Keys: Scanned in 00mn 00s

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe" Qvo6.com

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com

~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - Bing

~ Keys: Scanned in 00mn 00s

---\\ Recherche des services démarrés par Svchost (O83)

~ Services: 31 Legitimates Scanned in 00mn 00s

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.3DA292CF3335CCBCD6E077FE7BEC8E85] [sPRF][26/02/2013] (...) -- C:\Users\jean jacques\AppData\Local\d3d9caps.dat [1356]

[MD5.399027C21521470E0C51A3D1B53C517E] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\HomePageQvo6.exe [235299]

[MD5.CB0107FDE27B05772F79977D05DEFA6E] [sPRF][25/03/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\mlv_ar_qvo6.exe [93776]

[MD5.0D66DD89DED055BED52F0137C863ED9B] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Local\Temp\NitroSysFonts01.dat [322939]

[MD5.2A436F48A34FD5115745782830FE94CA] [sPRF][01/04/2013] (.Nitro PDF Software - Installation and setup files for Nitro PDF Professional (fr-FR).) -- C:\Users\jean jacques\AppData\Local\Temp\nitro_pro8.exe [45635128]

[MD5.36179B382A989075FF5FA282434F6892] [sPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe [394736]

[MD5.FA015A8FE1D5717B950BD5067C202CCD] [sPRF][15/05/2009] (...) -- C:\Users\jean jacques\AppData\LocalLow\prvlcl.dat [188496]

[MD5.938CB5882EB4873608BDE711AA28BCFF] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\AppData\Roaming\wklnhst.dat [126]

[MD5.EC4961D7E0F6ACEF4E8446E062048D88] [sPRF][01/04/2013] (...) -- C:\Users\jean jacques\Desktop\adwcleaner.exe [609993]

[MD5.848AC3CDFC084212914E873629FC974F] [sPRF][01/04/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\jean jacques\Desktop\JRT.exe [550772]

~ Files: Scanned in 00mn 04s

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{5CAB4D76-BB08-4DF5-AE39-60EBC8819404}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)

O87 - FAEL: "UDP Query User{19066067-107E-4158-A8FD-1E8C394B335B}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)

O87 - FAEL: "{77AE73EB-8112-46AF-80D7-88515F995292}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

O87 - FAEL: "{A1FE1C5D-2C20-4E9C-B7B1-7F07976CFF05}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)

~ Firewall: 196 Legitimates Scanned in 00mn 01s

---\\ Scan Additionnel (O88)

Database Version : v2.11360 - (01/04/2013)

Clés trouvées (Keys found) : 9

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 1

Fichiers trouvés (Files found) : 2

[HKCU\Software\poker 770] =>Adware.Casino

[HKLM\Software\poker 770] =>Adware.Casino

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find

[HKLM\Software\qvo6Software] =>Hijacker.Qvo6

C:\Program Files\Common Files\337 =>Hijacker.22find

C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon

~ Additionnel: Scanned in 00mn 15s

---\\ Product Upgrade Codes (O90)

O90 - PUC: "17DE924FB8A4A754584E6F93C87EE385" . (.AV Input Selection.) -- C:\Windows\Installer\{F429ED71-4A8B-457A-85E4-F6398CE73E58}\ARPPRODUCTICON.exe

~ Update Products: 76 Legitimates Scanned in 00mn 00s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

SR - | Auto 03/03/2008 16384 | (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

SR - | Auto 598016 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\bin32\nSvcAppFlt.exe

SS - | Auto 15/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 15/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 17/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe

SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 163840 | (nSvcIp) . (...) - C:\Program Files\bin32\nSvcIp.exe

SR - | Auto 25/04/2008 45056 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

SR - | Auto 131072 | (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

SR - | Auto 22/04/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe

SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 00s

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by jean jacques at 02/04/2013 00:06:14

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce SATA Driver

1 ntkrnlpa!IofCallDriver[0x820F3FEF] => \Device\Harddisk0\DR0[0x85E7DAC8]

kernel: MBR read successfully

user & kernel MBR OK

~ MBR: 14 Legitimates Scanned in 00mn 02s

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.gee k s tog

Run by jean jacques at 02/04/2013 00:06:16

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

End of the scan (679 lines in 01mn 21s)(0)

Merci d'avance pour votre aide car je ne connais pas les effets de ce virus.

Modifié le 29 avril 2013 par lennon

pear · le 2 avril 2013

Bonjour,

Vous devez trouver sur le bureau ou ,sinon, dans le dossier où vous avez installé Zhpdiag ces 3 icônes .

Cliquer sur l'icône Zhpfix

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

pour cela;

Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas

Ctrl+c mettre le tout en mémoire

Ctrl+v pour inscrire le texte dans le Document ou, mieux, en cliquant le bouton Coller le presse papier au milieu,en haut, à gauche[1]

G1 - GCS: Preference [user Data\Default] Qvo6.com => Infection BT (Hijacker.Qvo6)*

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] => Infection PUP (Hijacker.22find)*

[HKCU\Software\Poker 770] => Infection BT (Adware.Casino)

[HKLM\Software\Poker 770] => Infection BT (Adware.Casino)

[HKLM\Software\V9] => Infection PUP (PUP.V9Software)

[HKLM\Software\deskSvc] => Infection PUP (Hijacker.22Find)

[HKLM\Software\qvo6Software] => Infection PUP (Hijacker.Qvo6)

O43 - CFD: 09/05/2008 - 03:33:37 - [0] ----D C:\Program Files\log => Infection Diverse (Worm.Silly)

O43 - CFD: 01/04/2013 - 20:50:14 - [28,816] ----D C:\Program Files\Common Files\337 => Infection PUP (Hijacker.22Find)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Mozilla Firefox\firefox.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Users\jean jacques\AppData\Local\Google\Chrome\Application\chrome.exe" Qvo6.com => Infection BT (Hijacker.Qvo6)*

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe Qvo6.com => Infection BT (Hijacker.Qvo6)*

[MD5.36179B382A989075FF5FA282434F6892] [sPRF][21/03/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe [394736] => Infection PUP (Toolbar.Babylon)*

O87 - FAEL: "{77AE73EB-8112-46AF-80D7-88515F995292}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*

O87 - FAEL: "{A1FE1C5D-2C20-4E9C-B7B1-7F07976CFF05}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*

[HKCU\Software\poker 770] => Infection BT (Adware.Casino)

[HKLM\Software\poker 770] => Infection BT (Adware.Casino)

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] => Infection PUP (PUP.SweetIM)

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] => Infection PUP (Hijacker.22Find)

C:\Program Files\Common Files\337 => Infection PUP (Hijacker.22Find)

C:\Users\jean jacques\AppData\Local\Temp\uninst1.exe => Infection BT (Toolbar.Babylon)

[MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\jean jacques\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] => Empty File not necessary

[MD5.00000000000000000000000000000000] [APT] [{D9E8DCEC-1FF7-47BF-B729-0D30D4785204}] (...) -- D:\Poker 770\_SetupCasino.exe (.not file.) [0] => Empty File not necessary

[MD5.00000000000000000000000000000000] [APT] [{F466122A-EC29-4560-9DAC-6D62F5639460}] (...) -- G:\livebox.exe (.not file.) [0] => Empty File not necessary

[HKCU\Software\Casino] => OnlineGames.Casino

[HKCU\Software\Full Tilt Poker] => Online. PokerGame

[HKLM\Software\Full Tilt Poker] => Online. PokerGame

O43 - CFD: 26/01/2011 - 05:01:54 - [0,175] ----D C:\Program Files\Full Tilt Poker => Online. PokerGame

O43 - CFD: 02/03/2013 - 21:22:27 - [11,498] ----D C:\Program Files\McAfee Security Scan => McAfee, Inc.

O43 - CFD: 28/03/2013 - 04:12:48 - [0,001] ----D C:\ProgramData\McAfee Security Scan => McAfee, Inc.

O43 - CFD: 18/03/2010 - 19:21:48 - [0,013] ----D C:\Users\jean jacques\AppData\Local\FullTiltPoker => FullTiltPoker

O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 01/04/2013 - 22:49:32 ---A- . (...) -- C:\Windows\System32\agent.log [147] => Fichiers de rapport (Log)

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:32:54 ---A- . (...) -- C:\Creator.log [90] => Fichier de rapport

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:43 ---A- . (...) -- C:\PnR.log [90] => Fichier de rapport

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:40 ---A- . (...) -- C:\CLMS.log [90] => Fichier de rapport

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:31:14 ---A- . (...) -- C:\SDMA.log [90] => Fichier de rapport

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:50 ---A- . (...) -- C:\MDR.log [90] => Fichier de rapport

O44 - LFC:[MD5.73B0CE289F75A103DFA3F5CDC9513970] - 05/03/2013 - 19:30:20 ---A- . (...) -- C:\MDisc.log [90] => Fichier de rapport

O61 - LFC: 01/04/2013 - 19:13:50 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_languages.json.content [1505] => Toolbar.Google

O61 - LFC: 01/04/2013 - 19:13:51 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar Cache\7.4.3607.2246\fr\translate_element.js.content [2337] => Toolbar.Google

O61 - LFC: 01/04/2013 - 19:26:26 ---A- C:\Users\jean jacques\AppData\Local\Google\Toolbar\broker_metrics.xml [2743] => Toolbar.Google

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing => Toolbar.Bing

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] => Toolbar.PDFArchitect

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] => Toolbar.PDFArchitect

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Toolbar.Bing

[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Toolbar.Bing

EmptyFlash

EmptyTemp

EmptyClsid

FirewallRaz

Proxyfix

SysRestore

Cliquer sur "Go" |2]

Si vous ne voyez pas le boutonGo, cliquez sur le bouton du milieu, en haut, à gauche.[1]

Redémarrer pour achever le nettoyage.

Copier-coller,dans la réponse, le contenu du rapport ZHPFixReport.txt qui s'affiche .

Si besoin; il est enregistré sous C:\ZHP\ZHPFixReport.txt

lennon · le 29 avril 2013

Bonjour.

Désolé pour ce trop grand laps de temps entre votre réponse et maintenant mais PC HS .

Sinon, j'ai bien fait votre manip mais lorsque j'ouvre mozilla, je retombe à nouveau sur la page d'accueil qv06.

Que faire ?

Merci d'avance.

pear · le 29 avril 2013

lorsque j'ouvre mozilla, je retombe à nouveau sur la page d'accueil qv06.

Réinitialiser Firefox à sa configuration par défaut

En haut de la fenêtre de Firefox cliquez sur le menu ? en haut de la fenêtre de Firefox

sélectionnezInformations de dépannage

dans le coin supérieur droit de la page

Cliquez sur Réinitialiser Firefox

dans la fenêtre de confirmation qui s'ouvre.

cliquez sur Réinitialiser Firefox

Firefox se fermera et sera réinitialisé.

Quand c'est fait, une fenêtre listera les informations qui ont été importées.

Cliquez sur Terminer, Firefox s'ouvrira alors.

lennon · le 29 avril 2013

Opération effectuée et PC redemmaré mais malheureusement, ça continue.

Veux tu que je recommence dès le début toutes les opérations ?

pear · le 29 avril 2013

On va chercher où il se cache !

Télécharger SEAF de C_XX

Double-cliquer sur le fichier SEAF.exe

Suivre les instructions à cocher sur cette fenêtre:

Occurences à rechercher, séparées par une virgules ->

Taper

QV06

Cocher"Chercher également dans le régistre"

Calculer le cheksum:Md5 .

Cocher Informations supplémentaires

Après la recherche un rapport s'affiche à l'écran .

Il est aussi sauvegardé là:C:\SEAFlog.txt

Comment poster les rapports lourds

Copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution à privilégier pour un rapport lourd

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Cliquer sur Ouvrir

Cliquer sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

lennon · le 29 avril 2013

c'est fait voici le rapport:

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 19:19:01 le 29/04/2013

4.

5. Valeur(s) recherchée(s):

6. QV06

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Calcul du Hash "MD5"

11. (!) --- Informations supplémentaires

12. (!) --- Recherche registre

13.

14. ====== Fichier(s) ======

15.

16. Aucun fichier trouvé

17.

18.

19. ====== Entrée(s) du registre ======

20.

21. Aucun élément dans le registre trouvé

22.

23. =========================

24.

25. Fin à: 19:22:17 le 29/04/2013

26. 370241 Éléments analysés

27.

28. =========================

29. E.O.F

pear · le 29 avril 2013

Etonnant !

Je suis surpris de sa présence car le script Zhpfix était censé le supprimer.

Voulez vous bien recommencer Seaf avec cet orthographe: Qvo6

Désactivez votre antivirus.