Besoin d'aide : Trojan ZeroAccess

[Jibs]

Bonsoir !

 

Cela fait plus de 24h que je me bat contre ce satané trojan. Il s'agit de Win32/sirefef.AB et Win32/sirefef.P. J'ai fait de multiples scan/reboot avec Rogue Killer dont voici le dernier rapport :

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : Forum

Site Web : Télécharger RogueKiller (Site Officiel)

Blog : tigzy-RK

 

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Demarrage : Mode normal

Utilisateur : LAURENCE [Droits d'admin]

Mode : Suppression -- Date : 07/17/2013 18:27:13

| ARK || FAK || MBR |

 

¤¤¤ Processus malicieux : 0 ¤¤¤

 

¤¤¤ Entrees de registre : 0 ¤¤¤

 

¤¤¤ Tâches planifiées : 0 ¤¤¤

 

¤¤¤ Entrées Startup : 0 ¤¤¤

 

¤¤¤ Navigateurs web : 0 ¤¤¤

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT

[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT

 

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

 

¤¤¤ Ruches Externes: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ Fichier HOSTS: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Verif: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++

--- User ---

[MBR] 10190ad40b44bab49cc3f5458909bdf8

[bSP] 797752d2246d199be9f784e2c1c32309 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 463838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: WDC WD5000BEVT-22A0RT0 +++++

--- User ---

[MBR] fe600eba04aadb4a515551c28e994c28

[bSP] f33e704ec38d5c6804bdf9ba48908d96 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1966 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Termine : << RKreport[0]_D_07172013_182713.txt >>

RKreport[0]_D_07162013_234750.txt;RKreport[0]_D_07162013_235843.txt;RKreport[0]_D_07172013_000821.txt

RKreport[0]_D_07172013_122716.txt;RKreport[0]_D_07172013_135922.txt;RKreport[0]_D_07172013_141603.txt

RKreport[0]_D_07172013_143423.txt;RKreport[0]_D_07172013_144223.txt;RKreport[0]_D_07172013_145232.txt

RKreport[0]_D_07172013_145701.txt;RKreport[0]_D_07172013_150157.txt;RKreport[0]_D_07172013_174035.txt

RKreport[0]_D_07172013_181300.txt;RKreport[0]_S_07162013_234725.txt;RKreport[0]_S_07162013_235717.txt

RKreport[0]_S_07172013_000811.txt;RKreport[0]_S_07172013_122534.txt;RKreport[0]_S_07172013_135343.txt

RKreport[0]_S_07172013_135833.txt;RKreport[0]_S_07172013_141355.txt;RKreport[0]_S_07172013_143254.txt

RKreport[0]_S_07172013_144211.txt;RKreport[0]_S_07172013_145013.txt;RKreport[0]_S_07172013_145642.txt

RKreport[0]_S_07172013_150140.txt;RKreport[0]_S_07172013_174025.txt;RKreport[0]_S_07172013_181250.txt

RKreport[0]_S_07172013_182704.txt

 

Voici également le rapport de ZHPDiag :

 

Rapport de ZHPDiag v2013.7.16.29 par Nicolas Coolman, Update du 17/07/2013

Run by LAURENCE at 18/07/2013 01:59:59

WebSite: Home - Malicius Software Information

State : Problème connexion internet

WhiteList : Enable

High Elevated Privileges : OK

UAC : Deactivate by program

 

 

---\\ Web Browser

MSIE: Internet Explorer v10.0.9200.16635

GCIE: Google Chrome v28.0.1500.72 (Defaut)

 

---\\ Windows Product Information

~ Langage: Français

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Protection

McAfee Internet Security Suite v11.6.511

McAfee Security Scan Plus v3.0.318.3

Windows Defender W7

 

---\\ System Optimizer

CCleaner v3.22 =>Piriform Ltd

 

---\\ Peer To Peer (P2P)

eMule

 

---\\ Software Update

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 MUI

 

---\\ System Information

~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Sans échec (Fail-safe boot)

Total RAM: 4090 MB (77% free)

System Restore: Activé (Enable)

System drive C: has 134 GB (29%) free of 453 GB

 

---\\ Logged in mode

~ Computer Name: LAURENCE-PC

~ User Name: LAURENCE

~ All Users Names: LAURENCE, HomeGroupUser$, Administrateur,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\LAURENCE\AppData\Roaming\

~ %Desktop% : C:\Users\LAURENCE\Desktop\

~ %Favorites% : C:\Users\LAURENCE\Favorites\

~ %LocalAppData% : C:\Users\LAURENCE\AppData\Local\

~ %StartMenu% : C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 134 Go of 453 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ CD-ROM drive (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 29 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/2587

~ Mes musiques (My Musics) : 3/1323

~ Mes Videos (My Videos) : 2/264

~ Mes Favoris (My Favorites) : 1/30

~ Mes Documents (My Documents) : 1/6484

~ Mon Bureau (My Desktop) : 1/3909

~ Menu demarrer (Programs) : 1/67

~ Hidden Files: Scanned in 00mn 29s

 

 

 

---\\ Processus lancés

[MD5.9F419AD2EBFF9044CA845484CFBEAC48] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7719936] [PID.1300]

[MD5.CB037F03178E31BA2985ADD15879CA56] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [846288] [PID.1356]

~ Processes Running: Scanned in 00mn 00s

 

 

 

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)

C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Default\Preferences

G0 - GCSP: Preference [user Data\Default][HomePage] http://mystart.incredibar.com =>Adware.IncrediBar

G2 - GCE: Preference [user Data\Default] [jaomfkhlibpgkpmjjkfjpfjhebhbgcah] Panel+ v.5.3.5 (Désactivé)

G2 - GCE: Preference [user Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG SafeGuard toolbar v.15.3.0.11 (Désactivé)

~ Google Browser: 16 Legitimates Filtered in 00mn 14s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

M3 - MFPP: Plugins - [LAURENCE] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon

P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll

P2 - FPN: [HKCU] [@IpsosPanelPlus@ipsosinteractive.com] - (.IDM - Ipsos communication pipe plugin.) -- C:\Users\LAURENCE\AppData\Local\Panel+\toolbar_ff\plugins\npIpsosCommPlugin.dll

~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: McAfee Phishing Filter [64Bits] - {27B4851A-3207-45A2-B947-BE8AFE6163AB} . (...) -- C:\Program Files\mcafee\msk\mskapbho.dll

O2 - BHO: IB Updater Helper [64Bits] - {336D0C35-8A85-403a-B9D2-65C292C39087} . (...) -- C:\Program Files\IB Updater\Extension32.dll =>Adware.InstallBrain

O2 - BHO: AVG SafeGuard toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch

~ BHO: 11 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: McAfee SiteAdvisor Toolbar [64Bits] - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

~ Toolbar: Scanned in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

O4 - HKLM\..\Run: [iAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd

O4 - HKCU\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe

O4 - HKLM\..\Wow6432Node\Run: [Tutorials] Clé orpheline =>Spyware.AgenceExcusive

O4 - HKLM\..\Wow6432Node\Run: [backupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

O4 - HKLM\..\Wow6432Node\Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-21-3153984944-1611638011-4197923085-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd

O4 - HKUS\S-1-5-21-3153984944-1611638011-4197923085-1000\..\Run: [superCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd

O4 - GS\TaskBar: DAEMON Tools Lite.lnk . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

O4 - GS\TaskBar: Gestionnaire des tâches de Windows.lnk . (.Microsoft Corporation - Gestionnaire des tâches de Windows.) -- C:\Windows\System32\taskmgr.exe

O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\TaskBar: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe

O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe

O4 - GS\Programs: GeneaSoft par GeneaNet.lnk . (.GeneaNet - GeneaSoft par GeneaNet.) -- C:\Program Files (x86)\GeneaSoft par GeneaNet\GeneaSoft par GeneaNet.exe

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENCE\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent

O4 - GS\QuickLaunch: Free PDF to Word Converter.lnk . (.Free-PDF-to-Word.com - Free PDF to Word Converter.) -- C:\Program Files (x86)\Free PDF to Word Converter\PDF2Word.exe

O4 - GS\QuickLaunch: GeneaSoft par GeneaNet.lnk . (.GeneaNet - GeneaSoft par GeneaNet.) -- C:\Program Files (x86)\GeneaSoft par GeneaNet\GeneaSoft par GeneaNet.exe

O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe

O4 - GS\QuickLaunch: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe

O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe

O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O4 - GS\SendTo: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe

O4 - GS\Desktop: adsl TV.lnk . (.adsl TV / FM - adsl TV.) -- C:\Program Files (x86)\adslTV\adsltv.exe

O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

O4 - GS\Desktop: wordgen.lnk . (...) -- C:\Program Files (x86)\WinWordGen\winwordgen.exe

O4 - Global Startup: C:\Users\LAURENCE\Desktop\Worms Reloaded.url . (...) -- C:\Users\LAURENCE\Desktop\Worms Reloaded.url

O4 - GS\Desktop: XnView.lnk . (.XnView, XnView Software · Software for reading, organizing and processing images - XnView for Windows.) -- C:\Program Files (x86)\XnView\xnview.exe

~ Global Startup: Scanned in 00mn 01s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll

~ Winsock: 6 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CCS\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS1\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS1\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS2\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CS2\Services\Tcpip\..\{5421C6A3-2C7C-4408-AF0A-FC02DC8011BE}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CS2\Services\Tcpip\..\{692FB498-14D1-4766-9829-D647694E6DC5}: DhcpDomain = bouyguesbox.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --

O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: McAfee Application Installer Cleanup (02 (0252641374103052mcinstcleanup) . (...) - C:\Windows\TEMP\025264~1.exe (.not file.)

O23 - Service: IB Updater Updater (IB Updater Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe =>Adware.InstallBrain

O23 - Service: (vToolbarUpdater15.3.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch

~ Services: 23 Legitimates Filtered in 00mn 03s

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OfferBoxUpdate.job [266] =>PUP.OfferBox

~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Black & White® 2 - (.Lionhead Studios.) [HKLM][64Bits] -- {D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}

O42 - Logiciel: Endless Space - (...) [HKLM][64Bits] -- Endless Space_is1

O42 - Logiciel: IB Updater 2.0.0.575 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1 =>Adware.InstallBrain

O42 - Logiciel: IB Updater Service - (...) [HKLM][64Bits] -- WNLT =>Adware.IncrediBar

O42 - Logiciel: Panel+ - (.Ipsos.) [HKLM][64Bits] -- {71021155-C92D-4EFA-809B-B6F6C3957A8E}

O42 - Logiciel: WinWordGen 1.0 - (...) [HKLM][64Bits] -- WinWordGen 1.0

~ Logic: 120 Legitimates Filtered in 00mn 00s

 

 

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\APN PIP]

[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong

[HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor

[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar

[HKCU\Software\Complitly] =>Adware.PredictAd

[HKCU\Software\IM]

[HKCU\Software\ImInstaller]

[HKCU\Software\IncrediMail]

[HKCU\Software\InstallCore] =>Adware.InstallCore

[HKCU\Software\Ipsos]

[HKCU\Software\Krillbite Studio]

[HKCU\Software\OfferBox] =>PUP.OfferBox

[HKCU\Software\Russobit-M]

[HKCU\Software\Softonic] =>Toolbar.Conduit

[HKCU\Software\SweetIM] =>PUP.SweetIM

[HKCU\Software\TutoTag] =>Spyware.AgenceExcusive

[HKCU\Software\Tutorials] =>Spyware.AgenceExcusive

[HKCU\Software\WNLT] =>Adware.IncrediBar

[HKLM\Software\IB Updater] =>Adware.InstallBrain

[HKLM\Software\Tarma Installer] =>Toolbar.Tarma

[HKLM\Software\WNLT] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\IB Updater] =>Adware.InstallBrain

[HKLM\Software\Wow6432Node\IncrediMail]

[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox

[HKLM\Software\Wow6432Node\PIP]

[HKLM\Software\Wow6432Node\Paradox]

[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM

~ Key Software: 287 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 09/12/2012 - 19:57:58 - [1,137] ----D C:\Program Files (x86)\Boxore =>Adware.Boxore

O43 - CFD: 09/06/2013 - 03:40:58 - [60,318] ----D C:\Program Files (x86)\Defcon

O43 - CFD: 09/06/2013 - 19:08:39 - [-1878,353] ----D C:\Program Files (x86)\Iceberg Interactive

O43 - CFD: 04/04/2013 - 14:30:39 - [160,282] ----D C:\Program Files (x86)\PST

O43 - CFD: 03/03/2012 - 12:57:29 - [0] ----D C:\Program Files (x86)\SweetIM =>PUP.SweetIM

O43 - CFD: 11/04/2013 - 14:33:25 - [2,457] ----D C:\Program Files (x86)\WinWordGen

O43 - CFD: 25/02/2012 - 17:28:16 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon

O43 - CFD: 05/05/2011 - 20:20:52 - [0,001] ----D C:\ProgramData\Partner

O43 - CFD: 04/04/2013 - 14:30:38 - [0,002] ----D C:\ProgramData\Pst

O43 - CFD: 20/04/2013 - 01:29:19 - [1,198] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma

O43 - CFD: 07/07/2013 - 20:02:33 - [0,007] ----D C:\Users\LAURENCE\AppData\Roaming\10tons

O43 - CFD: 25/02/2012 - 17:28:15 - [0,008] ----D C:\Users\LAURENCE\AppData\Roaming\Babylon =>Toolbar.Babylon

O43 - CFD: 08/07/2013 - 01:25:30 - [0,004] ----D C:\Users\LAURENCE\AppData\Roaming\com.northwayGames.Incredipede

O43 - CFD: 29/12/2011 - 02:26:29 - [0,005] ----D C:\Users\LAURENCE\AppData\Roaming\OfferBox =>PUP.OfferBox

O43 - CFD: 11/03/2013 - 21:44:34 - [6,973] ----D C:\Users\LAURENCE\AppData\Roaming\Panel+

O43 - CFD: 04/04/2013 - 14:38:46 - [3,024] ----D C:\Users\LAURENCE\AppData\Roaming\Pst

O43 - CFD: 25/02/2012 - 17:28:20 - [3,745] ----D C:\Users\LAURENCE\AppData\Local\Babylon =>Toolbar.Babylon

O43 - CFD: 11/03/2013 - 21:44:13 - [24,831] ----D C:\Users\LAURENCE\AppData\Local\Panel+

O43 - CFD: 04/04/2013 - 14:34:57 - [0,987] ----D C:\Users\LAURENCE\AppData\Local\Pst

O43 - CFD: 07/07/2013 - 23:45:02 - [0,003] ----D C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eufloria

O43 - CFD: 11/04/2013 - 14:25:40 - [0] ----D C:\Users\LAURENCE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinWordGen 1.0

~ Program Folder: 250 Legitimates Filtered in 02mn 21s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.7E74E9FD62F1383AD546CDBB649FA976] - 18/07/2013 - 01:02:01 ---A- . (...) -- C:\Windows\ntbtlog.txt [235054]

O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17600]

O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17600]

O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [17600]

O44 - LFC:[MD5.FCA6FFA89139F8283F08852C62B4D491] - 17/07/2013 - 17:28:54 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [17600]

O44 - LFC:[MD5.F988ADC8AD0492B984D4600F337D7C4C] - 17/07/2013 - 14:02:53 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_17.07.2013_15.02.11_log.txt [143390]

O44 - LFC:[MD5.82CB323ABC3299C0CCA433E9A4CD9F3A] - 16/07/2013 - 23:09:55 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_17.07.2013_00.08.49_log.txt [142368]

O44 - LFC:[MD5.4D307533FD7D80AAF7147957A2F6986B] - 16/07/2013 - 22:36:44 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.35.18_log.txt [143954]

O44 - LFC:[MD5.2F581093AB530E0C8BF1A9CF577CA8AC] - 16/07/2013 - 22:30:06 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.27.59_log.txt [144510]

O44 - LFC:[MD5.67FF4F1492074790071713D04A052729] - 16/07/2013 - 22:25:38 ---A- . (...) -- C:\TDSSKiller.2.8.16.0_16.07.2013_23.23.53_log.txt [144510]

~ Files: 68 Legitimates Filtered in 00mn 08s

 

 

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.BBEB7434454CD61564497A78CEC33F31] - 16/07/2013 - 19:26:05 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-ED78563F.pf =>P2P.BitTorrent

O45 - LFCP:[MD5.3F0DBC6789DF3573F92E5C699656FF75] - 17/07/2013 - 13:12:30 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-A4C46442.pf

O45 - LFCP:[MD5.06BA987596D2A045F146BE6E61E46686] - 17/07/2013 - 16:45:22 ---A- - C:\Windows\Prefetch\MCVSSHLD.EXE-BE0F6F46.pf

O45 - LFCP:[MD5.008FC402DB42A4E9AF965055D3A00289] - 18/07/2013 - 00:16:26 ---A- - C:\Windows\Prefetch\MCINSUPD.EXE-616C7579.pf

O45 - LFCP:[MD5.CB57321A272FA69B722FDBF61EB5C6B4] - 23/06/2013 - 21:23:28 ---A- - C:\Windows\Prefetch\BB_CHAOS.EXE-83913D29.pf

O45 - LFCP:[MD5.DF2C87E2FEC567CF877048B25FDAB377] - 25/06/2013 - 18:19:09 ---A- - C:\Windows\Prefetch\DXLIST.EXE-5510F64F.pf

O45 - LFCP:[MD5.B7C954BD66ED75D43F9BF00192C7449E] - 28/06/2013 - 00:57:45 ---A- - C:\Windows\Prefetch\E-STUDIO.EXE-487298C6.pf

O45 - LFCP:[MD5.3591308F420C1F1E4B3814B8E709D996] - 28/06/2013 - 00:59:56 ---A- - C:\Windows\Prefetch\LICENSEMANAGER.EXE-54F25DE2.pf

O45 - LFCP:[MD5.F2B43F229673E0D4A51795F8462F6F75] - 29/06/2013 - 18:35:20 ---A- - C:\Windows\Prefetch\E-MERGE.EXE-99A26BF6.pf

O45 - LFCP:[MD5.C81D4EDBC7A5A313903A03C4B769ADB0] - 29/06/2013 - 18:40:20 ---A- - C:\Windows\Prefetch\E-DATAAID.EXE-8DC94306.pf

~ Prefetcher: 141 Legitimates Filtered in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (O51)

O51 - MPSK:{3dae5540-a725-11e2-bf5f-806e6f6e6963}\AutoRun\command. (...) -- G:\setup.exe (.not file.)

O51 - MPSK:{94b0a38f-cb8c-11e2-b8c6-5cac4ca7d98d}\AutoRun\command. (...) -- E:\Setup.exe (.not file.)

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\Kujytuo [Key] . (...) -- C:\Users\LAURENCE\AppData\Roaming\kujytuo.exe (.not file.) =>Virus.Kujytuo

O53 - SMSR:HKLM\...\startupreg\Panel+ [Key] . (.Ipsos - PanelPlusService.) -- C:\Users\LAURENCE\AppData\Local\Panel+\service\PanelPlusService.exe

O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 16 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.D5BCB77BE83CF99F508943945D46343D] - 26/03/2009 - 20:16:08 ---A- . (.Dritek System Inc. - Dritek 64-bit PS/2 Keyboard Filter Driver.) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys [25608]

~ Drivers: Scanned in 00mn 00s

 

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 12/02/2002 - 20:23:00 ---A- C:\Users\LAURENCE\Downloads\Praetorians\ikernel.ex_ [344923]

O61 - LFC: 15/07/2013 - 02:08:27 R--A- C:\Users\LAURENCE\Downloads\BB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY-DeGun TPB\Films et series sur www.OMGTORRENT.com.txt [60]

O61 - LFC: 15/07/2013 - 02:08:27 R--A- C:\Users\LAURENCE\Downloads\BB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY-DeGun TPB\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY.nfo [5367]

O61 - LFC: 15/07/2013 - 02:16:35 R--A- C:\Users\LAURENCE\Downloads\BB\[www.OMGTORRENT.com] World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY\World.War.Z.2013.FRENCH.READNFO.TS.HQ.XviD-KiNGOFBLURAY.nfo [5367]

O61 - LFC: 15/07/2013 - 03:13:58 R--A- C:\Users\LAURENCE\Videos\300 HDDVDRiP.x264.AC3-iDHD.mkv [4693522393]

O61 - LFC: 15/07/2013 - 03:20:31 ---A- C:\Users\LAURENCE\Downloads\BB\New\Good morning England - VOST - Richard Curtis.wmv [1616653655]

O61 - LFC: 15/07/2013 - 03:45:29 R--A- C:\Users\LAURENCE\Videos\300 VostFr\Lisez.Moi.txt [1164]

O61 - LFC: 15/07/2013 - 12:06:56 -SHA- C:\Users\LAURENCE\Videos\Superman Returns\Thumbs.db [10240]

O61 - LFC: 15/07/2013 - 15:00:42 ---A- C:\Users\LAURENCE\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_15_07_00_43.db [1406720]

O61 - LFC: 16/07/2013 - 15:42:28 ---A- C:\Users\LAURENCE\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_07_16_07_42_31.db [1493248]

O61 - LFC: 16/07/2013 - 15:42:48 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.3 [1024233]

O61 - LFC: 16/07/2013 - 16:24:32 ---A- C:\Users\LAURENCE\Downloads\BB\New\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}.txt [442]

O61 - LFC: 16/07/2013 - 16:30:05 ---A- C:\Users\LAURENCE\Downloads\BB\New\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}\Man of Steel 2013.2013 HDRip XviD S4A {French-Sub}.rar [732955233]

O61 - LFC: 16/07/2013 - 16:46:05 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.2 [1024018]

O61 - LFC: 16/07/2013 - 17:00:59 ---A- C:\Users\LAURENCE\Downloads\BB\New\tnm-inception-720p.mkv [7041512439]

O61 - LFC: 16/07/2013 - 17:18:38 ---A- C:\Users\LAURENCE\Documents\cc_20130716_181830.reg [63006]

O61 - LFC: 16/07/2013 - 19:49:37 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\Torrent downloaded from Demonoid.me.txt [46]

O61 - LFC: 16/07/2013 - 20:07:16 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\Bonus Content.zip [187398851]

O61 - LFC: 16/07/2013 - 20:07:34 R--A- C:\Users\LAURENCE\Downloads\BB\eXperience 112\eXperience112.iso [1147092992]

O61 - LFC: 16/07/2013 - 20:59:12 ---A- C:\Users\LAURENCE\Downloads\BB\New\Experience 112 FR + Crack\Experience 112.iso [4624875520]

O61 - LFC: 16/07/2013 - 21:32:05 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\PanelPlusNet.sdf [86016]

O61 - LFC: 16/07/2013 - 21:34:50 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt.1 [1024111]

O61 - LFC: 16/07/2013 - 21:39:08 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\proxy.txt [3779]

O61 - LFC: 16/07/2013 - 21:39:40 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\Logs\service.txt [663967]

O61 - LFC: 16/07/2013 - 21:40:22 ---A- C:\Users\LAURENCE\AppData\Roaming\Panel+\toolbar.sdf [413696]

O61 - LFC: 17/07/2013 - 14:17:43 ---A- C:\Users\LAURENCE\Downloads\mbam-setup-1.75.0.1300.exe [10285040]

O61 - LFC: 17/07/2013 - 16:34:33 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\First Run [0]

O61 - LFC: 17/07/2013 - 16:34:58 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]

O61 - LFC: 17/07/2013 - 16:45:36 ---A- C:\Users\LAURENCE\Downloads\FRST64.exe [1778209]

O61 - LFC: 17/07/2013 - 17:30:31 ---A- C:\Users\LAURENCE\Downloads\seaf.exe [498868]

O61 - LFC: 17/07/2013 - 22:36:45 -SHA- C:\Users\LAURENCE\Videos\300 VostFr\Thumbs.db [20992]

O61 - LFC: 17/07/2013 - 22:36:46 -SHA- C:\Users\LAURENCE\Videos\JR [DVDRIP]\Thumbs.db [8704]

O61 - LFC: 17/07/2013 - 22:38:36 -SHA- C:\Users\LAURENCE\Videos\Thumbs.db [740352]

O61 - LFC: 18/07/2013 - 00:35:17 ---A- C:\Users\LAURENCE\Downloads\fairyta.bat [188]

O61 - LFC: 18/07/2013 - 00:35:21 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [258723]

O61 - LFC: 18/07/2013 - 00:48:56 ---A- C:\Users\LAURENCE\Downloads\OTM.exe [522240]

O61 - LFC: 18/07/2013 - 00:59:38 ---A- C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Local State [32487]

O61 - LFC: 27/05/1999 - 11:17:52 ---A- C:\Users\LAURENCE\Downloads\WA\WA2\Install\_INST32I.EX_ [320127]

~ 11 Fichiers temporaires (Temporary files)

~ Files: 702 Legitimates Filtered in 00mn 26s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 15/03/2013 - C:\Windows\system32\drivers\aksdf.sys (aksdf) .(.SafeNet Inc. - Safenet Inc. Sentinel Data Filter Driver.) - LEGACY_AKSDF

O64 - Services: CurCS - 15/06/2012 - C:\Windows\System32\Drivers\PRTDRV.sys (PRTDRV) .(.Psychology Software Tools - Port Driver.) - LEGACY_PRTDRV

~ Legacy: 91 Legitimates Filtered in 00mn 01s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - Babylon Search =>Adware.IMBooster

O69 - SBI: SearchScopes [HKCU] {571C3EF3-5DBA-4427-BBF7-D8A6E41C1337} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Crack & Keygen Files (O82)

H:\Mark.of.the.Ninja.v1.0.multi6.cracked-THETA\!!Mreader.exe

H:\Mark.of.the.Ninja.v1.0.multi6.cracked-THETA\Mark of the Ninja.exe

~ Files: Scanned in 01mn 14s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.6ACBD475647D7A160657CB3E460F0F35] [sPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]

[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][15/04/2011] (...) -- C:\Users\LAURENCE\AppData\Roaming\wklnhst.dat [0]

[MD5.AEDB6AA9598337DA300942DEF6B5EFC5] [sPRF][16/07/2013] (.AVAST Software - avast! Antirootkit.) -- C:\Users\LAURENCE\Desktop\aswMBR.exe [4745728]

[MD5.E8D3E34FFDAF21DF7C09CBBBA5763237] [sPRF][16/07/2013] (.ESET - ESET Smart Installer.) -- C:\Users\LAURENCE\Desktop\esetsmartinstaller_enu.exe [2347384]

[MD5.59A46F65BBDAF49DEF0257F7D0017571] [sPRF][18/07/2013] (...) -- C:\Users\LAURENCE\Desktop\fairyta.bat [188]

[MD5.BE36FC21D6ED7E665A9310CF23E4640E] [sPRF][16/07/2013] (.Symantec Corporation - Zero Access Fix Tool.) -- C:\Users\LAURENCE\Desktop\FixZeroAccess.exe [1805736]

[MD5.683FDD3D773C58B262DC07CD0C6CE938] [sPRF][16/07/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\LAURENCE\Desktop\mbam-setup-1.75.0.1300.exe [10285040]

[MD5.30FADBA93E9430A63F19DA9935DE4369] [sPRF][14/09/2011] (.Gabest - Media Player Classic.) -- C:\Users\LAURENCE\Desktop\mplayerc.exe [4411392]

[MD5.430A389AE785F228F28234D7C161D351] [sPRF][17/07/2013] (...) -- C:\Users\LAURENCE\Desktop\RogueKillerX64.exe [3778560]

[MD5.95A960B7C3C05CB9BBF0EDD80086F770] [sPRF][17/07/2013] (.C_XX - SEAF.) -- C:\Users\LAURENCE\Desktop\seaf.exe [498868]

~ Files: Scanned in 00mn 00s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : v2.12771 - (17/07/2013)

Clés trouvées (Keys found) : 95

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 16

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}] =>Toolbar.Expresso

[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>PUP.ToparcadeHits

[HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>PUP.ToparcadeHits

[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent

[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent

[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA}] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7555B87D-D711-48B2-B97D-04DF700652BA}] =>Adware.Boxore

[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent

[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits

[HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits

[HKLM\Software\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso

[HKLM\Software\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}] =>Toolbar.Expresso

[HKLM\Software\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}] =>Toolbar.Agent

[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit

[HKLM\Software\Wow6432Node\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit

[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper

[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon

[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.Babylon

[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>PUP.ToparcadeHits

[HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>PUP.ToparcadeHits

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar

[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =>Toolbar.Wajam

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent

[HKLM\Software\Classes\AppID\Extension.DLL] =>Toolbar.Expresso

[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.Agent

[HKLM\Software\Classes\Extension.ExtensionHelperObject] =>Toolbar.Expresso

[HKLM\Software\Classes\Extension.ExtensionHelperObject.1] =>Toolbar.Expresso

[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.Agent

[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.Agent

[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.Agent

[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.Agent

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>Toolbar.Babylon

[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\fjglfdldpdljgfjkfgieaocdapejkdlh] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca] =>Adware.IncrediBar

[HKCU\Software\APN PIP] =>Toolbar.Ask

[HKCU\Software\OfferBox] =>PUP.OfferBox

[HKLM\Software\Wow6432Node\OfferBox] =>PUP.OfferBox

[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask

[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong

[HKCU\Software\Softonic] =>Toolbar.Conduit

[HKCU\Software\SweetIM] =>PUP.SweetIM

[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM

[HKLM\Software\Tarma Installer] =>Toolbar.Tarma

[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive

[HKCU\Software\WNLT] =>Adware.IncrediBar

[HKLM\Software\WNLT] =>Adware.IncrediBar

[HKCU\Software\Complitly] =>Adware.PredictAd

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASAPI32] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\Babylon_RASMANCS] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar

[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox

[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox

[HKCU\Software\InstallCore] =>Adware.InstallCore

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}] =>Adware.IncrediBar

[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA8002CF-2914-493A-B7E8-79740E2E15DB}] =>Toolbar.Babylon

[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard

[HKLM\Software\Wow6432Node\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard

[HKLM\Software\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}] =>Toolbar.Babylon

[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore

[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch

[HKLM\Software\Classes\AppID\BabylonHelper.EXE] =>Toolbar.Babylon

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^

[HKLM\Software\Mozilla\Firefox\Extensions]:offerbox@spointer.com =>Adware.SPointer

C:\Program Files (x86)\Boxore =>Adware.Boxore

C:\Program Files (x86)\Software =>Adware.Boxore

C:\Program Files (x86)\SweetIM =>PUP.SweetIM

C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch

C:\ProgramData\Babylon =>Toolbar.Babylon

C:\ProgramData\Software =>Adware.Boxore

C:\ProgramData\Partner =>Spyware.Partner

C:\Users\LAURENCE\AppData\Roaming\Babylon =>Toolbar.Babylon

C:\Users\LAURENCE\AppData\Roaming\OfferBox =>PUP.OfferBox

C:\Users\LAURENCE\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch

C:\Users\LAURENCE\AppData\Local\Babylon =>Toolbar.Babylon

C:\Users\LAURENCE\AppData\Local\Software =>Adware.Boxore

C:\Users\LAURENCE\AppData\LocalLow\BabylonToolbar =>Toolbar.Babylon

C:\Users\LAURENCE\AppData\LocalLow\Incredibar.com =>Adware.IncrediBar

C:\Users\LAURENCE\AppData\LocalLow\PriceGong =>Adware.PriceGong

C:\Users\LAURENCE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch

~ Additionnel Scan: 294812 Items scanned in 00mn 19s

 

 

 

---\\ Product Upgrade Codes (O90)

O90 - PUC: "0462B58F8EDCA834486F112B0B23DE64" . (.E-Prime 2.0 (2.0.10.242).) -- C:\Windows\Installer\{F85B2640-CDE8-438A-84F6-11B2B032ED46}\ARPPRODUCTICON.exe

~ Update Products: 140 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Auto 0 | (0252641374103052mcinstcleanup) . (...) - C:\Windows\TEMP\025264~1.exe

SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe

SS - | Auto 22/01/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SS - | Demand 18/01/2013 577536 | (Blackberry Device Manager) . (.Research In Motion Limited.) - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

SS - | Auto 30/09/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

SS - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

SS - | Auto 11/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 11/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Auto 15/03/2013 4466120 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe

SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Auto 05/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

SS - | Auto 188760 | (IB Updater Updater) . (...) - C:\Program Files\IB Updater\ExtensionUpdaterService.exe =>Adware.InstallBrain

SS - | Auto 31/08/2012 201304 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

SR - | Auto 31/08/2012 201304 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

SS - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

SS - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

SS - | Demand 16/11/2012 383608 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe

SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

SS - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

SS - | Auto 31/08/2012 201304 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SS - | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

SS - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SS - | Demand 04/05/2013 543656 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SS - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

SS - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

SS - | Auto 11/07/2013 1598128 | (vToolbarUpdater15.3.0) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe =>Toolbar.AVGSearch

SS - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

~ Services: Scanned in 00mn 03s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

~ MBR: 1 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by LAURENCE at 18/07/2013 02:05:44

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

 

 

 

---\\ Malicius Software Information

~ Adware.Incredibar - Malicius Software Information =>Adware.Incredibar

~ Toolbar.Babylon - Malicius Software Information =>Toolbar.Babylon

~ Adware.InstallBrain - Malicius Software Information =>Adware.InstallBrain

~ PUP.OfferBox - Malicius Software Information =>PUP.OfferBox

~ Adware.PriceGong - Malicius Software Information =>Adware.PriceGong

~ Adware.SmartSuggestor - Malicius Software Information =>Adware.SmartSuggestor

~ Hijacker.SmartBar - Malicius Software Information =>Hijacker.SmartBar

~ Adware.PredictAd - Malicius Software Information =>Adware.PredictAd

~ Adware.InstallCore - Malicius Software Information =>Adware.InstallCore

~ Toolbar.Conduit - Malicius Software Information =>Toolbar.Conduit

~ PUP.SweetIM - Malicius Software Information =>PUP.SweetIM

~ Toolbar.Tarma - Malicius Software Information =>Toolbar.Tarma

~ Adware.Boxore - Malicius Software Information =>Adware.Boxore

~ Virus.Kujytuo - Malicius Software Information =>Virus.Kujytuo

~ Adware.IMBooster - Malicius Software Information =>Adware.IMBooster

~ PUP.ToparcadeHits - Malicius Software Information =>PUP.ToparcadeHits

~ Adware.Yontoo - Malicius Software Information =>Adware.Yontoo

~ Toolbar.Ask - Malicius Software Information =>Toolbar.Ask

~ Spyware.AgenceExclusive - Malicius Software Information =>Spyware.AgenceExclusive

~ Adware.SPointer - Malicius Software Information =>Adware.SPointer

~ Spyware.Partner - Malicius Software Information =>Spyware.Partner

~ MSI: 21 link(s) detected in 00mn 04s

 

 

 

~ 1970 Legitimates filtered by white list

End of the scan (727 lines in 05mn 46s)(2)

 

 

J'ai également essayé TDSSKiller et MalwareByte sans succès... Il me reste toujours ces deux fichiers "Desktop.ini" que je n'arrive pas à supprimer. Je tente un scan avec Microsoft Safety Scanner en ce moment même, je posterais le rapport demain matin. Si quelqu'un peu m'aider je lui serais vraiment reconnaissant.

 

Merci d'avance.

Jibs

[pear]

Vous êtes certaine qu'ils sont encore là ?

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT

[ZeroAccess][Fichier] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ AU REBOOT

 

Si oui, on s'en occupera après ce nettoyage indispensable.

Svp, ne prenez aucune initiative personnelle

 

1)Si vous avez Adwcleaner depuis quelque temps, désinstallez le et installez la dernière version

Télécharger AdwCleaner

Sous Vista et Windows 7_ 8-> Exécuter en tant qu'administrateur

Afin de ne pas fausser les rapports,Recherche et Suppression ne doivent être lancés qu'une seule fois

Cliquez sur Recherche et postez le rapport généré C:\AdwCleaner[R1].txt

 

NettoyageA faire sans délai

Relancez AdwCleaner avec droits administrateur

Cliquez sur Suppression et postez le rapport C:\AdwCleaner[s1].txt

 

2)Télécharger Junkware Removal Tool de thisisu

OS:Windows XP/Vista/7/8

Utilisable sur systèmes 32-bits et 64-bits

 

Clquez sur Jrt.exe avec droits administrateur.

Si votre antvirus râle,Vous le signalez comme acceptable dans les exceptions de votre antivirus

Une fenêtre noire s'ouvre qui vous dit de cliquer une touche pour lancer le scan.

 

L'outil va prendre quelques minutes pour fouiller votre machine.

Patientez jusqu'à l'apparition de Jrt.txt dont vous posterez le contenu.

 

Comment poster les rapports

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Cliquer sur Ouvrir

Cliquer sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

 

3)

 

Téléchargez MBAM

Avant de lancer Mbam

Vous devez d'abord désactiver vos protections mais vous ne savez pas comment faire

Cliquer ici

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Exécuter avec droits d'administrateur.

Sous Vista/7/8 , désactiver l'Uac

 

Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update/Mises à jour et Launch/Exécuter soient cochées

 

MBAM démarrera automatiquement et enverra un message demandant de mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation de connecter MBAM, acceptez

 

Une fois la mise à jour terminée, allez dans l'onglet Recherche.

 

Sélectionnez "Exécuter un examen complet"

Cliquez sur "Rechercher"

.L' analyse prendra un certain temps, soyez patient !

A la fin , un message affichera :

L'examen s'est terminé normalement.

Et un fichier Mbam.log apparaitra

 

 

Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Copiez-collez ce rapport dans la prochaine réponse.

Modifié le 18 juillet 2013 par pear

[Jibs]

Oui ils y sont encore, même quand je reboot et que je refait un scan avec Rogue Killer, il m'affiche toujours la même chose et finalement ne supprime rien... J'ai fait les deux premières étapes de ce que vous m'avez dit, voici les 2 rapports AdwCleaner et de JRT :

 

© CJoint.com, 2012 => AdwCleaner[R1]

 

© CJoint.com, 2012 => AdwCleaner[s1]

 

© CJoint.com, 2012 => JRT

 

Je vais maintenant effectuer le 3), je posterai le rapport dès que le scan de MBAM sera terminé !

 

En attendant merci beaucoup pour votre aide !