Comment supprimer VisualBee ?

[paulo86]

Bonjour,

 

j'essaye de supprimer visualbee, sans succès. Il est déjà supprimé de mes moteurs de recherches, de mes programmes, j'ai déjà fait tourner malwarebytes, mais quand j'ouvre un nouvel onglet sur mozilla, visualbee apparait encore!

J'ai lu sur une autre page du forum de ce site que quelqu'un avait eu le même problème...j'ai donc suivi la même démarche, en utilisant ZHPDiag.

Voici le rapport que j'ai obtenu :

 

~ Rapport de ZHPDiag v2013.8.17.25 - Nicolas Coolman (17/08/2013)
~ Lancé par palevy (18/08/2013 12:04:09)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome v28.0.1500.95

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Business Edition, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows® 7, VOLUME_MAK channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v7.0.1474.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.1.0522.0

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Français
Java 7 Update 25

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3240 MB (41% free)
System Restore: Désactivé (Disabled)
System drive C: has 173 GB (74%) free of 233 GB

---\\ Mode de connexion au système
~ Computer Name: L-BE-14771
~ User Name: palevy
~ All Users Names: Guest, Altran, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\palevy\AppData\Roaming\
~ %Desktop% : C:\Users\palevy\Desktop\
~ %Favorites% : C:\Users\palevy\Favorites\
~ %LocalAppData% : C:\Users\palevy\AppData\Local\
~ %StartMenu% : C:\Users\palevy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 173 Go of 233 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.42C671E0525618E23371D0E68282F37C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.27/10/2012 - 07:26:55.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - NT File System Driver.) (.31/08/2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3410
~ Mes musiques (My Musics) : 1/481
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 4/262
~ Mon Bureau (My Desktop) : 1/336
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés au démarrage su système
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2576]
[MD5.8F64B17B4E000081C70393C24292F034] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [488816] [PID.792]
[MD5.5B81B8DD1BC00584113F1208FC9F0799] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [143384] [PID.2348]
[MD5.B99A8044B17C0E10507CA8EDB5D33A8B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177176] [PID.2412]
[MD5.91D3DF8C4CC95359BEEE51E7FD30E821] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [178200] [PID.2564]
[MD5.5335A701EAA54F879520892E2395265F] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [536668] [PID.3812]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.2848]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.3672]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2928]
[MD5.F108D6DD4FF65B362FAC52FE3ACA8BEE] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54640] [PID.3088]
[MD5.DFC8186972EB21F75E5B532194AF4C3A] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [54640] [PID.4600]
[MD5.7A42A8E161DC32C5A40C5813ED64DF03] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [54744] [PID.4752]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [276376] [PID.5112]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5400]
[MD5.60B241EFB669D286C9BF636A0334B3BA] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe [1855880] [PID.5336]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.5084]
[MD5.31EC2C367F440422C93FBF31B7D1314F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7824896] [PID.4284]
[MD5.BAA8BB58716390463298661281662E21] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [2727936] [PID.4724]
[MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [PID.920]
[MD5.C98DF3FFEBAC8AF2BBB4457C0D3089C3] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [262226] [PID.1164]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1612]
[MD5.827DBC22C96EECF6D36A13162FABAFD3] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Program Files\IDT\WDM\aestsrv.exe [81920] [PID.1884]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1940]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2044]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.304]
[MD5.4E37455DB16AEC75862B1D0BC35B589E] - (.O2Micro International - O2 Flash Memory Service.) -- C:\Windows\system32\DRIVERS\o2flash.exe [72296] [PID.492]
[MD5.675C575444AAFD56B4E8A99EF8A570CD] - (.Absolute Software Corp. - rpcnet.) -- C:\Windows\system32\rpcnet.exe [69792] [PID.660]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\Windows\system32\CCM\Ccmexec.exe [764768] [PID.2116]
[MD5.3B846434055F80D9E89D0742F3ADAD34] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- c:\Program Files\Microsoft Security Client\NisSrv.exe [287824] [PID.2648]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Microsoft Software Protection Platform Serv.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3092]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\palevy\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\prefs.js
C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\user.js
M3 - MFPP: Plugins - [palevy] -- C:\Users\palevy\AppData\Roaming\Mozilla\Firefox\Profiles\lztc4zka.default\searchplugins\visualbee.xml
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix CCM SDK DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\CCMSDK.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Program Neighborhood CGPCFG dll.) -- C:\Program Files\Mozilla Firefox\Plugins\cgpcfg.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - CGP Core.) -- C:\Program Files\Mozilla Firefox\Plugins\CgpCore.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in Configuration DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\confmgr.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix ICA Client Logging DLL.) -- C:\Program Files\Mozilla Firefox\Plugins\ctxlogging.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in MUI DLL (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\ctxmui.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix Configuration Manager.) -- C:\Program Files\Mozilla Firefox\Plugins\icafile.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix online plug-in Logon (Win32).) -- C:\Program Files\Mozilla Firefox\Plugins\icalogon.dll
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\Plugins\npicaN.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - Citrix SSL SDK (OpenSSL).) -- C:\Program Files\Mozilla Firefox\Plugins\sslsdk_b.dll
P2 - FPN:Firefox Plugin Navigator . (.Citrix Systems, Inc. - TCP Proxy Service.) -- C:\Program Files\Mozilla Firefox\Plugins\TcpPServ.dll
~ Firefox Browser: 35 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://directv2.altran.com
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Explorer (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (3).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - GS\TaskBar: Windows Explorer (2).lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer (3).lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Bluetooth File Transfer.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
~ Winsock: 7 Legitimates Filtered in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.altran.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E70B747-86E7-43E7-8165-D836C125D926}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.corp.altran.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Dealply.job [294] =>PUP.DealPly
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Managers Newsletter.job [494]
[MD5.00000000000000000000000000000000] [APT] [Dealply] (...) -- C:\Users\palevy\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\DealPlyLive] =>PUP.DealPly
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\DealPlyLive] =>PUP.DealPly
[HKLM\Software\VBMZ]
[HKLM\Software\f6df8ce26fbe47]
~ Key Software: 103 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/08/2013 - 00:55:46 - [0,851] ----D C:\Program Files\DealPly =>PUP.DealPly
O43 - CFD: 18/08/2013 - 00:49:28 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 18/08/2013 - 00:49:39 - [0] ----D C:\Users\palevy\AppData\Local\DealPlyLive =>PUP.DealPly
~ Program Folder: 109 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.51B0F4146F408026E91AA334498B0DD0] - 18/08/2013 - 10:23:53 ---A- . (...) -- C:\Windows\System32\rpcnetp.exe [17920]
O44 - LFC:[MD5.C1B19AD11821780B67F4C545BEB270C0] - 14/08/2013 - 17:59:06 ---A- . (...) -- C:\Windows\System32\rpcnetp.dll [17920]
~ Files: 13 Legitimates Filtered in 00mn 10s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.ACD6362AA90BF7BF7227BF0049FB0D90] - 17/08/2013 - 11:04:07 ---A- - C:\Windows\Prefetch\INSTW32.EXE-F3CF76D5.pf
O45 - LFCP:[MD5.193B5522E29C30EFC28D1A407EFEFA15] - 17/08/2013 - 14:03:00 ---A- - C:\Windows\Prefetch\BITTORRENT.EXE-613714CB.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.1269C455709451042E4E14B267D6728B] - 17/08/2013 - 23:05:49 ---A- - C:\Windows\Prefetch\MP3FILEMANAGER_1.1_UPDATE_FRA-75148E58.pf
O45 - LFCP:[MD5.502543FD342980AC891FF80939575154] - 17/08/2013 - 23:06:23 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-DB2C02B5.pf
O45 - LFCP:[MD5.FCE0A49DA7D85170F69B503E5C9E996A] - 17/08/2013 - 23:07:51 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-8BD64E15.pf
O45 - LFCP:[MD5.3A86BB9F0AD93337D2DEC2C6B97520C8] - 17/08/2013 - 23:08:35 ---A- - C:\Windows\Prefetch\MP3FILEMANAGER_1.1_UPDATE_FRA-9A68E053.pf
O45 - LFCP:[MD5.5C6C0FD72A5742CEB15811D7D0642E1C] - 17/08/2013 - 23:08:36 ---A- - C:\Windows\Prefetch\COPYTOOL.EXE-FB681EF0.pf
O45 - LFCP:[MD5.0E8EE710CB464962E30777301825C48D] - 17/08/2013 - 23:15:54 ---A- - C:\Windows\Prefetch\SONICSTAGESECURITYUPDATEPROGR-361FCCF9.pf
O45 - LFCP:[MD5.C571C2B7B6A957264A81D20D64DE6193] - 17/08/2013 - 23:16:40 ---A- - C:\Windows\Prefetch\SONICSTAGESECURITYUPDATEPROGR-D919FAFF.pf
O45 - LFCP:[MD5.B3C8B2DCF37D83EEF2938207B0C0F2B0] - 17/08/2013 - 23:30:50 ---A- - C:\Windows\Prefetch\SETUPSS.EXE-69C00EA5.pf
O45 - LFCP:[MD5.14560BD38A016C79C8E7A442EE4E618E] - 17/08/2013 - 23:31:15 ---A- - C:\Windows\Prefetch\SONICSTAGEINSTALLER_4.3.EXE-2D1B0866.pf
O45 - LFCP:[MD5.D2D32194D19E278FABD26A12068B1FE6] - 17/08/2013 - 23:48:33 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SONIC-B17C6324.pf =>Toolbar.Conduit
O45 - LFCP:[MD5.3FB963E4CF3ACD2A0F13746AE357B045] - 17/08/2013 - 23:49:06 ---A- - C:\Windows\Prefetch\SETUPSS.EXE-7CF669D9.pf
O45 - LFCP:[MD5.8BABD985E5E8D1E11A986CAEDB0C1174] - 17/08/2013 - 23:49:06 ---A- - C:\Windows\Prefetch\SONICSTAGEINSTALLER.EXE-DD4CFE8D.pf
O45 - LFCP:[MD5.BBE73CD61E4017ADB105692DC341AD89] - 17/08/2013 - 23:49:23 ---A- - C:\Windows\Prefetch\VISUALBEESILENT-1-.EXE-23618161.pf
O45 - LFCP:[MD5.3CD564250E168B436D60B229744505DE] - 17/08/2013 - 23:49:30 ---A- - C:\Windows\Prefetch\VBMZ7.EXE-70C9567F.pf
O45 - LFCP:[MD5.2A366F53FBB1E8A9F278FB4FCE3C5901] - 17/08/2013 - 23:49:37 ---A- - C:\Windows\Prefetch\VISUALBEETB_YH.EXE-A03CF3E7.pf
O45 - LFCP:[MD5.2DAA495B961663F3305EF4C3F683A2A4] - 17/08/2013 - 23:49:40 ---A- - C:\Windows\Prefetch\DP.EXE-CA3EDD3D.pf
O45 - LFCP:[MD5.815638CBB586ED5CF28D3AE915907C17] - 17/08/2013 - 23:49:43 ---A- - C:\Windows\Prefetch\UNINST.EXE-FF304FB5.pf
O45 - LFCP:[MD5.F9DD4829372E3AE793DC076D8F04EDD2] - 17/08/2013 - 23:49:47 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7ADB3CBB.pf =>PUP.DealPly
O45 - LFCP:[MD5.F66D76987EEC81FC6C81F9B5A774177C] - 17/08/2013 - 23:49:49 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-5043716C.pf =>Hijacker.BabSolution
O45 - LFCP:[MD5.DEF6A48263628FECAEADED28EE56D25C] - 17/08/2013 - 23:49:49 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-50388A13.pf =>PUP.DealPly
O45 - LFCP:[MD5.A869A5FD7F8E108659674AB1EBE1E870] - 17/08/2013 - 23:49:51 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-0BDA8C7F.pf
O45 - LFCP:[MD5.059055472FC2B67A96369654159FF33C] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEE4FFX.EXE-67CC4036.pf
O45 - LFCP:[MD5.4950CF808F22A196F378C9B4239BE639] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEE4IE.EXE-84663260.pf
O45 - LFCP:[MD5.74BEDE4C1F8FCA2DB6A0788675C7176B] - 17/08/2013 - 23:49:55 ---A- - C:\Windows\Prefetch\VISUALBEESOFTWARE.EXE-E4E52CEB.pf
O45 - LFCP:[MD5.5711BC6009AEEC6C212B065DD97B1EDD] - 17/08/2013 - 23:49:57 ---A- - C:\Windows\Prefetch\MYVBEETB.EXE-049F601D.pf
O45 - LFCP:[MD5.881B2D78AD21EB6589A3C5A151874BCD] - 17/08/2013 - 23:50:00 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel
O45 - LFCP:[MD5.7F751E9C2BF0940BE11FEC118ED19869] - 17/08/2013 - 23:50:12 ---A- - C:\Windows\Prefetch\VISUALBEEDB.EXE-53B3FFC2.pf
O45 - LFCP:[MD5.B9A61A233C80185AE020084601C1A851] - 17/08/2013 - 23:55:56 ---A- - C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-64AE3D08.pf =>PUP.DealPly
O45 - LFCP:[MD5.E38E79A172670569B2A7872359DA9C18] - 18/08/2013 - 09:23:38 ---A- - C:\Windows\Prefetch\VPNGUI.EXE-00816EC6.pf
O45 - LFCP:[MD5.252B04884932DF5D3FB78EA7ABAABAA0] - 18/08/2013 - 09:24:56 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-9DC930B3.pf =>PUP.DealPly
O45 - LFCP:[MD5.558D0210ACA32A7A5E42948278BF066E] - 18/08/2013 - 09:54:10 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-BF809A22.pf =>PUP.DealPly
~ Prefetcher: 140 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ConnectionCenter [Key] . (.Citrix Systems, Inc. - Citrix online plug-in Connection Center.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.3E58933198689F24CFA6ED4B93A80DEB] - 31/01/2011 - 06:46:06 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Accelern.sys [43888]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 17/08/2013 - 14:05:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\00. Danny Cudd - Released Upon Inception.m3u8 [676]
O61 - LFC: 17/08/2013 - 14:09:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\00. Hang Massive - Beat For Your Feet.m3u8 [814]
O61 - LFC: 17/08/2013 - 14:09:56 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\00. Danny Cudd - Timelessly Free.m3u8 [561]
O61 - LFC: 17/08/2013 - 14:13:16 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\05. Hang Massive - Increasing Obviousness (live).flac [21280087]
O61 - LFC: 17/08/2013 - 14:13:19 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\03. Danny Cudd - Once again (2012 remix).flac [25912734]
O61 - LFC: 17/08/2013 - 14:13:19 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\03. Hang Massive - Once Again (live).flac [26426523]
O61 - LFC: 17/08/2013 - 14:13:20 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\02. Danny Cudd - From the view.flac [47070367]
O61 - LFC: 17/08/2013 - 14:13:22 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\02. Hang Massive - From the view (live).flac [33114912]
O61 - LFC: 17/08/2013 - 14:13:24 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\03. Danny Cudd - Once Again (2011).flac [24826050]
O61 - LFC: 17/08/2013 - 14:13:25 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\07. Hang Massive feat. Baba Alex - Increasing Obviousness.flac [20172492]
O61 - LFC: 17/08/2013 - 14:13:26 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\05. Danny Cudd - Increasing Obviousness.flac [36174728]
O61 - LFC: 17/08/2013 - 14:13:27 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\07. Danny Cudd - At Last.flac [19391996]
O61 - LFC: 17/08/2013 - 14:13:31 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\06. Danny Cudd - Sky like eyes.flac [34871597]
O61 - LFC: 17/08/2013 - 14:13:33 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\04. Danny Cudd - Timelessly Free.flac [49622032]
O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\01. Danny Cudd - Omat Odat.flac [43443265]
O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\08. Danny Cudd - Tingless Tings.flac [38499255]
O61 - LFC: 17/08/2013 - 14:13:36 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\06. Hang Massive - At Last (live).flac [16602868]
O61 - LFC: 17/08/2013 - 14:13:37 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\08. Hang Massive feat. Baba Alex - From the View.flac [23870902]
O61 - LFC: 17/08/2013 - 14:13:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\01. Danny Cudd feat. Daniel Waples - Double D.flac [42319242]
O61 - LFC: 17/08/2013 - 14:13:40 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\01. Hang Massive - Omat Odat (live).flac [31400021]
O61 - LFC: 17/08/2013 - 14:13:42 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\05. Danny Cudd - Rain Drops.flac [27249669]
O61 - LFC: 17/08/2013 - 14:13:44 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\07. Danny Cudd - Released upon inception.flac [28741010]
O61 - LFC: 17/08/2013 - 14:13:44 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Hang Massive - Beats for your Feet\04. Hang Massive - Skånegatan (live).flac [19589414]
O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\02. Danny Cudd - Remind.flac [52523121]
O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2011 - Danny Cudd - Timelessly Free\06. Danny Cudd - To the mirage.flac [44737444]
O61 - LFC: 17/08/2013 - 14:13:45 ---A- C:\Users\palevy\Downloads\Danny Cudd & Hang Massive\2012 - Danny Cudd - Released Upon Inception\04. Danny Cudd - Skånegatan.flac [22994785]
O61 - LFC: 17/08/2013 - 23:05:35 ---A- C:\Users\palevy\Downloads\MP3FileManager_1.1_Update_FRA.exe [1140610]
O61 - LFC: 17/08/2013 - 23:46:42 ---A- C:\Users\palevy\Downloads\MP3FileManager_1.1_Update_FRA(1).exe [1140610]
O61 - LFC: 17/08/2013 - 23:50:21 ---A- C:\Users\palevy\AppData\Local\Google\Chrome\User Data\Local State [37450]
O61 - LFC: 17/08/2013 - 23:50:21 ---A- C:\Users\palevy\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 17/08/2013 - 23:54:16 ---A- C:\Users\palevy\AppData\Local\avgchrome\avgp [107844]
O61 - LFC: 18/08/2013 - 09:25:53 ---A- C:\Users\palevy\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter
O61 - LFC: 18/08/2013 - 09:43:36 ---A- C:\Users\palevy\AppData\Roaming\Google\Local Search History\google%2Eweb.w [170]
O61 - LFC: 18/08/2013 - 09:55:46 ---A- C:\Users\palevy\AppData\Local\Google\Toolbar DNS data\data [801]
O61 - LFC: 18/08/2013 - 09:56:12 ---A- C:\Users\palevy\Downloads\SpyHunter-Installer(1).exe [725952] =>Crapware.SpyHunter
O61 - LFC: 18/08/2013 - 10:06:41 ---A- C:\Users\palevy\AppData\Local\Google\Toolbar\broker_metrics.xml [15491]
O61 - LFC: 18/08/2013 - 10:10:06 ---A- C:\Users\palevy\Downloads\mbam-setup-1.75.0.1300.exe [10285040]
~ 54 Fichiers temporaires (Temporary files)
~ Files: 181 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (VisualBee Search) -
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {D0207488-2AA7-4995-A506-0501C01E38BC} [DefaultScope] - (Google) - http://www.google.fr
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [sPRF][22/08/2011] (...) -- C:\Users\palevy\AppData\Local\Temp\ExchangePerflog_8484fa31035dba1258f3750c.dat [28]
[MD5.0985D6AFDFC3F0C21E743EDACBA283D4] [sPRF][23/07/2012] (...) -- C:\Users\palevy\AppData\Local\Temp\ExchangePerflog_8484fa31035dba12df5e13a8.dat [28]
[MD5.0CE6C2EC9A54F521A33529C46491E6EA] [sPRF][13/05/2013] (.Pas de propriétaire - GetCC.) -- C:\Users\palevy\AppData\Local\Temp\GetCC.dll [4608]
[MD5.32B309808450E377DF8B5D3CCE05547A] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\ICReinstall_iTunesSetup.exe [629856]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [sPRF][13/05/2013] (.Pas de propriétaire - SendMsg.) -- C:\Users\palevy\AppData\Local\Temp\SendMsg.dll [9216]
[MD5.46B4EC40DCB1026711FDE778F9C8E56D] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\sh4plist.dat [148]
[MD5.B71D0C3278AC5FF3A592DA3EFC7DA58E] [sPRF][18/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\SHSetup.exe [33531032] =>Crapware.SpyHunter
[MD5.DB521C3DC7B679226322033B09719ECA] [sPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\palevy\AppData\Local\Temp\uninst1.exe [339440] =>Toolbar.Babylon
[MD5.E13BE6A280AD574EC3BE472B51E633A3] [sPRF][17/08/2013] (...) -- C:\Users\palevy\AppData\Local\Temp\vbmz7.exe [85400]
~ Files: Scanned in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKLM\Software\f6df8ce26fbe47] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5056F846851DE4917902DE500B695028] [WIS][28/01/2010] (.ThinPrint AG - ThinPrint .print Client Windows.) -- C:\Windows\Installer\1a97da.msi [1816576]
[MD5.60FB52C07D89635DDEBDA4B51DF05196] [WIS][22/02/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\7f09e0.msi [28160] =>Toolbar.Google
~ WIS: 89 Legitimates Filtered in 00mn 01s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 31/01/2011 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\aestsrv.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
SS - | Auto 22/02/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/02/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 14/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 31/01/2011 72296 | (O2FLASH) . (.O2Micro International.) - C:\Windows\System32\DRIVERS\o2flash.exe
SR - | Auto 7/03/2013 69792 | (rpcnet) . (.Absolute Software Corp..) - C:\Windows\system32\rpcnet.exe
SR - | Auto 31/01/2011 262226 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



---\\ Recherche dinfection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by palevy at 18/08/2013 12:05:13

device: opened successfully
user: error reading MBR

Disk trace:
error: Read The handle is invalid.
kernel: error reading MBR
~ MBR: 18 Legitimates Filtered in 00mn 02s



---\\ Recherche dinfection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by palevy at 18/08/2013 12:05:15

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12859 - (17/08/2013)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 22

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ESGIGUARD] =>Crapware.SpyHunter
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files\DealPly =>PUP.DealPly^
C:\ProgramData\Babylon =>Toolbar.Babylon^
C:\Users\palevy\AppData\Local\DealPlyLive =>PUP.DealPly^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
Windows\Tasks\Dealply.job =>PUP.DealPly^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\DealPlyLive] =>PUP.DealPly^
[HKLM\Software\DealPlyLive] =>PUP.DealPly^
C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_SONIC-B17C6324.pf =>Toolbar.Conduit^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-7ADB3CBB.pf =>PUP.DealPly^
C:\Windows\Prefetch\BABMAINT.EXE-5043716C.pf =>Hijacker.BabSolution^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-50388A13.pf =>PUP.DealPly^
C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel^
C:\Windows\Prefetch\DEALPLYUPDATEVER.EXE-64AE3D08.pf =>PUP.DealPly^
C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-9DC930B3.pf =>PUP.DealPly^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-BF809A22.pf =>PUP.DealPly^
C:\Users\palevy\Downloads\SpyHunter-Installer.exe [726464] =>Crapware.SpyHunter^
C:\Users\palevy\Downloads\SpyHunter-Installer(1).exe [725952] =>Crapware.SpyHunter^
Users\palevy\AppData\Local\Temp\SHSetup.exe =>Crapware.SpyHunter^
Users\palevy\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
Windows\Installer\7f09e0.msi =>Toolbar.Google^
C:\Users\palevy\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\palevy\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\palevy\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
~ Additionnel Scan: 223291 Items scanned in 00mn 23s



---\\ Récapitulatif des détections trouvées sur votre station
~
~
~
~
~
~
~
~
~
~
~
~ MSI: 11 link(s) detected in 00mn 23s



~ 1301 Legitimates filtered by white list
End of the scan (616 lines in 01mn 29s)(0)

 

Pourriez-vous m'aider svp?

 

Merci d'avance

 

Paulo

[pear]

Comment poster les rapports
Aller sur le site :Ci-Joint
Appuyez sur Parcourir et chercher les rapports sur le disque,
Cliquer sur Ouvrir
Cliquer sur Créer le lien CJoint,
>> dans la page suivante --> ,,
une adresse http//.. sera créée
Copier /coller cette adresse dans votre prochain message.

1)Si vous avez Adwcleaner depuis quelque temps, désinstallez le et installez la dernière version
Télécharger AdwCleaner
Sous Vista et Windows 7_ 8-> Exécuter en tant qu'administrateur
Afin de ne pas fausser les rapports,Recherche et Suppression ne doivent être lancés qu'une seule fois
Cliquez sur Recherche et postez le rapport généré C:\AdwCleaner[R1].txt


NettoyageA faire sans délai
Relancez AdwCleaner avec droits administrateur
Cliquez sur Suppression et postez le rapport C:\AdwCleaner[s1].txt

2)Télécharger Junkware Removal Tool de thisisu
OS:Windows XP/Vista/7/8
Utilisable sur systèmes 32-bits et 64-bits

Clquez sur Jrt.exe avec droits administrateur.
Si votre antvirus râle,Vous le signalez comme acceptable dans les exceptions de votre antivirus
Une fenêtre noire s'ouvre qui vous dit de cliquer une touche pour lancer le scan.

L'outil va prendre quelques minutes pour fouiller votre machine.
Patientez jusqu'à l'apparition de Jrt.txt dont vous posterez le contenu.

3)

Téléchargez MBAM
Avant de lancer Mbam
Vous devez d'abord désactiver vos protections mais vous ne savez pas comment faire
Cliquer ici
Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)
Exécuter avec droits d'administrateur.
Sous Vista/7/8 , désactiver l'Uac

Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.
Enregistrez le sur le bureau .
Fermer toutes les fenêtres et programmes
Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)
N'apportez aucune modification aux réglages par défaut et, en fin d'installation,
Vérifiez que les options Update/Mises à jour et Launch/Exécuter soient cochées

MBAM démarrera automatiquement et enverra un message demandant de mettre à jour le programme avant de lancer une analyse.
cliquer sur OK pour fermer la boîte de dialogue..
Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation de connecter MBAM, acceptez

Une fois la mise à jour terminée, allez dans l'onglet Recherche.

Sélectionnez "Exécuter un examen complet"
Cliquez sur "Rechercher"
.L' analyse prendra un certain temps, soyez patient !
A la fin , un message affichera :
L'examen s'est terminé normalement.
Et un fichier Mbam.log apparaitra


Sélectionnez tout et cliquez sur Supprimer la sélection ,
MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.
Copiez-collez ce rapport dans la prochaine réponse.


4)reinitialiser-son-navigateur

5)Nouveau rapport Zhpdiag
Téchargement de Zhpdiag

Double-cliquer sur ZHPDiag.exe pour installer l'outil
Il devrait y avoir 3 icônes sur le bureau ou dans le fichier d'installation de Zhpdiag.



Sous XP, double clic sur l'icône ZhpDiag
Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur


Cliquer Configurer

Cliquez sur le bouton

et choisissez Tous
Pour éviter un blocage, décochez 045 et 061

Cliquer Rechercher
Le rapport ZhpDiag.txt apparait sur le bureau