cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

���������� | Shortcut_Module | g3n-h@ckm@n | 15.07.2014.2

����� Vista | 7 | 8 | 8.1 - 32/64 bits ����� - Start 09:05:41 - 15/07/2014

Mis � jour le : 15/07/2014 | 05.00 par g3n-h@ckm@n

Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html

Boot: Normal boot

Syst�me : Windows 8.1 Pro (64 bits) Professional

M�moire RAM = Total (MB) : 16662 | Libre (MB) : 14911
Pagefile = Total (MB) : 19152 | Libre (MB) : 17243
Virtuelle = Total (MB) : 4194 | Libre (MB) : 3998


Registre sauvegard� , pour restaurer : C:\Shortcut_Module\Save\Clean\ERDNT.exe

���������� | Mises � jour Windows

Aucune mise � jour d�tect�e !!!

���������� | Navigateurs

IE : 11.0.9600.17126 (� Microsoft Corporation. Tous droits r�serv�s.)
FF : 30.0.0.5269 (�Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 35.0.1916.153 (Copyright 2012 Google Inc. All rights reserved.)

���������� | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
AM : Malwarebytes' Anti-Malware (1.0.0.532) []
FW :
WMI : OK
WU: Windows Update Service [Manual(3)] = Arr�t�
AS: Windows Defender [Auto(2)] = Arr�t�
FW: Windows FireWall Service [Auto(2)] = Arr�t�

Mise en veille supprim�e !


���������� | FlashPlayer

ActiveX : 14.0.0.145
Plugin : 14.0.0.145

���������� | Processus tu�s

1012 | [Owner : Syst�me |Parent : 612] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.3621) = C:\Windows\System32\igfxCUIService.exe
1096 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Application sous-syst�me spouleur.) - (6.3.9600.16384) = C:\Windows\System32\spoolsv.exe
1300 | [Owner : Syst�me |Parent : 612] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1328 | [Owner : Syst�me |Parent : 612] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.27.757.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
1348 | [Owner : SERVICE LOCAL |Parent : 380] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe
1368 | [Owner : Syst�me |Parent : 612] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.22.2) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1524 | [Owner : Syst�me |Parent : 612] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
1628 | [Owner : Syst�me |Parent : 612] - (.TuneUp Software - TuneUp Utilities Service.) - (14.0.1000.221) = C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
1692 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.5.218.0) = C:\Program Files\Windows Defender\MsMpEng.exe
1736 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9600.17031) = C:\Windows\System32\SearchIndexer.exe
1504 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.5.218.0) = C:\Program Files\Windows Defender\NisSrv.exe
2200 | [Owner : Jean-Pierre |Parent : 888] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhostex.exe
2376 | [Owner : Jean-Pierre |Parent : 2340] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.17039) = C:\Windows\explorer.exe
2384 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2592 | [Owner : Jean-Pierre |Parent : 2568] - (.Intel Corporation - igfxEM Module.) - (6.15.10.3621) = C:\Windows\System32\igfxEM.exe
2688 | [Owner : Jean-Pierre |Parent : 2568] - (.Intel Corporation - igfxHK Module.) - (6.15.10.3621) = C:\Windows\System32\igfxHK.exe
2712 | [Owner : Jean-Pierre |Parent : 2568] - (.Intel Corporation - igfxTray Module.) - (6.15.10.3621) = C:\Windows\System32\igfxTray.exe
2908 | [Owner : Jean-Pierre |Parent : 696] - (.Microsoft Corporation - OneDrive Sync Engine.) - (6.3.9600.17122) = C:\Windows\System32\SkyDrive.exe
3316 | [Owner : Jean-Pierre |Parent : 2376] - (.Microsoft Corporation - Processus h�te Windows (Rundll32).) - (6.3.9600.16384) = C:\Windows\System32\rundll32.exe
3396 | [Owner : Syst�me |Parent : 612] - (.Motorola Solutions, Inc. - Bluetooth Device Monitor.) - (3.1.1311.394) = C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
3436 | [Owner : Syst�me |Parent : 612] - (.Motorola Solutions, Inc. - Bluetooth OBEX Service.) - (3.1.1311.394) = C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
3608 | [Owner : Jean-Pierre |Parent : 696] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.3.9600.17031) = C:\Windows\System32\SettingSyncHost.exe
3704 | [Owner : SERVICE R�SEAU |Parent : 3760] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.5.218.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
2728 | [Owner : Syst�me |Parent : 2492] - (.Google Inc. - Programme d'installation de Google.) - (1.3.21.103) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1052 | [Owner : SERVICE R�SEAU |Parent : 612] - (.Microsoft Corporation - Service Partage r�seau du Lecteur Windows Media.) - (12.0.9600.17031) = C:\Program Files\Windows Media Player\wmpnetwk.exe
3408 | [Owner : Syst�me |Parent : 612] - (.Nero AG - NeroUpdate.) - (11.0.42.0) = C:\Program Files (x86)\Nero\Update\NASvc.exe
1492 | [Owner : Jean-Pierre |Parent : 3084] - (. - DivX Update.) - (1.0.6.114) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
1940 | [Owner : Syst�me |Parent : 888] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhostex.exe
1244 | [Owner : Jean-Pierre |Parent : 888] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhost.exe
5064 | [Owner : Jean-Pierre |Parent : 696] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.21.1.2) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe
1692 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.5.218.0) = C:\Program Files\Windows Defender\MsMpEng.exe
1504 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.5.218.0) = C:\Program Files\Windows Defender\NisSrv.exe
4116 | [Owner : Syst�me |Parent : 612] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.27.757.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
4536 | [Owner : SERVICE LOCAL |Parent : 380] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17031) = C:\Windows\System32\dasHost.exe

���������� | Processus d�marr�s

308 | [Owner : Syst�me |Parent : 4] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe
460 | [Owner : Syst�me |Parent : 452] - (.Microsoft Corporation - Processus d�ex�cution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
524 | [Owner : Syst�me |Parent : 452] - (.Microsoft Corporation - Application de d�marrage de Windows.) - (6.3.9600.16384) = C:\Windows\System32\wininit.exe
532 | [Owner : Syst�me |Parent : 516] - (.Microsoft Corporation - Processus d�ex�cution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe
588 | [Owner : Syst�me |Parent : 516] - (.Microsoft Corporation - Application d�ouverture de session Windows.) - (6.3.9600.17031) = C:\Windows\System32\winlogon.exe
612 | [Owner : Syst�me |Parent : 524] - (.Microsoft Corporation - Applications Services et Contr�leur.) - (6.3.9600.17084) = C:\Windows\System32\services.exe
620 | [Owner : Syst�me |Parent : 524] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.16384) = C:\Windows\System32\lsass.exe
696 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
732 | [Owner : SERVICE R�SEAU |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
844 | [Owner : DWM-1 |Parent : 588] - (.Microsoft Corporation - Gestionnaire de fen�tres du Bureau.) - (6.3.9600.17031) = C:\Windows\System32\dwm.exe
852 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
888 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
952 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
380 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
708 | [Owner : SERVICE R�SEAU |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1156 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1392 | [Owner : Syst�me |Parent : 612] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (3.0.2.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
1592 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1692 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.5.218.0) = C:\Program Files\Windows Defender\MsMpEng.exe
1504 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.5.218.0) = C:\Program Files\Windows Defender\NisSrv.exe
2836 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
2652 | [Owner : SERVICE LOCAL |Parent : 852] - (.Microsoft Corporation - Isolation graphique de p�riph�rique audio Windows .) - (6.3.9600.17090) = C:\Windows\System32\audiodg.exe
3240 | [Owner : Jean-Pierre |Parent : 1392] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.0.0.532) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
2096 | [Owner : Syst�me |Parent : 612] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (3.0.2.0) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
1068 | [Owner : Syst�me |Parent : 696] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe
3948 | [Owner : Syst�me |Parent : 612] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (6.3.9600.16384) = C:\Windows\System32\svchost.exe
1244 | [Owner : Jean-Pierre |Parent : 888] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (6.3.9600.17031) = C:\Windows\System32\taskhost.exe
76 | [Owner : SERVICE R�SEAU |Parent : 696] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe
2880 | [Owner : Jean-Pierre |Parent : 4336] - (. - Shortcut_Module.) - (15.7.2014.2) = C:\Users\Jean-Pierre\Desktop\Shortcut_Module.exe
4432 | [Owner : SERVICE LOCAL |Parent : 612] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.7903) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3952 | [Owner : Jean-Pierre |Parent : 2880] - (. - Shortcut_Module_Protect.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe

���������� | RUN

04 - HKLM\..\Run : [KeyScrambler] D:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
04 - HKLM64\..\Run : [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
04 - HKU\S-1-5-21-3560205744-3877042966-2220522850-1001\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

���������� | Services


Service en fonctionnement : WINDEFEND
Service en fonctionnement : MMCSS
Service en fonctionnement : Dhcp
Service en fonctionnement : TcpIp
Service en fonctionnement : WinHttpAutoProxysvc
Service stopp� : WinHttpAutoProxysvc
Service en fonctionnement : MPSSvc
Service stopp� : MPSSvc
Service en fonctionnement : LanmanServer
Service en fonctionnement : DNScache
Service stopp� : DNScache
Service en fonctionnement : WdNisSvc

���������� | Hosts

C:\WINDOWS\System32\Drivers\etc\hosts : Remis a z�ro avec succ�s

���������� | Registre

Supprim� avec succ�s : HKLM\Software\Microsoft\Tracing\PerformanceOptimizer_RASMANCS

���������� | IFEO


���������� | Dossiers | Fichiers

Supprim� avec succ�s : C:\Users\JEAN-P~1\AppData\Local\Temp\lptmp1717786993
Supprim� avec succ�s : [Jean-Pierre | GC] : 1.8.3_0 = Snz
Supprim� avec succ�s : [Jean-Pierre | GC] : 2.7.7_0 = Snz
Supprim� avec succ�s : [Jean-Pierre | GC] : 3.1.41_0 = Snz
Supprim� avec succ�s : C:\Users\Jean-Pierre\AppData\Local\Microsoft\Windows\INetCache\Low\SuggestedSites.dat (.-.)
Supprim� avec succ�s : C:\Users\Jean-Pierre\AppData\Local\temp\Quarantine.exe

���������� | D�tournements de raccourcis


���������� | Detournement ouverture extension inconnue


���������� | Proxy

R�par� : [HKU\S-1-5-21-3560205744-3877042966-2220522850-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

���������� | D�tournement internet Explorer

R�par� : [HKU\S-1-5-21-3560205744-3877042966-2220522850-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://majax31isnotdown.blogspot.fr/ -> http://www.google.com/

���������� | D�tournement Google Chrome

[Jean-Pierre] Remis a z�ro avec succ�s : SearchURL

[HomeGroupUser$] : akcmlnodhbjlgpclkfgikjfkhobiakol = : - NextCoUpp
[HomeGroupUser$] : chbojcmkbjcbjllodbhmljphfflhnphm = : - NextCoup
[HomeGroupUser$] : dapngfckhpcalkebhlicfdjmifheigda = : - WebbiNg
[HomeGroupUser$] : gkkendkaokipgfakcagijaefjhhihene = : - Webbbing
[HomeGroupUser$] : ibiiaimghkbhffgkkdogldehnidojjga = : - History
[HomeGroupUser$] : idgpnmonknjnojddfkpgkljpfnnfcklj = : - ModHeader
[HomeGroupUser$] : jfapephbghnlnmlhllibeajocahcplof = : - Webbing
[HomeGroupUser$] : mcjmbceeabdhioemmdcblpabhchhngok = : - NEXtCoup
[Invit�] : akcmlnodhbjlgpclkfgikjfkhobiakol = : - NextCoUpp
[Invit�] : chbojcmkbjcbjllodbhmljphfflhnphm = : - NextCoup
[Invit�] : dapngfckhpcalkebhlicfdjmifheigda = : - WebbiNg
[Invit�] : gkkendkaokipgfakcagijaefjhhihene = : - Webbbing
[Invit�] : ibiiaimghkbhffgkkdogldehnidojjga = : - History
[Invit�] : idgpnmonknjnojddfkpgkljpfnnfcklj = : - ModHeader
[Invit�] : jfapephbghnlnmlhllibeajocahcplof = : - Webbing
[Invit�] : mcjmbceeabdhioemmdcblpabhchhngok = : - NEXtCoup
[Jean-Pierre] : afbpdhiclgghnffhkinjikglgmolhpee = : Torrent Search You can quickly and easily search Torrent files in the world. - http://atomurl.net/torrent - Torrent Search
[Jean-Pierre] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co
[Jean-Pierre] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co
[Jean-Pierre] : baampgkagbmhnlhleemfbpecfjpakffj = : Pr�visions m�t�orologiques � 15 jours gratuites de toute l'Europe. - http://www.meteo-europ.com/fr/ - M�t�o Europe
[Jean-Pierre] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co
[Jean-Pierre] : bmhjjbgkiekoppopopkkjepdepealime = : Votre m�t�o ! Photos du ciel � la campagne la montagne ou la mer ou � Paris... - http://www.livemeteo.net/ - La M�t�o en direct - LiveMeteo
[Jean-Pierre] : bmkbgopmapckbieglbhdhagjljbhegmi = : R�alisation de devis et factures en ligne ou sur logiciel ou sur iphone - http://www.go-facture.fr/?utm_source=app-chrome&utm_medium=app-chrome&utm_campaign=index - Go-Facture
[Jean-Pierre] : cfmnkhhioonhiehehedmnjibmampjiab = : The fastest and best personal start page - start.me - start.me - new tab page for Chrome
[Jean-Pierre] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co
[Jean-Pierre] : dbpojpfdiliekbbiplijcphappgcgjfn = : This extension displays country or region name Geo Google PageRank Alexa Rank and WOT info for the websites you're visiting. - Flag for Chrome
[Jean-Pierre] : ejidjjhkpiempkbhmpbfngldlkglhimk = : __MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__ - https://mail.google.com/mail/mu/?mui=ca - __MSG_WEBSTORE_PRONGHORN_PRODUCT_NAME__
[Jean-Pierre] : jeaohhlajejodfjadcponpnjgkiikocn = : Download files with Internet Download Manager - IDM Integration Module
[Jean-Pierre] : kgejefbmnoeggbdiachnffkooacmfife = : Google & co - Google & co
[Jean-Pierre] : lniahgcddkbgipmbmlhjpoafdeephgcf = : Business-class backup for Google Drive� Google Docs� Gmail� Google Calendar� and Google Contacts�. - https://spanningbackup.com/ - Spanning Backup for Google Apps�
[Jean-Pierre] : lnjmmfoodmgpmopdagcefpakbalmngkm = : Toutes les principales radios francophones en une seule page. Super facile et 100% gratuit. - http://www.ecouterradioenligne.com/ - Ecouter radio
[Jean-Pierre] : mbmphdinbmonlcogmljkkahppnkannma = : Free online file conversion supporting numerous document music video and image formats. - http://www.fileminx.com/ - Fileminx
[Jean-Pierre] : mihcahmgecmbnbcchbopgniflfhgnkff = : __MSG_gmailcheck_description__ - __MSG_gmailcheck_name__
[Jean-Pierre] : ncliohomlfopnmlfkepkcbnhmeijkhhf = : We highly recommend our Chrome extension (https://lastpass.com/chrome/) over this application! - http://lastpass.com/chromewebapp.php - LastPass Vault
[Jean-Pierre] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[Jean-Pierre] : npnconcoeefpjfphlaapaocomlkcblhf = : Votre blague est-elle la plus drole ? Vive l'humour et les blagueurs francais ! Rire et d�tente dans la bonne humeur. - http://www.jookees.com/ - Blague et humour en francais - Jookees
[Jean-Pierre] : pgphcomnlaojlmmcjmiddhdapjpbgeoc = : Makes Gmail your default email application and provides a button to compose a Gmail message to quickly share a link via email - Send from Gmail (by Google)
[Jean-Pierre] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co

���������� | D�tournement Firefox

[Jean-Pierre] Supprim� avec succ�s : C:\Users\Jean-Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\z8rtde2y.default\sessionstore.js

[Jean-Pierre] : gmailwatcher@sonthakit.xpi : - -
[Jean-Pierre] : {4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi : - -
[Jean-Pierre] : {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi : - -
[Jean-Pierre] : {fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi : - -

���������� | Opera


���������� | D�tournement des cl�s StartMenuInternet

R�par� : [HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"

���������� | AppCertDlls | AppInit_DLLs


���������� | D�tournement Javascript


���������� | Firewall


���������� | ADS

C:\ProgramData\Temp:
Supprim� avec succ�s :1CE11B51

���������� | Fichiers temporaires

[Administrateur] Fichiers temporaires Supprim�s : 0 Ko
[All Users] Fichiers temporaires Supprim�s : 0 Ko
[Default] Fichiers temporaires Supprim�s : 0 Ko
[Default User] Fichiers temporaires Supprim�s : 0 Ko
[HomeGroupUser$] Fichiers temporaires Supprim�s : 0 Ko
[Invit�] Fichiers temporaires Supprim�s : 0 Ko
[Jean-Pierre] Fichiers temporaires Supprim�s : 15396 Ko
[Public] Fichiers temporaires Supprim�s : 0 Ko
[C:\WINDOWS\Temp] Fichiers temporaires Supprim�s : 0 Ko
[C:\Temp] Fichiers temporaires Supprim�s : 0 Ko

Service Red�marr� : DNScache
Service Red�marr� : MPSsvc

Autre rapport

C:\Shortcut_Module_14_07_2014_21_13_10.txt[77282 o]

Mise en veille restaur�e

���������� | Listing


���������� | C:\Program Files (x86)

[09/04/2014 17:31:42] - |D| - C:\Program Files (x86)\Adobe
[21/03/2014 10:56:01] - |D| - C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 5.5
[24/02/2014 22:32:39] - |D| - C:\Program Files (x86)\Apple Software Update
[24/02/2014 12:08:38] - |D| - C:\Program Files (x86)\Audacity
[12/07/2014 18:10:13] - |D| - C:\Program Files (x86)\Bigasoft
[24/02/2014 11:53:05] - |D| - C:\Program Files (x86)\Bit Che
[22/08/2013 15:36:15] - |D| - C:\Program Files (x86)\Common Files
[24/02/2014 22:08:19] - |D| - C:\Program Files (x86)\CyberLink
[22/08/2013 17:36:33] - |ASH| - C:\Program Files (x86)\desktop.ini
[25/02/2014 11:42:52] - |D| - C:\Program Files (x86)\DivX
[09/04/2014 11:17:56] - |D| - C:\Program Files (x86)\FILEminimizer Pictures
[05/05/2014 19:38:02] - |D| - C:\Program Files (x86)\Google
[28/03/2014 12:50:17] - |D| - C:\Program Files (x86)\IcoSauve
[24/02/2014 12:14:31] - |D| - C:\Program Files (x86)\ImgBurn
[24/02/2014 22:08:10] - |D| - C:\Program Files (x86)\InstallShield Installation Information
[24/02/2014 10:59:08] - |D| - C:\Program Files (x86)\Intel
[24/02/2014 20:53:07] - |D| - C:\Program Files (x86)\Internet Download Manager
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Internet Explorer
[15/04/2014 10:34:03] - |D| - C:\Program Files (x86)\K-Lite Codec Pack
[20/04/2014 10:18:49] - |D| - C:\Program Files (x86)\LastPass
[24/02/2014 22:51:53] - |D| - C:\Program Files (x86)\LightScribe Template Labeler
[24/02/2014 11:45:38] - |D| - C:\Program Files (x86)\Logitech
[24/02/2014 19:35:54] - |D| - C:\Program Files (x86)\MAGIX
[14/04/2014 18:08:44] - |D| - C:\Program Files (x86)\Malwarebytes Anti-Malware
[24/02/2014 12:13:33] - |D| - C:\Program Files (x86)\Microsoft Office
[24/02/2014 11:31:34] - |D| - C:\Program Files (x86)\Microsoft Silverlight
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Microsoft.NET
[28/06/2014 01:34:39] - |D| - C:\Program Files (x86)\MozBackup
[14/06/2014 15:09:11] - |D| - C:\Program Files (x86)\Mozilla Firefox
[24/02/2014 12:26:50] - |D| - C:\Program Files (x86)\Mozilla Maintenance Service
[24/02/2014 12:12:23] - |D| - C:\Program Files (x86)\MSBuild
[24/02/2014 12:13:29] - |D| - C:\Program Files (x86)\MSECache
[24/02/2014 19:35:51] - |D| - C:\Program Files (x86)\MSXML 4.0
[29/06/2014 19:43:25] - |D| - C:\Program Files (x86)\Nero
[24/02/2014 22:06:54] - |D| - C:\Program Files (x86)\NewBlue
[09/07/2014 18:43:52] - |D| - C:\Program Files (x86)\NSIS Uninstall Information
[24/02/2014 22:25:31] - |D| - C:\Program Files (x86)\OpenOffice 4
[03/04/2014 18:03:57] - |D| - C:\Program Files (x86)\Photodex
[24/02/2014 12:13:51] - |D| - C:\Program Files (x86)\Photodex Presenter
[11/07/2014 21:07:29] - |D| - C:\Program Files (x86)\PrivacyEraser Computing
[24/02/2014 22:06:15] - |D| - C:\Program Files (x86)\proDAD
[28/02/2014 18:17:05] - |D| - C:\Program Files (x86)\QuickTime
[19/04/2014 15:17:45] - |D| - C:\Program Files (x86)\Realtek
[24/02/2014 12:12:23] - |D| - C:\Program Files (x86)\Reference Assemblies
[24/02/2014 20:39:14] - |D| - C:\Program Files (x86)\Songr
[24/02/2014 22:34:58] - |D| - C:\Program Files (x86)\TomTom HOME 2
[24/02/2014 22:34:48] - |D| - C:\Program Files (x86)\TomTom International B.V
[24/02/2014 22:35:23] - |D| - C:\Program Files (x86)\Tomtomax Maxi-Box V3
[24/02/2014 12:15:22] - |D| - C:\Program Files (x86)\TuneUp Utilities 2014
[28/03/2014 11:56:32] - |D| - C:\Program Files (x86)\Tweaking.com
[25/02/2014 11:48:52] - |D| - C:\Program Files (x86)\VideoLAN
[04/07/2014 10:30:37] - |D| - C:\Program Files (x86)\VS Revo Group
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Defender
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Mail
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Media Player
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Multimedia Platform
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows NT
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Photo Viewer
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Windows Portable Devices
[22/08/2013 17:36:30] - |SHD| - C:\Program Files (x86)\Windows Sidebar
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\WindowsPowerShell
[28/03/2014 13:02:54] - |D| - C:\Program Files (x86)\Your Uninstaller! 7
[14/07/2014 17:51:33] - |D| - C:\Program Files (x86)\ZHPDiag

���������� | C:\Program Files

[24/02/2014 20:23:49] - |D| - C:\Program Files\7-Zip
[02/03/2014 18:51:04] - |D| - C:\Program Files\Adblock Plus for IE
[24/02/2014 12:09:19] - |D| - C:\Program Files\CCleaner
[22/08/2013 15:36:15] - |D| - C:\Program Files\Common Files
[24/02/2014 23:48:27] - |D| - C:\Program Files\CyberLink
[22/08/2013 17:36:45] - |ASH| - C:\Program Files\desktop.ini
[25/02/2014 11:43:07] - |D| - C:\Program Files\DivX
[14/06/2014 12:21:04] - |D| - C:\Program Files\EnhanceMy8
[24/02/2014 10:55:53] - |SHD| - C:\Program Files\Fichiers communs
[24/02/2014 10:59:06] - |D| - C:\Program Files\Intel
[22/08/2013 17:36:31] - |D| - C:\Program Files\Internet Explorer
[24/02/2014 11:31:34] - |D| - C:\Program Files\Microsoft Silverlight
[24/02/2014 12:12:21] - |D| - C:\Program Files\MSBuild
[24/02/2014 22:06:54] - |D| - C:\Program Files\NewBlue
[24/02/2014 12:12:21] - |D| - C:\Program Files\Reference Assemblies
[22/08/2013 16:47:10] - |HD| - C:\Program Files\Uninstall Information
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Defender
[23/08/2013 00:26:23] - |D| - C:\Program Files\Windows Journal
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Mail
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Media Player
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Multimedia Platform
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows NT
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Photo Viewer
[22/08/2013 17:36:31] - |D| - C:\Program Files\Windows Portable Devices
[22/08/2013 17:36:31] - |SHD| - C:\Program Files\Windows Sidebar
[22/08/2013 17:36:31] - |HD| - C:\Program Files\WindowsApps
[22/08/2013 17:36:31] - |D| - C:\Program Files\WindowsPowerShell
[24/02/2014 19:29:16] - |D| - C:\Program Files\WinRAR
[24/02/2014 12:06:03] - |D| - C:\Program Files\WinZip

���������� | C:\Program Files (x86)\Common Files

[09/04/2014 17:31:42] - |D| - C:\Program Files (x86)\Common Files\Adobe
[24/02/2014 22:32:43] - |D| - C:\Program Files (x86)\Common Files\Apple
[24/02/2014 22:09:11] - |D| - C:\Program Files (x86)\Common Files\CyberLink
[25/02/2014 11:43:00] - |D| - C:\Program Files (x86)\Common Files\DivX Shared
[24/02/2014 10:59:05] - |D| - C:\Program Files (x86)\Common Files\Intel
[24/02/2014 22:50:33] - |D| - C:\Program Files (x86)\Common Files\LightScribe
[24/02/2014 11:45:14] - |D| - C:\Program Files (x86)\Common Files\logishrd
[20/04/2014 10:18:58] - |N| - C:\Program Files (x86)\Common Files\lpuninstall.exe
[24/02/2014 19:35:54] - |D| - C:\Program Files (x86)\Common Files\MAGIX Services
[24/02/2014 21:41:41] - |D| - C:\Program Files (x86)\Common Files\MAGIX Shared
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Common Files\Microsoft Shared
[29/06/2014 19:44:20] - |D| - C:\Program Files (x86)\Common Files\Nero
[22/04/2014 17:24:33] - |D| - C:\Program Files (x86)\Common Files\postureAgent
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Common Files\Services
[22/08/2013 17:36:30] - |D| - C:\Program Files (x86)\Common Files\System
[18/06/2014 10:23:27] - |D| - C:\Program Files (x86)\Common Files\Wise Installation Wizard

���������� | C:\Program Files\Common Files

[24/02/2014 11:45:13] - |D| - C:\Program Files\Common Files\logishrd
[22/08/2013 17:36:31] - |D| - C:\Program Files\Common Files\microsoft shared
[22/08/2013 17:36:31] - |D| - C:\Program Files\Common Files\Services
[22/08/2013 17:36:31] - |D| - C:\Program Files\Common Files\System

���������� | C:\Users\Jean-Pierre\AppData\Roaming

[24/02/2014 10:56:11] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Adobe
[24/02/2014 22:56:14] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Apple Computer
[24/02/2014 12:08:46] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Audacity
[12/07/2014 18:10:19] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Bigasoft Total Video Converter 4
[02/03/2014 12:45:41] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\BlueSprig
[24/02/2014 11:53:05] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Convivea
[24/02/2014 22:13:39] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\CyberLink
[07/05/2014 12:01:34] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Cybertron
[25/02/2014 11:43:14] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\DivX
[24/02/2014 20:53:10] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\DMCache
[09/04/2014 11:17:59] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\FILEminimizerPictures
[24/02/2014 20:53:11] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\IDM
[25/02/2014 14:50:07] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\ImgBurn
[04/04/2014 18:30:03] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Juce Audio Plugin Host
[24/02/2014 11:45:46] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Leadertech
[30/06/2014 22:35:32] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Macromedia
[24/02/2014 19:35:11] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\MAGIX
[24/02/2014 10:55:38] - |SD| - C:\Users\Jean-Pierre\AppData\Roaming\Microsoft
[30/03/2014 19:50:32] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\MiniGet
[24/02/2014 12:13:51] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Mozilla
[29/06/2014 19:53:01] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Nero
[24/02/2014 12:13:51] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Netscape
[25/02/2014 00:09:13] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\OpenOffice
[03/07/2014 16:44:01] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Outerspace Software
[24/02/2014 19:47:12] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Photodex
[24/02/2014 22:06:17] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\proDAD
[12/05/2014 19:05:33] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\QFX Software
[14/06/2014 12:21:12] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\SeriousBit
[11/07/2014 19:53:14] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Thinstall
[24/02/2014 23:57:58] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\TomTom
[24/02/2014 12:15:32] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\TuneUp Software
[28/03/2014 13:02:34] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\URSoft
[24/02/2014 11:53:43] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\uTorrent
[25/02/2014 11:49:06] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\vlc
[29/03/2014 11:10:15] - |A| - C:\Users\Jean-Pierre\AppData\Roaming\WB.CFG
[24/02/2014 19:29:19] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\WinRAR
[28/02/2014 20:00:59] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\Wise Disk Cleaner
[28/03/2014 10:07:12] - |D| - C:\Users\Jean-Pierre\AppData\Roaming\ZHP

���������� | C:\Users\Jean-Pierre\AppData\Local

[09/04/2014 17:31:10] - |D| - C:\Users\Jean-Pierre\AppData\Local\Adobe
[24/02/2014 22:32:40] - |D| - C:\Users\Jean-Pierre\AppData\Local\Apple
[25/02/2014 14:59:11] - |D| - C:\Users\Jean-Pierre\AppData\Local\Apple Computer
[24/02/2014 10:55:38] - |SHD| - C:\Users\Jean-Pierre\AppData\Local\Application Data
[28/06/2014 15:59:25] - |D| - C:\Users\Jean-Pierre\AppData\Local\Avg2014
[30/03/2014 19:50:13] - |D| - C:\Users\Jean-Pierre\AppData\Local\b9744e74-6c5b-4c61-c2ef-2b13b13f99cf
[28/03/2014 18:43:57] - |D| - C:\Users\Jean-Pierre\AppData\Local\Comodo
[24/02/2014 22:13:39] - |D| - C:\Users\Jean-Pierre\AppData\Local\CyberLink
[02/03/2014 18:55:30] - |A| - C:\Users\Jean-Pierre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[02/03/2014 11:23:11] - |D| - C:\Users\Jean-Pierre\AppData\Local\Diagnostics
[24/02/2014 22:34:27] - |D| - C:\Users\Jean-Pierre\AppData\Local\Downloaded Installations
[11/07/2014 17:51:15] - |D| - C:\Users\Jean-Pierre\AppData\Local\ElevatedDiagnostics
[09/04/2014 08:37:15] - |SHD| - C:\Users\Jean-Pierre\AppData\Local\EmieSiteList
[09/04/2014 08:37:15] - |SHD| - C:\Users\Jean-Pierre\AppData\Local\EmieUserList
[05/05/2014 19:37:59] - |D| - C:\Users\Jean-Pierre\AppData\Local\Google
[24/02/2014 10:55:38] - |SHD| - C:\Users\Jean-Pierre\AppData\Local\Historique
[28/06/2014 01:28:18] - |AH| - C:\Users\Jean-Pierre\AppData\Local\IconCache.db
[24/02/2014 11:48:30] - |D| - C:\Users\Jean-Pierre\AppData\Local\Logitech� Webcam Software
[30/06/2014 22:35:32] - |D| - C:\Users\Jean-Pierre\AppData\Local\Macromedia
[24/02/2014 21:41:44] - |D| - C:\Users\Jean-Pierre\AppData\Local\Magix
[18/06/2014 11:02:31] - |D| - C:\Users\Jean-Pierre\AppData\Local\MAGIX_AG
[24/02/2014 10:55:38] - |D| - C:\Users\Jean-Pierre\AppData\Local\Microsoft
[24/02/2014 12:26:58] - |D| - C:\Users\Jean-Pierre\AppData\Local\Mozilla
[24/12/2013 11:09:17] - |D| - C:\Users\Jean-Pierre\AppData\Local\Packages
[24/02/2014 10:56:36] - |D| - C:\Users\Jean-Pierre\AppData\Local\PackageStaging
[24/02/2014 22:13:40] - |D| - C:\Users\Jean-Pierre\AppData\Local\Power2Go9
[24/02/2014 12:08:32] - |D| - C:\Users\Jean-Pierre\AppData\Local\Programs
[19/03/2014 12:33:07] - |A| - C:\Users\Jean-Pierre\AppData\Local\resmon.resmoncfg
[24/02/2014 20:35:32] - |D| - C:\Users\Jean-Pierre\AppData\Local\Songr
[14/07/2014 22:39:21] - |D| - C:\Users\Jean-Pierre\AppData\Local\Temp
[24/02/2014 10:55:38] - |SHD| - C:\Users\Jean-Pierre\AppData\Local\Temporary Internet Files
[11/07/2014 19:53:14] - |D| - C:\Users\Jean-Pierre\AppData\Local\Thinstall
[24/02/2014 23:57:58] - |D| - C:\Users\Jean-Pierre\AppData\Local\TomTom
[24/02/2014 10:56:11] - |D| - C:\Users\Jean-Pierre\AppData\Local\VirtualStore
[01/07/2014 11:14:41] - |D| - C:\Users\Jean-Pierre\AppData\Local\VS Revo Group
[24/02/2014 19:36:45] - |D| - C:\Users\Jean-Pierre\AppData\Local\Xara

���������� | C:\ProgramData

[09/04/2014 17:31:27] - |D| - C:\ProgramData\Adobe
[24/02/2014 22:32:39] - |D| - C:\ProgramData\Apple
[24/02/2014 22:32:53] - |D| - C:\ProgramData\Apple Computer
[22/08/2013 16:45:52] - |SHD| - C:\ProgramData\Application Data
[09/07/2014 15:36:33] - |D| - C:\ProgramData\Ashampoo
[24/02/2014 10:55:53] - |SHD| - C:\ProgramData\Bureau
[24/02/2014 12:15:09] - |HD| - C:\ProgramData\Common Files
[24/02/2014 22:08:10] - |D| - C:\ProgramData\CyberLink
[22/08/2013 16:45:52] - |SHD| - C:\ProgramData\Desktop
[25/02/2014 11:41:53] - |D| - C:\ProgramData\DivX
[22/08/2013 16:45:52] - |SHD| - C:\ProgramData\Documents
[24/02/2014 20:53:11] - |D| - C:\ProgramData\IDM
[09/07/2014 18:40:56] - |D| - C:\ProgramData\install_clap
[22/04/2014 17:24:51] - |D| - C:\ProgramData\Intel
[25/02/2014 13:13:30] - |D| - C:\ProgramData\LightScribe
[24/02/2014 11:45:53] - |D| - C:\ProgramData\LogiShrd
[17/04/2014 16:42:22] - |D| - C:\ProgramData\Logs
[24/02/2014 19:35:54] - |D| - C:\ProgramData\MAGIX
[14/04/2014 18:08:44] - |D| - C:\ProgramData\Malwarebytes
[24/02/2014 10:55:53] - |SHD| - C:\ProgramData\Menu D�marrer
[22/08/2013 15:36:15] - |SD| - C:\ProgramData\Microsoft
[24/02/2014 10:55:53] - |SHD| - C:\ProgramData\Mod�les
[24/02/2014 12:26:50] - |D| - C:\ProgramData\Mozilla
[29/06/2014 19:42:29] - |D| - C:\ProgramData\Nero
[02/03/2014 18:51:02] - |D| - C:\ProgramData\Package Cache
[09/07/2014 18:43:53] - |D| - C:\ProgramData\PDVD
[24/02/2014 12:13:49] - |D| - C:\ProgramData\Photodex
[24/02/2014 22:06:22] - |D| - C:\ProgramData\proDAD
[12/05/2014 19:05:33] - |D| - C:\ProgramData\QFX Software
[22/08/2013 17:36:30] - |D| - C:\ProgramData\regid.1991-06.com.microsoft
[14/07/2014 19:31:04] - |D| - C:\ProgramData\Spybot - Search & Destroy
[22/08/2013 16:45:52] - |SHD| - C:\ProgramData\Start Menu
[24/02/2014 22:08:10] - |AD| - C:\ProgramData\Temp
[22/08/2013 16:45:52] - |SHD| - C:\ProgramData\Templates
[24/05/2014 20:08:24] - |D| - C:\ProgramData\TomTom
[24/02/2014 12:15:09] - |D| - C:\ProgramData\TuneUp Software
[24/02/2014 12:06:05] - |D| - C:\ProgramData\WinZip
[24/02/2014 12:15:09] - |SHD| - C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

[X] : [7582 Ko]

El�ments analys�s : 268111 | Modifi�s : 2 | Infect�s : 13

���������� |EOF| ���������� | 09:25:57 | [37 Ko]

Publicité


Signaler le contenu de ce document

Publicité