AdriKN
Messages postés39Date d'inscriptionlundi 20 janvier 2014StatutMembreDernière intervention22 avril 2016
-
20 janv. 2014 à 18:55
AdriKN
Messages postés39Date d'inscriptionlundi 20 janvier 2014StatutMembreDernière intervention22 avril 2016
-
20 janv. 2014 à 19:06
Bonjour, je viens de découvrir que je me suis fait infecter par Boxore Client et il m'est impossible de le supprimer.
Après quelques recherches je découvre qu il faut faire une analyse avec ZHPDiag, et après il faut utiliser ZHPfix pour le supprimer.
Actuellement j'ai fait l 'analyse, maintenant je cherche quelqu'un qui puisse me dire ce que je dois faire avec ZHPfix.
~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (17.01.2014)
~ Launched by Adrien (20.01.2014 18:27:10)
~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ System optimization software
CCleaner v3.21 =>Piriform Ltd
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader X
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 165 GB (36%) free of 450 GB
---\\ Connection to the system mode
~ Computer Name: ADRIEN-HP
~ User Name: Adrien
~ All Users Names: HomeGroupUser$, Gast, Adrien, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 165 Go of 450 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 16 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Free 0 Go of 0 Go)
G: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: La Bataille pour la Terre du Milieu(TM) II.lnk . (...) -- C:\Program Files (x86)\Electronic Arts\La Bataille pour la Terre du Milieu II\lotrbfme2.exe
O4 - GS\Desktop [Public]: Mobile Connection Manager.lnk . (.Telefónica I+D - Telefónica Group Connection Manager.) -- C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Pandora Recovery.lnk . (.Pandora Corp. - Pandora Recovery.) -- C:\Program Files (x86)\Pandora Recovery\PandoraRecovery.exe
O4 - GS\Desktop [Public]: Pinnacle VideoSpin.lnk . (.Pinnacle Systems - Pinnacle VideoSpin program file.) -- C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe
O4 - GS\Desktop [Public]: Studio Version 9.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\Program [Public]: CDBurner (graveur).lnk . (...) -- C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Accessories [Public]: imprim écran.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\QuickLaunch [Gast]: Studio.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\TaskBar [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Gast]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Gast]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Gast]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Gast]: Crusader.lnk . (...) -- C:\Program Files (x86)\Fizzy\Crusader\swords_and_sandals_crusader_download.exe (.not file.)
O4 - GS\Desktop [Gast]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - GS\Desktop [Gast]: MagicISO.lnk . (...) -- C:\Program Files (x86)\MagicISO\MagicISO.exe (.not file.)
O4 - GS\Desktop [Gast]: PDF Editeur 3.3.lnk . (...) -- C:\Program Files (x86)\PDF Editeur 3\PDFEdit.exe
O4 - GS\QuickLaunch [Adrien]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Adrien]: Studio.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 9\programs\studio.exe
O4 - GS\TaskBar [Adrien]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Adrien]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Adrien]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Adrien]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Adrien]: Creatval.lnk . (...) -- C:\Creatval\Creatval.exe (.not file.)
O4 - GS\Desktop [Adrien]: MagicDisc.lnk . (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - GS\Desktop [Adrien]: MagicISO.lnk . (...) -- C:\Program Files (x86)\MagicISO\MagicISO.exe (.not file.)
O4 - GS\Desktop [Adrien]: PDF Editeur 3.3.lnk . (...) -- C:\Program Files (x86)\PDF Editeur 3\PDFEdit.exe
~ Global Startup: 71 Legitimates Filtered in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.E1FBAB1339CF375697B494DFE365BE6F] [SPRF][10.01.2011] (.www.froggie.sk - Language Pack Installer for Windows Vista and Seven.) -- C:\Desktop\Vistalizator23.exe [970156]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 27.12.2013 177488 | c:\progra~3\winspeed\WinSpeedSvc.dll (f1f78e38) . (...) - C:\ProgramData\WinSpeed\WinSpeedSvc.dll
SS - | Auto 04.04.2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 06.06.2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18.11.2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 22.06.2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 23.12.2013 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 10.07.1658 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 10.11.2010 1298516 | (eLimit) . (...) - C:\Program Files (x86)\eLimit\maeLimit.exe
SR - | Auto 10.07.1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Demand 05.07.2011 988216 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 02.07.2010 27192 | (HPWMISVC) . (...) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 05.04.2010 116104 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04.04.2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 17.06.2010 315392 | (RtVOsdService) . (.Realtek Semiconductor Corp..) - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
SR - | Auto 29.09.2010 200624 | (TGCM_ImportWiFiSvc) . (.Telefónica I+D.) - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
SR - | Auto 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10.07.1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 2 link(s) detected in 00mn 23s
~ 1344 Legitimates filtered by white list
End of the scan (524 lines in 00mn 59s)(0)