cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.13.35 - Nicolas Coolman (13/10/2013)
~ Lanc� par AHMED (14/10/2013 09:31:51)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19475
GCIE: Google Chrome v30.0.1599.69 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
System - Enable Open file C:\Users\AHMED\AppData\Roaming\ZHP\Licence.txt =>.Nicolas Coolman

---\\ Logiciels de protection du syst�me
Avira Antivirus Premium v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.05 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 25

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014.5 MB (26% free)
System Restore: Activ� (Enable)
System drive C: has 86 GB (61%) free of 140 GB

---\\ Mode de connexion au syst�me
~ Computer Name: PC-DE-AHMED
~ User Name: AHMED
~ All Users Names: JOCELYNE, AHMED, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\AHMED\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\AHMED\AppData\Roaming\
~ %Desktop% : C:\Users\AHMED\Desktop\
~ %Favorites% : C:\Users\AHMED\Favorites\
~ %LocalAppData% : C:\Users\AHMED\AppData\Local\
~ %StartMenu% : C:\Users\AHMED\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 86 Go of 140 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 9 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
~ Security Center: 39 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.1853004D970C5F6C298711A2C105EB64] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/09/2013 - 13:57:49.) -- C:\Windows\System32\wininet.dll [916992]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parall�le.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 02s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/985
~ Mes musiques (My Musics) : 1/22
~ Mes Videos (My Videos) : 1/24
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/76
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 19s



---\\ Processus lanc�s
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2356]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.3808]
[MD5.35F020A44D4DE846801390F31627DEDC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [166424] [PID.3900]
[MD5.57C8536018A3EB58B4BE66FADE1B289E] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [133656] [PID.2996]
[MD5.66B24E2EB8F8A8340F238A346F231C79] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712] [PID.3612]
[MD5.189143A3943760112DE09B584DD7ED81] - (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe [331552] [PID.1508]
[MD5.3BA17E105DF34DB078CA0673952C0B48] - (.Hewlett-Packard Development Company, L.P. - HP ProtectTools Security Manager.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [145184] [PID.736]
[MD5.62B3C9786081ECAAB272A118408D2817] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800] [PID.2408]
[MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752] [PID.3904]
[MD5.443ADA6FE624132C76D3CBF47F371D7C] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [177456] [PID.3368]
[MD5.5616E23703DDBB615D41923D0768BE84] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744] [PID.3884]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.1736]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2776]
[MD5.AEA677B8668697C311799CF6CA369D3E] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.4012]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.1916]
[MD5.67DA9F19F336000E1D2CF66E268E45C6] - (...) -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe [1438056] [PID.336]
[MD5.B52D2F8284E84C50865B7CCF592FED37] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.1152]
[MD5.8826E5192E7108DD12163BB5FAA9D826] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [256536] [PID.900]
[MD5.91C7B7340109693219CE5BCDA1B8CCAC] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [91440] [PID.3644]
[MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.exe [316720] [PID.1384]
[MD5.1EDC4865C8003A0251956835273904B1] - (.Pas de propri�taire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [685360] [PID.3688]
[MD5.1F373C5DB440D92839DDDF63F5BA2E8A] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528] [PID.4700]
[MD5.A623666C8A8EC9A57DCA07915A3F1EC6] - (.Microsoft Corporation - Sauvegarde Microsoft� Windows.) -- C:\windows\system32\sdclt.exe [1169408] [PID.1132]
[MD5.2176B4590387405E5F2405C3CEF0C02A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8078848] [PID.3948]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\windows\system32\conime.exe [69120] [PID.4640]
[MD5.927754ABF077AEB5504BE4E0F2C60C1B] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1120]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\windows\system32\SLsvc.exe [3408896] [PID.1228]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilit� pour les ser.) -- C:\windows\system32\WLANExt.exe [74240] [PID.1544]
[MD5.963C570DCA934525A9AC4C2431755670] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.1684]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1412]
[MD5.12D23758621B00B8D3134095EC3325FD] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\windows\system32\AEADISRV.exe [69632] [PID.1160]
[MD5.8ED60797908FD394EEE0D6949F493224] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\Windows\system32\agrsmsvc.exe [12800] [PID.2052]
[MD5.2AEE99406DE701A5AFAE7F8AE70090FC] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.2076]
[MD5.E9EC72EF5FCD42FC8663F3CAF2CEA5B7] - (...) -- C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [2202984] [PID.2088]
[MD5.3AD7614C487C948ADD435662265750FB] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2144]
[MD5.213822072085B5BBAD9AF30AB577D817] - (.InterVideo - RegMgr Module.) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [112152] [PID.2252]
[MD5.4408DE295E63C202F59261B67CAF62AF] - (.Pas de propri�taire - Printer Communication System.) -- C:\windows\system32\lxcrcoms.exe [537520] [PID.2280]
[MD5.B6D347C26F861DDD4AD4863F5A1596B9] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files\PDF Complete\pdfsvc.exe [540448] [PID.2388]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2496]
[MD5.4C0896FEC887750DD62629A1FB1D692A] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.3648]
[MD5.786CFF70F72A58CD08B1729BA15A4A14] - (.Avira Operations GmbH & Co. KG - Avira MailGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648] [PID.3888]
[MD5.5201C203172C55AD899013E050E759CF] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [815160] [PID.3920]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.836]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2700]
[MD5.1665C7121A026DF10C903DB9BC5E9D43] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [165192] [PID.1908]
[MD5.7795F8CEBC284A426B53F541E538695F] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [193840] [PID.2016]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\AHMED\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.bing.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.msn.com
~ Google Browser: 10 Legitimates Filtered in 00mn 18s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\AHMED\AppData\Roaming\Mozilla\Firefox\Profiles\9woh9t5y.default\prefs.js
~ Firefox Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{0BF43445-2F28-4351-9252-17FE6E806AA0} Cl� orpheline
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Aide et Support d'HP.lnk . (.Hewlett-Packard - HPHS Launcher.) -- C:\Windows\Help\OEM\scripts\HPHS_Launcher.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: LG PC Suite.Lnk . (...) -- C:\Program Files\LG Electronics\LG PC Suite\LGPCSuite.exe
O4 - GS\Program [Public]: HP ProtectTools Security Manager for administrators.lnk . (.Hewlett-Packard Development Company, L.P. - HP ProtectTools Security manager.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTAdmin.exe
O4 - GS\Program [Public]: HP ProtectTools Security Manager.lnk . (.Hewlett-Packard Development Company, L.P. - HP ProtectTools Security Manager.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHost.exe
O4 - GS\Program [JOCELYNE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [JOCELYNE]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [JOCELYNE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [AHMED]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [AHMED]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [AHMED]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [AHMED]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [AHMED]: Achat de mise � niveau en ligne - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Afficher les d�tails de l�ordinateur - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Ajouter de nouveaux utilisateurs - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Centre de sauvegarde et de restauration - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: D�couvrir les nouveaut�s de Windows Vista - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: D�monstrations de Windows Vista - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Enregistrer Windows en ligne - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Fonctions de base de Windows - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [AHMED]: Options d�ergonomie - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Panneau de configuration - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Personnaliser Windows - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Se connecter � Internet - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop [AHMED]: Transf�rer des fichiers et des param�tres - Raccourci.lnk - Cl� orpheline
~ Global Startup: 87 Legitimates Filtered in 00mn 05s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Startup [Public]: DVD Check.lnk . (.InterVideo Inc. - DVDCheck Application.) -- C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - GS\Startup [AHMED]: OpenOffice.org 3.4.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Run: [PTHOSTTR] . (.Hewlett-Packard Development Company, L.P. - HP ProtectTools Security Manager.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll (.not file.)
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] . (.InterVideo Inc. - DVDCheck Application.) -- C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (.not file.)
O4 - HKCU\..\Run: [orangeinside] C:\Users\AHMED\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKCU\..\Run: [Avira Secure Backup] . (...) -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\AHMED\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (.not file.)
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [orangeinside] C:\Users\AHMED\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [Avira Secure Backup] . (...) -- C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-662218412-2576933108-3657897035-1004\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\AHMED\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} ((no name)) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{20EF92DB-79AB-4421-A5EF-7B8FB609BF07}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BD228C0-A0C4-4D8A-A3F1-EEE04A27C59E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FB9BC70-C7D9-4F16-B1C4-1D0B7223157F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{20EF92DB-79AB-4421-A5EF-7B8FB609BF07}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BD228C0-A0C4-4D8A-A3F1-EEE04A27C59E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FB9BC70-C7D9-4F16-B1C4-1D0B7223157F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{20EF92DB-79AB-4421-A5EF-7B8FB609BF07}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{4BD228C0-A0C4-4D8A-A3F1-EEE04A27C59E}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{5FB9BC70-C7D9-4F16-B1C4-1D0B7223157F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\windows\System32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: DeviceNP . (.Hewlett-Packard Limited - Pas de description.) -- C:\Windows\System32\DeviceNP.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Avira Secure Backup Crawler (Avira Secure Backup Crawler) . (...) - C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
~ Services: 19 Legitimates Filtered in 00mn 13s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Registry Reviver-AHMED-Startup.job [378]
[MD5.00000000000000000000000000000000] [APT] [4532] (...) -- C:\Users\AHMED\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{C6B9BBD7-CC34-417A-B25E-0E429C3A23A5}] (...) -- C:\Program Files\DAILYM~1\UNWISE.exe (.not file.) [0]
[MD5.1DA5A9C6000F2F33867715929C1D9A52] [APT] [{D9101BB1-A31D-4DCD-830D-B435F1A224D7}] (...) -- C:\Program Files\Piratrax\uninstall.exe [602624]
~ Scheduled Task: 31 Legitimates Filtered in 00mn 08s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\DefaultPackStatus]
[HKCU\Software\Yahoo]
[HKCU\Software\med_scangnrlst]
[HKCU\Software\www.RocketDivision]
[HKLM\Software\CMD]
[HKLM\Software\Yahoo]
~ Key Software: 175 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/08/2013 - 21:26:37 - [0] ----D C:\Program Files\GUMEDF.tmp
O43 - CFD: 09/11/2009 - 19:33:44 - [0.575] ----D C:\Program Files\Piratrax
O43 - CFD: 16/07/2012 - 22:38:36 - [0] ----D C:\Program Files\Yahoo!
O43 - CFD: 17/01/2012 - 21:24:26 - [0.516] ----D C:\Users\AHMED\AppData\Roaming\Catalina Marketing France
O43 - CFD: 25/08/2009 - 12:22:10 - [0] ----D C:\Users\AHMED\AppData\Roaming\Yahoo!
O43 - CFD: 04/09/2013 - 19:50:34 - [0.000] ----D C:\Users\AHMED\AppData\Local\messengerdusexe
O43 - CFD: 17/01/2012 - 21:24:19 - [0.475] ----D C:\Users\AHMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing France
~ 550 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 774 Legitimates Filtered in 01mn 07s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.1D515B5D2842FFD2863F54FAE5E713F8] - 02/10/2013 - 16:53:10 ---A- . (...) -- C:\Windows\System32\???� [98743931]
O44 - LFC:[MD5.3F83544B8E0D03BE227DEE48F7A613B7] - 03/10/2013 - 03:12:24 ---A- . (...) -- C:\Windows\System32\???� [98878632]
O44 - LFC:[MD5.EE2FBECA1FBE098ACA63FF72AC80F120] - 05/10/2013 - 02:09:01 ---A- . (...) -- C:\Windows\System32\???? [99319274]
O44 - LFC:[MD5.414F3DE46841F10829BFA0E8130192DD] - 06/10/2013 - 10:09:01 ---A- . (...) -- C:\Windows\System32\???� [99399748]
O44 - LFC:[MD5.37A58E27E0341F7A2A0FB2BD2D3FF7E3] - 09/10/2013 - 15:14:13 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [10840]
O44 - LFC:[MD5.715443114095AA261E162A8ED2AD48ED] - 09/10/2013 - 18:06:31 ---A- . (...) -- C:\Windows\System32\???1 [100163860]
O44 - LFC:[MD5.F42A3C8CFB90E11BA2D40050722B1C29] - 11/10/2013 - 15:03:25 ---A- . (...) -- C:\Windows\System32\???� [100474618]
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 12/10/2013 - 11:22:21 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.1A6C86E4B598F02EF0B0B212AD0853B6] - 13/10/2013 - 17:05:56 ---A- . (...) -- C:\Windows\System32\???� [100742045]
O44 - LFC:[MD5.1C266594EF726C24EBE38AC25F51F3D7] - 30/09/2013 - 07:57:35 ---A- . (...) -- C:\Windows\System32\???� [98474456]
~ Files: 78 Legitimates Filtered in 02mn 23s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0dce7062-70d5-11e0-8d6b-00248158c4d8}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{b954ebd0-e4c5-11e2-ac8a-00248158c4d8}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.FB9ECE3F7B8A03E474E611031AD4CD23] - 24/04/2008 - 14:26:28 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [309248]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 14/10/2013 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 119 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKCU] {E6D409D3-9B4E-467E-ACC9-49B0470E2ADF} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.F1518D0DE6DC8A11546F3FCFA7DC555D] [SPRF][15/11/2009] (...) -- C:\Users\AHMED\AppData\Local\d3d9caps.dat [680]
[MD5.3BF79E6868B44D3ADB2796BA99521891] [SPRF][07/09/2013] (...) -- C:\Users\AHMED\AppData\Local\Temp\Quarantine.exe [344583]
[MD5.8BA0EDFBE187B52474EF758298F9AA7A] [SPRF][08/08/2012] (...) -- C:\Users\AHMED\Desktop\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_fr.exe [125646514]
~ Files: 4 Legitimates Filtered in 00mn 03s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{E98C233A-56F2-470E-8F71-E410C27C588E}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 - FAEL: "{0499D7C6-D8A7-47DB-B29F-2B670E06DDA6}" |In - None - P6 - TRUE | .(...) -- C:\Program Files\WinZip Driver Updater\winzipdu.exe (.not file.)
~ Firewall: 166 Legitimates Filtered in 00mn 03s



---\\ Enum�re les donn�es de la cl� NameSpace (MNS) (O92)
O92 - MNS: Mon Avira Secure Backup - {8E5444D9-1A1E-45DD-BB40-471022EC48EE}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 57 Legitimates Filtered in 00mn 06s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 06/02/2007 69632 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 11/12/2007 12800 | (AgereModemAudio) . (.Agere Systems.) - C:\Windows\system32\agrsmsvc.exe
SR - | Auto 10/09/2013 622648 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/09/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 24/06/2013 2202984 | (Avira Secure Backup Crawler) . (...) - C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe
SR - | Demand 03/04/2008 193840 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Demand 08/06/2007 172131 | (FLCDLOCK) . (.Hewlett-Packard Ltd.) - C:\Windows\system32\flcdlock.exe
SS - | Auto 17/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/08/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 16/04/2008 165192 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 18/04/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 04/01/2007 112152 | (IviRegMgr) . (.InterVideo.) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
SR - | Auto 11/12/2006 537520 | (lxcr_device) . (...) - C:\windows\system32\lxcrcoms.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 21/01/2008 21504 | C:\windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/05/2007 540448 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe
SR - | Auto 21/01/2008 21504 | C:\windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Demand 08/04/2008 1112560 | (RoxMediaDB10) . (.Sonic Solutions.) - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 24/03/2008 74384 | (stllssvr) . (.MicroVision Development, Inc..) - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 19/08/2011 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scan Additionnel (O88)
Database Version : 12946 - (13/10/2013)
Cl�s trouv�es (Keys found) : 12
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc] =>Hijacker.OmigaPlus
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKLM\Software\Classes\askibar.popswatterbarbutton] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswatterbarbutton.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin.1] =>Toolbar.AskTBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^
~ Additionnel Scan: 273099 Items scanned in 00mn 59s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/30152670-hijacker-omigaplus =>Hijacker.OmigaPlus
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 7 link(s) detected in 00mn 59s



~ 1681 Legitimates filtered by white list
End of the scan (547 lines in 06mn 14s)(0)

Publicité


Signaler le contenu de ce document

Publicité