cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.10.8 - Nicolas Coolman (10.01.2014)
~ Lancé par nono & jeff (29.01.2014 15:59:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.4.0304.0

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 ActiveX
Adobe Reader 8.1.2 Security Update 1

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023.5 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (16%) free of 19 GB

---\\ Mode de connexion au système
~ Computer Name: NONOJEFF
~ User Name: nono & jeff
~ All Users Names: SUPPORT_388945a0, nono & jeff, IWAM_NONOJEFF, IUSR_NONOJEFF, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\nono & jeff\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\nono & jeff\Application Data\
~ %Desktop% : C:\Documents and Settings\nono & jeff\Bureau\
~ %Favorites% : C:\Documents and Settings\nono & jeff\Favoris\
~ %LocalAppData% : C:\Documents and Settings\nono & jeff\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\nono & jeff\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 19 Go)
D: Hard drive, Flash drive, Thumb drive (Free 15 Go of 29 Go)
E: Hard drive, Flash drive, Thumb drive (Free 18 Go of 29 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D0288319660EDCFED07C7E74C4EA38A5] - (.Microsoft Corporation - Explorateur Windows.) (.13.06.2007 - 14:22:28.) -- C:\WINDOWS\Explorer.exe [1037312]
[MD5.6CE32F7778061CCC5814D5E0F282D369] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08.03.2009 - 03:34:58.) -- C:\WINDOWS\system32\wininet.dll [914944]
[MD5.123EEA158F74D0F67A51DCDF065D1091] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.20.08.2004 - 00:10:04.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.55E6E1C51B6D30E54335750955453702] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14.08.2008 - 10:51:43.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138368]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04.08.2004 - 06:59:42.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04.08.2004 - 07:14:10.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04.08.2004 - 06:59:52.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.28.08.2001 - 15:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.19.08.2004 - 23:56:39.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04.08.2004 - 07:00:15.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.E2168CBC7098FFE963C6F23F472A3593] - (.Microsoft Corporation - IP Network Address Translator.) (.29.09.2004 - 23:28:37.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.04.08.2004 - 07:14:28.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.FB6C89BB3CE282B08BDB1E3C179E1C39] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.24.02.2010 - 13:31:30.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [454016]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.04.08.2004 - 07:14:37.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.19A811EF5F1ED5C926A028CE107FF1AF] - (.Microsoft Corporation - NT File System Driver.) (.09.02.2007 - 12:10:35.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574464]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.19.08.2004 - 23:51:43.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04.08.2004 - 07:14:22.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.04.08.2004 - 07:01:15.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.19.08.2004 - 23:54:50.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19.08.2004 - 23:59:12.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/120
~ Mes Documents (My Documents) : 1/12
~ Mon Bureau (My Desktop) : 1/39
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.992]
[MD5.ABFAC5D58218C0A655DFCAE2D8A535F3] - (.Microsoft Corporation - Content Index service.) -- C:\WINDOWS\system32\cisvc.exe [5632] [PID.1492]
[MD5.4DB0907D750E0810309F8D8FA36625A6] - (.Pas de propriétaire - ANIWConnService.) -- C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [40960] [PID.1536]
[MD5.E859CA020ED61899F3C74A8D0032D05C] - (.Pas de propriétaire - GuardMailRu Module.) -- C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368] [PID.1560]
[MD5.3677FE8F78ED0A5A31360BDE2CF4671A] - (.Microsoft Corporation - Services Internet (IIS).) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [15872] [PID.1608]
[MD5.50F22575C0FB5D85A9D41EF963610C32] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\System32\tcpsvcs.exe [19456] [PID.1852]
[MD5.16713686A3C7FE73DDFC553EB4D21829] - (.Microsoft Corporation - Service SNMP.) -- C:\WINDOWS\System32\snmp.exe [33280] [PID.1876]
[MD5.E9B5F354AE80325283FD5C1C05217B01] - (.Microsoft Corporation - Message Queuing Service.) -- C:\WINDOWS\system32\mqsvc.exe [4608] [PID.220]
[MD5.10E6B9022B0A5C9C41E2DA6AEAE5D404] - (.Microsoft Corporation - Windows NT MSMQ Trigger Service.) -- C:\WINDOWS\system32\mqtgsvc.exe [117248] [PID.580]
[MD5.D078198A9674114551D0DF6BB706B475] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1015808] [PID.2936]
[MD5.C0E0151199EC1BE8007438308616BC06] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880] [PID.3040]
[MD5.0F38668DE09DC2A5E2397CCFDD529B85] - (.TunesNINJA - TunesNINJA App.) -- C:\Documents and Settings\nono & jeff\Application Data\TunesNINJA\TunesNINJA.exe [512000] [PID.3392]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3508]
[MD5.20A098A4D12E49342228D3AFE98EAFDF] - (.Microsoft Corporation - Windows Live Toolbar User Elevation Helper.) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe [223584] [PID.3856]
[MD5.72999AA48322DA948CE50C08B414A0EC] - (.Microsoft Corporation - Indexing Service filter daemon.) -- C:\WINDOWS\SYSTEM32\cidaemon.exe [8192] [PID.2284]
[MD5.29A4611EE6F24AF1EB4014088A1911C6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8323072] [PID.3184]
~ Processes Running: Scanned in 01mn 14s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll (.not file.)
P2 - FPN: [HKLM] [yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1] - (...) -- C:\Program Files\Yahoo!\Common\npyaxmpb.dll (.not file.)
~ Firefox Browser: 6 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ciaomembri.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 92



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Google Plus Youtube - {F657D93B-E151-4f5d-BB29-44424704FAA6} . (.GooglePlusYoutube - GooglePlusYoutube Module.) -- C:\Documents and Settings\nono & jeff\Application Data\GooglePlusYoutube\3_GooglePlusYoutube.dll
~ BHO: 12 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [nono & jeff]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [nono & jeff]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 3 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [nono & jeff]: TunesNINJA.lnk . (.TunesNINJA - TunesNINJA App.) -- C:\Documents and Settings\nono & jeff\Application Data\TunesNINJA\TunesNINJA.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe (.not file.)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [StandardInstall] Clé orpheline
O4 - HKLM\..\Run: [MsmqIntCert] Clé orpheline
O4 - HKLM\..\Run: [D-Link D-Link DWA-525] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [Guard.Mail.ru.gui] . (.Pas de propriétaire - GuardMailRu Module.) -- C:\Program Files\Guard-ICQ\GuardICQ.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [clock bolt] C:\DOCUME~1\NONO&J~1\APPLIC~1\32BIRD~1\Hide Amen.exe (.not file.)
O4 - HKCU\..\Run: [qtwac] c:\windows\system32\qtwac.exe (.not file.)
O4 - HKCU\..\Run: [ICQ] . (.ICQ, LLC. - ICQ.) -- C:\Program Files\ICQ7.7\ICQ.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TunesNINJA] . (.TunesNINJA - TunesNINJA App.) -- C:\Documents and Settings\nono & jeff\Application Data\TunesNINJA\TunesNINJA.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1960408961-117609710-682003330-1003\..\Run: [clock bolt] C:\DOCUME~1\NONO&J~1\APPLIC~1\32BIRD~1\Hide Amen.exe (.not file.)
O4 - HKUS\S-1-5-21-1960408961-117609710-682003330-1003\..\Run: [qtwac] c:\windows\system32\qtwac.exe (.not file.)
O4 - HKUS\S-1-5-21-1960408961-117609710-682003330-1003\..\Run: [ICQ] . (.ICQ, LLC. - ICQ.) -- C:\Program Files\ICQ7.7\ICQ.exe
O4 - HKUS\S-1-5-21-1960408961-117609710-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1960408961-117609710-682003330-1003\..\Run: [TunesNINJA] . (.TunesNINJA - TunesNINJA App.) -- C:\Documents and Settings\nono & jeff\Application Data\TunesNINJA\TunesNINJA.exe
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} -- (.not file.)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0C72F4-4541-4069-87BA-C403027234EF}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{64802C99-44AF-4852-8C0A-81BE698B3079}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{B110DC0A-EA2F-4550-8D64-1B6FE284A74E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E0C72F4-4541-4069-87BA-C403027234EF}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{64802C99-44AF-4852-8C0A-81BE698B3079}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{B110DC0A-EA2F-4550-8D64-1B6FE284A74E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{4E0C72F4-4541-4069-87BA-C403027234EF}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS3\Services\Tcpip\..\{64802C99-44AF-4852-8C0A-81BE698B3079}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{B110DC0A-EA2F-4550-8D64-1B6FE284A74E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) . (.Pas de propriétaire - ANIWConnService.) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
O23 - Service: Guard.Mail.ru (Guard.Mail.ru) . (.Pas de propriétaire - GuardMailRu Module.) - C:\Program Files\Guard-ICQ\GuardICQ.exe
~ Services: 3 Legitimates Filtered in 00mn 11s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\nono & jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\nono & jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AB10C37491AB7804.job [278]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At10.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At11.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At12.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At13.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At14.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At15.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At16.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At17.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At18.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At19.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At20.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At21.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At22.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At23.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At24.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At25.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At26.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At27.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At28.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At29.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At30.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At31.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At32.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At33.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At34.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At35.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At36.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At37.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At38.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At39.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At40.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At41.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At42.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At43.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At44.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At45.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At46.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At47.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At48.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At5.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At6.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At7.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At8.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At9.job [346]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\OGALogon.job [236]
[MD5.00000000000000000000000000000000] [APT] [AB10C37491AB7804] (...) -- c:\docume~1\nono & jeff\applic~1\32bird~1\Viewdalebend.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At10] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At11] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At12] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At13] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At14] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At15] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At16] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At17] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At18] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At19] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At2] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At20] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At21] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At22] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At23] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At24] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At25] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At26] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At27] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At28] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At29] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At3] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At30] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At31] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At32] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At33] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At34] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At35] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At36] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At37] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At38] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At39] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At4] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At40] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At41] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At42] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At43] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At44] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At45] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At46] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At47] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At48] (...) -- C:\WINDOWS\system32\Qf6wXxy1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At5] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At6] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At7] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At8] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [At9] (...) -- C:\WINDOWS\system32\o6RKl5G4.exe (.not file.) [0]
[MD5.EC9B420801D3D7F82388267D13D0F89B] [APT] [OGALogon] (...) -- C:\WINDOWS\system32\OGAexeC.exe [230768]
~ Scheduled Task: 106 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Favorit (qtwac) - (...) [HKLM] -- qtwac =>Adware.Favorit
O42 - Logiciel: audioGnome Active Installer - (...) [HKLM] -- ST6UNST #1
~ Logic: 33 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Auob]
[HKCU\Software\Club Internet]
[HKCU\Software\Cool MP3 Converter]
[HKCU\Software\EMG]
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\Pando Networks]
[HKCU\Software\Ptdt]
[HKCU\Software\Shtp]
[HKCU\Software\XemiCo]
[HKCU\Software\blehnounpop]
[HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLM\Software\Rcsu]
[HKLM\Software\Tptr]
[HKLM\Software\XSGames]
~ Key Software: 317 Legitimates Filtered in 00mn 04s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17.03.2008 - 17:13:47 - [35.626] ----D C:\Program Files\Acrobat 5.0
O43 - CFD: 17.07.2005 - 13:07:49 - [4.852] ----D C:\Program Files\Codecs A&V
O43 - CFD: 29.12.2011 - 17:34:45 - [1.492] ----D C:\Program Files\Guard-ICQ
O43 - CFD: 12.02.2012 - 19:28:54 - [51.373] ----D C:\Program Files\ICQ7.7
O43 - CFD: 14.11.2005 - 17:25:39 - [0.103] ----D C:\Program Files\Talkway
O43 - CFD: 15.10.2004 - 16:00:16 - [3.505] ----D C:\Program Files\Fichiers communs\ncunpard
O43 - CFD: 25.05.2008 - 13:22:21 - [0] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\Grid Blue Memo Site
O43 - CFD: 11.11.2007 - 18:16:00 - [0] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\Pige
O43 - CFD: 16.07.2007 - 16:18:09 - [1.343] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\Rulesecondvgasafe
O43 - CFD: 10.10.2013 - 17:36:18 - [1.063] ----D C:\Documents and Settings\nono & jeff\Application Data\0F1F1C2Y1H1P1C0I0T
O43 - CFD: 25.05.2008 - 13:22:23 - [0.002] ----D C:\Documents and Settings\nono & jeff\Application Data\32birdnew
O43 - CFD: 06.11.2012 - 11:15:37 - [0.115] ----D C:\Documents and Settings\nono & jeff\Application Data\GooglePlusYoutube
O43 - CFD: 14.12.2006 - 14:21:00 - [0.675] ----D C:\Documents and Settings\nono & jeff\Application Data\ICQLite
O43 - CFD: 27.07.2008 - 11:33:25 - [0] ----D C:\Documents and Settings\nono & jeff\Application Data\ΑppPatch
O43 - CFD: 10.01.2013 - 14:02:00 - [0.001] ----D C:\Documents and Settings\nono & jeff\Local Settings\Application Data\JRBWEPlayer
O43 - CFD: 17.01.2009 - 18:04:33 - [0] ----D C:\Documents and Settings\nono & jeff\Local Settings\Application Data\Pando
O43 - CFD: 17.01.2009 - 17:57:49 - [5.529] ----D C:\Documents and Settings\nono & jeff\Local Settings\Application Data\{7326CE9D-C0D2-433A-8A57-B7934EA13EC8}
O43 - CFD: 11.06.2007 - 15:49:31 - [3.591] ----D C:\Documents and Settings\nono & jeff\Local Settings\Application Data\{A6709136-4BF6-429C-95B8-07F5723C0668}
~ Program Folder: 183 Legitimates Filtered in 01mn 17s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.16626A0940EB03BA64C207E935AAA762] - 29.01.2014 - 15:50:33 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.43DA651762F9B3AF33A01F9CE521E361] - 29.01.2014 - 15:50:39 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.EEA1D369A94BD10FCC928AFFB7066462] - 29.01.2014 - 15:51:35 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{B110DC0A-EA2F-4550-8D64-1B6FE284A74E} [12]
O44 - LFC:[MD5.F199351CC481E60CB20E84D2177F82DD] - 29.01.2014 - 15:51:47 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCS{B110DC0A-EA2F-4550-8D64-1B6FE284A74E} [3284]
~ Files: 14 Legitimates Filtered in 00mn 41s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\ICQLite\ICQLite.exe" [Enabled] .(...) -- C:\Program Files\ICQLite\ICQLite.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\AIM\aim.exe" [Enabled] .(...) -- C:\Program Files\AIM\aim.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 1 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe" [Enabled] .(...) -- C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 1 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 2 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe" [Enabled] .(...) -- C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 2 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 3 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe" [Enabled] .(...) -- C:\Documents and Settings\nono & jeff\Local Settings\Temp\Répertoire temporaire 3 pour Pc Game Ita Worms 4 Mayhem Crack Nocd Funzionante By Seyfer89.zip\Worms 4 Mayhem.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" [Enabled] .(...) -- C:\Program Files\Kazaa Lite K++\KazaaLite.kpp (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\ICQ6\ICQ.exe" [Enabled] .(...) -- C:\Program Files\ICQ6\ICQ.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\audioGnome\Client4.exe" [Enabled] .(...) -- C:\Program Files\audioGnome\Client4.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\poelladoù\Logiciels à ne pas supprimer\Zattoo\zattood.exe" [Enabled] .(...) -- D:\poelladoù\Logiciels à ne pas supprimer\Zattoo\zattood.exe (.not file.)
O47 - AAKE:Key Export SP - "D:\poelladoù\Logiciels à ne pas supprimer\Zattoo\Zattoo2.exe" [Enabled] .(...) -- D:\poelladoù\Logiciels à ne pas supprimer\Zattoo\Zattoo2.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\ICQ7.7\ICQ.exe" [Enabled] .(.ICQ, LLC..) -- C:\Program Files\ICQ7.7\ICQ.exe
O47 - AAKE:Key Export DP - "C:\Program Files\ICQ7.7\ICQ.exe" [Enabled] .(.ICQ, LLC..) -- C:\Program Files\ICQ7.7\ICQ.exe
~ Keys Export: 33 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4bff80f2-d566-11e0-af16-00138f047384}\AutoRun\command. (...) -- F:\AppliCME.exe (.not file.)
O51 - MPSK:{7a8a89d0-315c-11e2-9e7a-00138f047384}\AutoRun\command. (...) -- C:\WINDOWS\system32\NoLimit.exe (.not file.)
O51 - MPSK:{88ee3272-47a0-11e2-9e7e-00138f047384}\AutoRun\command. (...) -- J:\DVAP.exe (.not file.)
O51 - MPSK:{985e202f-52d2-11dc-ab11-00138f047384}\AutoRun\command - Clé orpheline
O51 - MPSK:{c9d9cddc-52fe-11dc-ab12-00138f047384}\AutoRun\command - Clé orpheline
O51 - MPSK:{d11e135a-d5b6-11dd-adce-0007cb0000ff}\AutoRun\command. (...) -- C:\WINDOWS\system32\cmd \C launch.bat (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.7B0C854289DAD27B84B4F538E797AEB8] - 17.12.2001 - 02:27:06 ---A- . (.Avance Logic, Inc. - Avance AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\Drivers\ALCXWDM.SYS [265143]
O58 - SDL:[MD5.DE91D0D73C3E61E6826D98FAC2FAC729] - 29.03.2000 - 15:17:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [5824]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28.08.2001 - 15:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.997F912324B3BB977AF2DF376E5508CE] - 01.11.2002 - 10:11:20 ---A- . (.C-Media Inc - C-Media Audio WDM Driver.) -- C:\WINDOWS\system32\Drivers\cmuda.sys [451599]
O58 - SDL:[MD5.B9F03760AF557348E17A5BB5FFEB73C0] - 17.08.2001 - 19:19:58 ---A- . (.ESS Technology Inc. - ESS ES1969 PCI Audio Adapter Driver.) -- C:\WINDOWS\system32\Drivers\es1969.sys [72192]
O58 - SDL:[MD5.504E93682655A7B3AF1FB5BFF3F44322] - 20.10.2004 - 13:23:34 ---A- . (.FreeBox SA - Carte réseau virtuelle FreeBox USB.) -- C:\WINDOWS\system32\Drivers\fbxusb32.sys [21344]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28.08.2001 - 15:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.12875C90CE2F71BB5CD973968F510A58] - 10.01.2003 - 09:30:22 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\SQCamD.sys [25449]
O58 - SDL:[MD5.100FF3D9E16AFB3163BD6F9AAAAB7C55] - 10.01.2003 - 10:56:34 ---A- . (.Service & Quality Technology. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\SQCaptur.sys [30921]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 19.04.2008 - 09:43:20 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28.08.2001 - 15:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.D33B28D9ED695CCF9520D70D825F9D85] - 17.09.2011 - 12:32:35 ---A- . (.Pas de propriétaire - ANPD (NT5) Driver.) -- C:\WINDOWS\system32\ANPD.SYS [29411]
O58 - SDL:[MD5.1F2D2C0B60DF4F9D4F7378800BF693AC] - 17.09.2011 - 12:32:35 ---A- . (.Pas de propriétaire - ANPD (NT5) Driver.) -- C:\WINDOWS\system32\ANPD64.SYS [48640]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03.04.1996 - 20:33:26 ---A- . (...) -- C:\WINDOWS\system32\giveio.sys [5248]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28.08.2002 - 21:23:06 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28.08.2001 - 15:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 04.08.2004 - 06:45:25 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 04.08.2004 - 06:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 04.08.2004 - 06:45:10 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 04.08.2004 - 06:45:15 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 04.08.2004 - 06:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 04s



---\\ Recherche heuristique Magic.control (HSMI) (O59)
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\WINDOWS\system32\qtwac_nav.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\WINDOWS\system32\qtwac_navps.dat
O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:\WINDOWS\system32\qtwac.dat
~ Files: Scanned in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 17.09.2011 - C:\WINDOWS\system32\ANPD.sys (ANPD) .(.Pas de propriétaire - ANPD (NT5) Driver.) - LEGACY_ANPD
O64 - Services: CurCS - 22.04.2010 - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe (D_Link_DWA-525_WPS) .(.Pas de propriétaire - ANIWConnService.) - LEGACY_D_LINK_DWA-525_WPS
O64 - Services: CurCS - 29.12.2011 - C:\Program Files\Guard-ICQ\GuardICQ.exe (Guard.Mail.ru) .(.Pas de propriétaire - GuardMailRu Module.) - LEGACY_GUARD.MAIL.RU
~ Legacy: 174 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {DB9365CB-F0AD-4D2C-A146-D011C9600E91} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {E78D201D-E85D-48e8-B25B-29F92237B2B5} - (Google Search) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search the Web) - http://www.google.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search the Web) - http://www.google.com =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.AF5C84446657B48C9B9B870C46438261] [SPRF][12.01.2014] (...) -- C:\Documents and Settings\nono & jeff\Bureau\adwcleaner.exe [1233962]
[MD5.A2B9047463F1297403DEC0DE4DF2298A] [SPRF][26.09.2008] (.eBay, Inc. - EPUWALControl Module.) -- C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll [3204368] =>Toolbar.eBay
~ Files: 7 Legitimates Filtered in 00mn 09s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.650D908A95DD0483CD80F5C6CCE54DB6] [WIS][09.04.2007] (.Macrogaming LTD. - SweetIM For Internet Explorer 3.0b.) -- C:\Windows\Installer\2247000.msi [532992] =>PUP.SweetIM
~ WIS: 63 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 29.01.2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 10.07.1658 0 | (Boonty Games) . (...) - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
SS - | Disabled 05.03.2007 54784 | (C-DillaCdaC11BA) . (.Macrovision.) - C:\WINDOWS\system32\drivers\CDAC11BA.exe
SS - | Demand 20.08.2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 22.04.2010 126976 | (D_Link_DWA-525) . (.Wireless Service.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
SS - | Demand 14.11.2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Disabled 10.07.1658 0 | (PanelSvc) . (...) - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
SS - | Disabled 09.08.2007 73728 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe

SR - | Auto 22.04.2010 40960 | (D_Link_DWA-525_WPS) . (...) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
SR - | Auto 29.12.2011 1564368 | (Guard.Mail.ru) . (...) - C:\Program Files\Guard-ICQ\GuardICQ.exe
SR - | Auto 23.10.2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 19.05.2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

~ Services: Scanned in 00mn 11s



---\\ Alert Messages
WARNING : Adware.Navipromo/MagicControl found in registry or folder


---\\ Scan Additionnel (O88)
Database Version : 13019 - (10.01.2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\qtwac] =>Adware.Favorit^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Outerinfo] =>Adware.ClickSpring
[HKCU\Software\Microsoft\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll =>Toolbar.eBay^
C:\Windows\Installer\2247000.msi =>PUP.SweetIM^
~ Additionnel Scan: 199725 Items scanned in 00mn 53s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29439557-adware-favorit =>Adware.Favorit
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ MSI: 4 link(s) detected in 00mn 53s



~ 1099 Legitimates filtered by white list
End of the scan (646 lines in 05mn 39s)(0)

Publicité


Signaler le contenu de ce document

Publicité