cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.2.12.10 - Nicolas Coolman (12/02/2014)
~ Lancé par Rachid (13/02/2014 23:15:36)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, VOLUME_MAK channel
Windows ID Activation : OK
~ Windows Partial Key : HTF67
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v21.1.0.18
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 63 GB (44%) free of 142 GB

---\\ Mode de connexion au système
~ Computer Name: RACHID-PC
~ User Name: Rachid
~ All Users Names: Rachid, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rachid\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rachid\AppData\Roaming\
~ %Desktop% : C:\Users\Rachid\Desktop\
~ %Favorites% : C:\Users\Rachid\Favorites\
~ %LocalAppData% : C:\Users\Rachid\AppData\Local\
~ %StartMenu% : C:\Users\Rachid\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 63 Go of 142 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 05:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 03:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.28/10/2009 - 06:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 02:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 02:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/3
~ Mes musiques (My Musics) : 1/628
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/52
~ Mes Documents (My Documents) : 0/198
~ Mon Bureau (My Desktop) : 0/3447
~ Menu demarrer (Programs) : 1/74
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1760]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1800]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2032]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.388]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.312]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.1512]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.1600]
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.1864]
[MD5.6FAA1558462B185A34450BA564337B5C] - (.Plex, Inc. - Plex Media Server.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [4277896] [PID.2040]
[MD5.DEED42C533A452FC79E6C5E5132BDAEB] - (.L'Aventure Multimedia - Dictionnaire MediaDICO pour Windows.) -- C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe [280576] [PID.1540]
[MD5.7AC622ED754E7628C97EE31BE4C72C91] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe [905296] [PID.1944] =>P2P.BitTorrent
[MD5.5C2A59CA663F3C4AEED98C3BB7E5F050] - (.L'Aventure Multimedia - Reconnaissance Automatique de Caractères.) -- C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe [217171] [PID.2144]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2404]
[MD5.5EF3427AE503B5C03A48F7C9FF458B69] - (.Pas de propriétaire - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [271712] [PID.2440]
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2496]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2504]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2556]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2588]
[MD5.0191F314838056CF1A5A7BDE4346812F] - (...) -- C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe [657504] [PID.2596]
[MD5.C87442B6D17912785DC143CEDCA508C9] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696] [PID.2608]
[MD5.066F2BBE2EEC9A42B065B552BF356B4E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4016]
[MD5.55A75819765139813BD56605AF90A070] - (.Python Software Foundation - Python.) -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe [34952] [PID.3592]
[MD5.8DED9B038EE18CD193B2DCD0EF51A79C] - (.Plex, Inc. - Plex Media Server DLNA Service.) -- C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe [1601672] [PID.3200]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.5580]
[MD5.598545ADF55264B2967C1C8763F00A23] - (.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe [9789256] [PID.4780]
[MD5.7A2B89C606C245A2B7E4BA708F654FF9] - (.Apple Inc. - MobileDeviceHelper.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe [55624] [PID.4916]
[MD5.5DBDC85A9AB1C338E82DB4F118C04D6E] - (.Apple Inc. - distnoted.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe [13712] [PID.5032]
[MD5.08FC5ED8A003A8302E9F9D3E225F9A8A] - (.Apple Inc. - ATH.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe [55624] [PID.5264]
[MD5.F9DF3367F803C180D38EE2359264408C] - (.Apple Inc. - SyncServer.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe [55624] [PID.1856]
[MD5.431AAA05912760A110BC5C69CDDAFE50] - (.Apple Inc. - MDCrashReportTool.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe [55624] [PID.2072]
[MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.6084]
[MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5004]
[MD5.00FCB1A620DAE030FBF2FD39C2F334CB] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe [1863048] [PID.3120]
[MD5.516175BCB724F8501E7F8754C90ABB14] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336384] [PID.7552]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.6328]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Rachid\AppData\Roaming\Mozilla\Firefox\Profiles\l1o5uofs.default\prefs.js
C:\Users\Rachid\AppData\Roaming\Mozilla\Firefox\Profiles\l1o5uofs.default\user.js
M3 - MFPP: Plugins - [Rachid] -- C:\Users\Rachid\AppData\Roaming\Mozilla\Firefox\Profiles\l1o5uofs.default\searchplugins\VenteeRo.xml
M2 - MFEP: prefs.js [Rachid - l1o5uofs.default\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] [] Free YouTube Download (Free Studio) Menu v5.0.94.1 (..)
M2 - MFEP: prefs.js [Rachid - l1o5uofs.default\{E71B541F-5E72-5555-A47C-E47863195841}] [] SimilarSites v4.9.21 (..)
P2 - FPN: [HKCU] [@lightspark.github.com/Lightspark;version=1] - (.Pas de propriétaire - Flash.) -- C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R3 - URLSearchHook: SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} . (...) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: SimilarSites - [HKLM]{FE69C007-C452-4d3e-86D2-1730DF8BC871} . (...) -- C:\Program Files\SimilarSites\similarsites.dll
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: 36 Dictionnaires et Recueils de Correspondance.lnk . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe
O4 - GS\Desktop [Public]: calibre - E-book management.lnk . (...) -- C:\Program Files\Calibre2\calibre.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: iPhone Folders.lnk . (...) -- C:\Windows\Installer\{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}\_5E396485DF93814EE79F9D.exe
O4 - GS\Desktop [Public]: Modem HDM EC156.lnk . (...) -- C:\Program Files\Modem HDM EC156\Modem HDM EC156.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Rachid]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\QuickLaunch [Rachid]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Rachid]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Rachid]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Rachid]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Rachid]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Rachid]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Rachid]: TabTip.lnk . (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
O4 - GS\Program [Rachid]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Rachid]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Rachid]: DeepBurner.lnk . (.Astonsoft - CD/DVD recording software.) -- C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe
O4 - GS\Desktop [Rachid]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
O4 - GS\Desktop [Rachid]: Temp - Raccourci.lnk . (...) -- C:\Users\Rachid\AppData\Local\Temp
O4 - GS\Desktop [Rachid]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 70 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MediaDICO36] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe
O4 - HKCU\..\Run: [KLPkInst_90fb20ff-2f75-439f-8166-dc46d412388a] F:\OUtils\KAVWKS6.6.0.4.1424\setup.exe (.not file.)
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Plex Media Server] . (.Plex, Inc. - Plex Media Server.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [MediaDICO36] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [KLPkInst_90fb20ff-2f75-439f-8166-dc46d412388a] F:\OUtils\KAVWKS6.6.0.4.1424\setup.exe (.not file.)
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [Plex Media Server] . (.Plex, Inc. - Plex Media Server.) -- C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
O4 - HKUS\S-1-5-21-2225516587-51521554-3155558639-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{230F1C0D-A1FB-45CB-A341-AE3DEFF6F4D0}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{59339C7A-34F0-4214-BE3C-0661FAEE5FBC}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{1115C68F-0DE4-46B9-BC15-9348E1E021BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{230F1C0D-A1FB-45CB-A341-AE3DEFF6F4D0}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{59339C7A-34F0-4214-BE3C-0661FAEE5FBC}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{1115C68F-0DE4-46B9-BC15-9348E1E021BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{230F1C0D-A1FB-45CB-A341-AE3DEFF6F4D0}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{59339C7A-34F0-4214-BE3C-0661FAEE5FBC}: NameServer = 192.168.50.58 192.168.60.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{1115C68F-0DE4-46B9-BC15-9348E1E021BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Modem HDM EC156. OUC (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
O23 - Service: Norton Internet Security (NIS) . (.Symantec Corporation - Norton Internet Security.) - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
~ Services: 9 Legitimates Filtered in 00mn 29s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{2CDC5F10-C208-4311-AD08-38D3B0F55DBC}] (...) -- C:\Users\Rachid\Desktop\ZHPDiag2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{69638478-E9A7-4B11-AC8E-785C677F8E9C}] (...) -- C:\Users\Rachid\Downloads\SP27608.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: ARhome - (.NoVooIT.) [HKCU] -- ARhome
O42 - Logiciel: International Snooker 1.00 - (...) [HKLM] -- International Snooker 1.00
O42 - Logiciel: SimilarSites - (.SimilarSites.) [HKLM] -- SimilarSites
~ Logic: 20 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\ARHome]
[HKCU\Software\NoVooITSet]
[HKCU\Software\PIP]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Vonteera Safe ads] =>Trojan.Trojan.Vonteera
[HKLM\Software\PIP]
[HKLM\Software\Volaro Updater] =>Trojan.Trojan.Vonteera
~ Key Software: 212 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/12/2013 - 18:57:52 - [479,240] ----D C:\Program Files\Big Head Games
O43 - CFD: 13/02/2014 - 22:43:26 - [0] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 13/02/2014 - 18:14:58 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 02/04/2013 - 23:33:31 - [4,499] --H-D C:\ProgramData\{E88FD2E0-2DF1-44D9-9FDF-E4F65B762C55}
O43 - CFD: 23/01/2014 - 20:49:31 - [0,066] ----D C:\Users\Rachid\AppData\Roaming\AlloplayerBdd
O43 - CFD: 23/12/2013 - 15:30:42 - [1,628] ----D C:\Users\Rachid\AppData\Roaming\NoVooIT
O43 - CFD: 13/02/2014 - 22:42:02 - [0] ----D C:\Users\Rachid\AppData\Roaming\NoVooITAddon
~ Program Folder: 167 Legitimates Filtered in 00mn 15s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C8654B2AF925BB4DC9F04CC8D3843C4B] - 12/02/2014 - 19:32:50 ----- . (...) -- C:\UsbFix [Scan 1] RACHID-PC.txt [11385]
O44 - LFC:[MD5.D95518EF7FED9644643E62FA448DF8B0] - 12/02/2014 - 23:18:35 ---A- . (...) -- C:\UsbFix [Clean 5] RACHID-PC.txt [12863]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 13/02/2014 - 00:47:53 ---A- . (...) -- C:\Windows\win.ini [478]
~ Files: 17 Legitimates Filtered in 00mn 06s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{597d851c-f538-11e2-9adb-001a80273038}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 08/10/2010 - 08:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.E6A0E416A488F8DFA639000565F4C2B7] - 24/04/2013 - 19:12:34 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv6.sys [40648]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 05/08/2010 - 23:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.B20C5E5AED55D0A8320A84B77F3B6DE8] - 24/04/2013 - 19:25:44 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [37064]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 14:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 11/02/2014 - 23:20:30 ---A- . (...) -- C:\Users\Rachid\Downloads\American.Hustle.2013.TRUEFRENCH.DVDSCR.MD.XViD-THX\American.Hustle.2013.TRUEFRENCH.DVDSCR.MD.XViD-THX.nfo [8529]
O61 - LFC: 12/02/2014 - 23:20:06 ---A- . (...) -- C:\Users\Rachid\AppData\Local\Skymonk2\popup.dat [1179]
O61 - LFC: 12/02/2014 - 23:20:07 ---A- . (...) -- C:\Users\Rachid\AppData\Local\Skymonk2\version [4]
O61 - LFC: 13/02/2014 - 23:20:28 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\Log.txt [107006] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:28 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\TestsZHPDiag.txt [2822] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:29 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:29 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\ZHPDiag.txt [40740] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:29 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\ZHPExportRegistry-13-02-2014-22-47-35.txt [278852] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:29 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [4131] =>.Nicolas Coolman
O61 - LFC: 13/02/2014 - 23:20:29 ---A- . (...) -- C:\Users\Rachid\AppData\Roaming\ZHP\ZHPFix[R1].txt [4807] =>.Nicolas Coolman
~ 1 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 479 Legitimates Filtered in 03mn 34s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} [DefaultScope] - (VenteeRo) - http://www.arabyonline.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0E498B40D6CF2BA1CB34694AC0DD4112] [SPRF][23/01/2014] (.Pas de propriétaire - Alloplayer.) -- C:\Users\Rachid\Desktop\alloplayer.exe [831880]
[MD5.A3CFBA6D3D174AB17B224DC296EDC749] [SPRF][27/04/2007] (...) -- C:\Users\Rachid\Desktop\mp3val-frontend.exe [62464]
[MD5.0C61067137801CB12D9970EDBB9D8440] [SPRF][25/12/2005] (.moofdev.org - RatioMaker 0.5.1.) -- C:\Users\Rachid\Desktop\ratiomaker_0.5.1.122.exe [279040]
[MD5.B6129700128E27EB7B235710CC4B2492] [SPRF][30/08/2010] (.www.moofdev.net - Ratio Master.) -- C:\Users\Rachid\Desktop\RM.exe [278528]
[MD5.444D1016CF8768D83B05DCFB9974D001] [SPRF][12/02/2014] (...) -- C:\Users\Rachid\Desktop\RogueKiller.exe [3813376]
~ Files: 6 Legitimates Filtered in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F3811810C997A8C84E03E0795F099AEA] [WIS][23/12/2013] (.Plex, Inc. - Plex Media Server for Windows.) -- C:\Windows\Installer\a0755b.msi [65495040]
~ WIS: 50 Legitimates Filtered in 00mn 17s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 12/11/2012 657504 | (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
SS - | Demand 04/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 08/10/2013 275696 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 19s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Rachid at 13/02/2014 23:21:43

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x82C4B718] >> \Device\Harddisk0\DR0[0x85C51030]
kernel: MBR read successfully
user & kernel MBR OK
~ PE found file in sector at 312578048 !
~ PE found file in sector at 312578048 !

~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Rachid at 13/02/2014 23:21:45

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/02/2014)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 3

[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] =>Adware.Yontoo
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\PIP] =>Toolbar.Ask
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4d3e-86D2-1730DF8BC871}] =>Toolbar.Agent
[HKLM\Software\Google\Chrome\Extensions\hidjnkeodmholilgafgdlgmgggbhnigl] =>Adware.SimilarSites
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKLM\Software\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}] =>Toolbar.SimilarSites
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311541197}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Users\Rachid\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Vonteera Safe ads] =>Trojan.Trojan.Vonteera^
[HKLM\Software\Volaro Updater] =>Trojan.Trojan.Vonteera^
~ Additionnel Scan: 286422 Items scanned in 00mn 43s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera =>Trojan.Vonteera
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo
~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites =>Adware.SimilarSites
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ MSI: 8 link(s) detected in 00mn 43s



~ 1533 Legitimates filtered by white list
End of the scan (567 lines in 06mn 53s)(0)

Publicité


Signaler le contenu de ce document

Publicité