cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.2.14.14 - Nicolas Coolman (14/02/2014)
~ Lancé par Moukasse (16/02/2014 20:57:41)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0 (Defaut)
GCIE: Google Chrome v32.0.1700.107

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : TF7CD
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3508 MB (59% free)
System Restore: Activé (Enable)
System drive C: has 55 GB (27%) free of 197 GB

---\\ Mode de connexion au système
~ Computer Name: MOUKASSE-PC
~ User Name: Moukasse
~ All Users Names: Tous, Moukasse, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Moukasse\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Moukasse\AppData\Roaming\
~ %Desktop% : C:\Users\Moukasse\Desktop\
~ %Favorites% : C:\Users\Moukasse\Favorites\
~ %LocalAppData% : C:\Users\Moukasse\AppData\Local\
~ %StartMenu% : C:\Users\Moukasse\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 55 Go of 197 Go)
D: Hard drive, Flash drive, Thumb drive (Free 58 Go of 101 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 12:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C36E38AD3C7FAFF0E30C4CBCB28CE7FB] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/11/2013 - 12:35:26.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 08:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 08:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 08:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/49
~ Mes musiques (My Musics) : 1/2455
~ Mes Videos (My Videos) : 1/203
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/128
~ Mon Bureau (My Desktop) : 1/842
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 20s



---\\ Processus lancés
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2504]
[MD5.AA981C13508686CCE48BDD5438A890A2] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2764]
[MD5.E121F54B52A2E98A6B303D2E2DD68DB0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.2776]
[MD5.175C068CA15D7C5623BBF0B2530BA16A] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.2792]
[MD5.59D29EF36C6712AAA8607E3484E75259] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040] [PID.2812]
[MD5.09A3504A57450A1BFD4A9F3DB2FAEEAE] - (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe [1891720] [PID.2860]
[MD5.CB29284AB4B18CA0D23CB0CDC0A6B022] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe [337432] [PID.2892]
[MD5.B508C9139D26AF2A91BF728279BF858C] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe [1599880] [PID.3252]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3656]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [866632] [PID.3804]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.3772]
[MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8337920] [PID.3640]
[MD5.8D04A303539C7EC811A8497539B71293] - (...) -- C:\Users\Moukasse\AppData\Local\GCC\Controller.exe [556544] [PID.3996]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Moukasse\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dbkchnicaiglcjpgbmpfmoafckkomdcm] Video Download Helper v.1.1.5.5, (Activé)
G2 - GCE: Preference [User Data\Default] [mpoakikepagdiphlmfaeifpojdmbnegj] YouTube Video Deck v.0.9.6.4 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ponfpcnoihfmfllpaingbgckeeldkhle] Tube Enhancer Lite v.1.0.11, (Activé)
~ Google Browser: 19 Legitimates Filtered in 01mn 39s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Moukasse\AppData\Roaming\Mozilla\Firefox\Profiles\7mr9q84o.default\prefs.js
C:\Users\Moukasse\AppData\Roaming\Mozilla\Firefox\Profiles\7mr9q84o.default\user.js
M2 - MFEP: prefs.js [Moukasse - 7mr9q84o.default\artur.dubovoy@gmail.com] [] Flash Video Downloader v (..)
M2 - MFEP: prefs.js [Moukasse - 7mr9q84o.default\jid1-4P0kohSJxU1qGg@jetpack] [] Hola Unblocker v1.2.664 (..)
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.228.254.9:80
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - [HKLM]{8E718888-423F-11D2-876E-00A0C9082467} . (.Microsoft Corporation - Windows Media Player 2 ActiveX Control.) -- C:\Program Files\Speed Video Splitter\msdxm.ocx =>.Microsoft Corporation
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FIFA 14.lnk . (.Electronic Arts - FIFA 14.) -- C:\Program Files\Arab-GB\FIFA 14\Game\FIFA14.AGB.exe
O4 - GS\Desktop [Public]: Game Booster 3.lnk . (.IObit - Game Booster.) -- C:\Program Files\IObit\Game Booster 3\GameBooster.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Internet Mobile+.lnk . (...) -- C:\Program Files\Internet Mobile+\Internet Mobile+.exe
O4 - GS\Desktop [Public]: Modem HDM EC156.lnk . (...) -- C:\Program Files\Modem HDM EC156\Modem HDM EC156.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Switch to Gaming Mode.lnk . (.IObit - Game Booster.) -- C:\Program Files\IObit\Game Booster 3\GameBooster.exe
O4 - GS\Desktop [Public]: Web Page Maker.lnk . (.Web Page Maker Software - Pas de description.) -- C:\Program Files\Web Page Maker\WebPageMaker.exe
O4 - GS\Desktop [Public]: YouWave Android.lnk . (...) -- C:\Program Files\YouWave Android\YouWave Android.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Tous]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Tous]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Tous]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Tous]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Tous]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Tous]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Tous]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Tous]: ARAR.lnk . (.DataNumen, Inc. - Pas de description.) -- C:\Program Files\ARAR\ARAR.exe
O4 - GS\Desktop [Tous]: Office Password Recovery Magic.lnk . (.Password Recovery Magic Studio Ltd. - Office Password Recovery Magic.) -- C:\Program Files\Office Password Recovery Magic\OfficeRecover.exe
O4 - GS\Desktop [Tous]: WiFiPasswordDecryptor.lnk . (...) -- C:\Program Files\SecurityXploded\WiFiPasswordDecryptor\WiFiPasswordDecryptor.exe (.not file.)
O4 - GS\Desktop [Tous]: WiFiPasswordKeyGenerator.lnk . (.SecurityXploded - Free Wireless WEP/WPA/WPA2 Security Key Cre.) -- C:\Program Files\SecurityXploded\WiFiPasswordKeyGenerator\WiFiPasswordKeyGenerator.exe
O4 - GS\QuickLaunch [Moukasse]: Artisteer 4.lnk . (.ExtenSoft - Artisteer.) -- C:\Program Files\Artisteer 4\bin\Artisteer.exe
O4 - GS\QuickLaunch [Moukasse]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Moukasse]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Moukasse]: Total Video Player.lnk . (...) -- C:\Program Files\Total Video Converter\tvp.exe
O4 - GS\TaskBar [Moukasse]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Moukasse]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Moukasse]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [Moukasse]: Start Tor Browser - Raccourci.lnk . (...) -- C:\Users\Moukasse\Desktop\Tor Browser\Start Tor Browser.exe
O4 - GS\Program [Moukasse]: HitLeap Viewer.lnk . (...) -- C:\Users\Moukasse\AppData\Roaming\Microsoft\Installer\{31B12C11-AE4E-479F-8D6D-242DC265368D}\favicon.exe
O4 - GS\Program [Moukasse]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Moukasse]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Moukasse]: ARAR.lnk . (.DataNumen, Inc. - Pas de description.) -- C:\Program Files\ARAR\ARAR.exe
O4 - GS\Desktop [Moukasse]: Artisteer 4.lnk . (.ExtenSoft - Artisteer.) -- C:\Program Files\Artisteer 4\bin\Artisteer.exe
O4 - GS\Desktop [Moukasse]: Foxit PDF Editor.lnk . (.Foxit Software Company - Foxit PDF Editor, the first REAL editor for.) -- C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe
O4 - GS\Desktop [Moukasse]: Freez FLV to MP3 Converter.lnk . (...) -- C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\flv2mp3.exe
O4 - GS\Desktop [Moukasse]: HitLeap Viewer.lnk . (...) -- C:\Users\Moukasse\AppData\Roaming\Microsoft\Installer\{31B12C11-AE4E-479F-8D6D-242DC265368D}\HitLeap_Viewer.exe
O4 - GS\Desktop [Moukasse]: NBA 2K14.lnk . (.2K Sports - 2K Sports NBA 2K14.) -- C:\Program Files\NBA 2K14\nba2k14.exe
O4 - GS\Desktop [Moukasse]: Nouveau Document texte - Raccourci.lnk . (...) -- G:\Converter\Nouveau Document texte.txt (.not file.)
O4 - GS\Desktop [Moukasse]: Office Password Recovery Magic.lnk . (.Password Recovery Magic Studio Ltd. - Office Password Recovery Magic.) -- C:\Program Files\Office Password Recovery Magic\OfficeRecover.exe
O4 - GS\Desktop [Moukasse]: Ordinateur - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [Moukasse]: pes2014 - Raccourci.lnk . (.Konami Digital Entertainment Co., Ltd. - Pro Evolution Soccer 2014.) -- D:\Jeux\Pro Evolution Soccer 14\Pro Evolution Soccer 14\pes2014.exe
O4 - GS\Desktop [Moukasse]: Photo DVD Maker Professional.lnk . (.http://www.photo-dvd-maker.com - Photo DVD Maker Professional.) -- C:\Program Files\AnvSoft\Photo DVD Maker Professional\DVDPhotoMaker.exe
O4 - GS\Desktop [Moukasse]: Speed Video Splitter.lnk . (...) -- C:\Program Files\Speed Video Splitter\Speed Video Splitter.exe
O4 - GS\Desktop [Moukasse]: Start Tor Browser - Raccourci.lnk . (...) -- C:\Users\Moukasse\Desktop\Tor Browser\Start Tor Browser.exe
O4 - GS\Desktop [Moukasse]: Total Video Converter.lnk . (...) -- C:\Program Files\Total Video Converter\tvcshell.exe
O4 - GS\Desktop [Moukasse]: Total Video Player.lnk . (...) -- C:\Program Files\Total Video Converter\tvp.exe
~ Global Startup: 103 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Run: [WASEL Pro] . (.WASEL Pro VPN Service - WASEL Pro.) -- C:\Program Files\WASEL Pro VPN Service\WASEL Pro\wasel_pro.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3253336583-3376711203-24756003-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{149BF3F0-42B6-4D87-BAD1-DA8F073693C5}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A177D31-B8EA-42E9-8EE6-380F3F6E1198}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{2266C88E-9581-4054-BA5B-D5DD23F405A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB53A0B4-1A83-4FD6-B2FF-2281CAC48DCB}: DhcpNameServer = 212.217.0.1 212.217.0.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{149BF3F0-42B6-4D87-BAD1-DA8F073693C5}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{9A177D31-B8EA-42E9-8EE6-380F3F6E1198}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{2266C88E-9581-4054-BA5B-D5DD23F405A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB53A0B4-1A83-4FD6-B2FF-2281CAC48DCB}: DhcpNameServer = 212.217.0.1 212.217.0.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{149BF3F0-42B6-4D87-BAD1-DA8F073693C5}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{9A177D31-B8EA-42E9-8EE6-380F3F6E1198}: NameServer = 192.168.60.58 192.168.50.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{2266C88E-9581-4054-BA5B-D5DD23F405A6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB53A0B4-1A83-4FD6-B2FF-2281CAC48DCB}: DhcpNameServer = 212.217.0.1 212.217.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} . (.Microsoft Corporation - Windows Media Player 2 ActiveX Control.) -- C:\Program Files\Speed Video Splitter\msdxm.ocx =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Modem HDM EC156. OUC (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
~ Services: 5 Legitimates Filtered in 00mn 02s



---\\ Tâches planifiées en automatique (O39)
[MD5.705B82E1D5C3FBF60713764EC43CB627] [APT] [Oxy] (...) -- C:\Users\Moukasse\AppData\Roaming\Oxy\Updater.exe [12288]
[MD5.00000000000000000000000000000000] [APT] [{AA78487E-C17E-4723-97DA-36DA209B71D3}] (...) -- C:\Users\Moukasse\Desktop\CueClub.exe (.not file.) [0]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 06s



---\\ Logiciels installés (O42)
O42 - Logiciel: Freez FLV to MP3 Converter - (.www.smallvideosoft.com.) [HKLM] -- Freez FLV to MP3 Converter v1.5_is1
O42 - Logiciel: GigaClicks Crawler - (.GigaClicks Inc..) [HKLM] -- GigaClicks Crawler
O42 - Logiciel: HitLeap Viewer 2.8 - (.HitLeap Ltd..) [HKLM] -- {31B12C11-AE4E-479F-8D6D-242DC265368D}
O42 - Logiciel: NBA 2K14 - (.Black Box.) [HKLM] -- {B4F41BC2-F2F7-4BC6-A686-DB6782141FB3}
O42 - Logiciel: Oxy - (.FINEDREAM INVEST LTD.) [HKCU] -- {9AAF2503-6CD5-414A-B5BA-37639B76C91F}
O42 - Logiciel: PS TO PC CONVERTER - (...) [HKLM] -- {A483F88A-41E9-45B2-AAC9-A823DD9B4873}
O42 - Logiciel: PileFile downloader - (.FINEDREAM INVEST LTD.) [HKCU] -- {2A4641B4-EDDB-46D1-B34B-F93E19A8B3DB}
O42 - Logiciel: Speed Video Splitter 4.3.33 - (.Flyers software, Inc..) [HKLM] -- Speed Video Splitter_is1
O42 - Logiciel: WASEL Pro - (.WASEL Pro VPN Service.) [HKLM] -- WASEL Pro
O42 - Logiciel: Web Page Maker V3.22 - (.Web Page Maker Software Company, Inc..) [HKLM] -- Web Page Maker_is1
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ARAR]
[HKCU\Software\HitLeap]
[HKCU\Software\InfoSpace.com]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\SOG]
[HKCU\Software\WASEL Pro VPN Service]
[HKLM\Software\Acclaim]
[HKLM\Software\ShanWan]
~ Key Software: 206 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/11/2013 - 16:54:22 - [164,340] ----D C:\Program Files\Arab-GB
O43 - CFD: 19/11/2013 - 18:21:44 - [0,751] ----D C:\Program Files\ARAR
O43 - CFD: 09/12/2013 - 14:32:30 - [0] ----D C:\Program Files\Black Box
O43 - CFD: 16/11/2013 - 21:29:37 - [0,781] ----D C:\Program Files\GUMAC29.tmp
O43 - CFD: 13/02/2014 - 20:48:23 - [60,236] ----D C:\Program Files\HitLeap
O43 - CFD: 26/11/2013 - 23:16:50 - [-793,637] ----D C:\Program Files\NBA 2K14
O43 - CFD: 20/12/2013 - 20:52:53 - [19,674] ----D C:\Program Files\Speed Video Splitter
O43 - CFD: 16/11/2013 - 12:15:46 - [0,203] ----D C:\Program Files\VID_2563&PID_0523
O43 - CFD: 17/01/2014 - 19:28:46 - [20,781] ----D C:\Program Files\WASEL Pro VPN Service
O43 - CFD: 09/02/2014 - 23:16:12 - [8,074] ----D C:\Program Files\Web Page Maker
O43 - CFD: 09/02/2014 - 23:16:15 - [0] ----D C:\ProgramData\Web Page Maker
O43 - CFD: 15/02/2014 - 10:20:20 - [0,004] ----D C:\Users\Moukasse\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 16/02/2014 - 20:41:23 - [0,012] ----D C:\Users\Moukasse\AppData\Roaming\Oxy
O43 - CFD: 09/02/2014 - 23:19:39 - [0,001] ----D C:\Users\Moukasse\AppData\Roaming\Web Page Maker
O43 - CFD: 28/01/2014 - 13:41:48 - [0,983] ----D C:\Users\Moukasse\AppData\Local\GCC
O43 - CFD: 28/11/2013 - 13:27:24 - [1,224] ----D C:\Users\Moukasse\AppData\Local\genienext
O43 - CFD: 18/01/2014 - 13:18:41 - [0,002] ----D C:\Users\Moukasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
~ Program Folder: 186 Legitimates Filtered in 01mn 46s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 11/02/2014 - 13:18:58 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 11/02/2014 - 13:19:04 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.03783D0840B2C54D7665248425C74417] - 11/02/2014 - 13:19:06 ---A- . (...) -- C:\Windows\System32\dosx.exe [53600]
O44 - LFC:[MD5.EB6C16CE0163AD282E95FCE5EE9BA518] - 11/02/2014 - 13:19:07 ---A- . (.Pas de propriétaire - Application PrintBrm.) -- C:\Windows\System32\PrintBrmUi.exe [66048]
O44 - LFC:[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - 11/02/2014 - 13:20:00 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [146852]
O44 - LFC:[MD5.A04C06A2142226D79DDA75920A496243] - 11/02/2014 - 13:20:11 ---A- . (.Pas de propriétaire - RemoteFX Helper.) -- C:\Windows\System32\RDVGHelper.exe [80896]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 12/02/2014 - 08:11:49 ---A- . (...) -- C:\Windows\win.ini [478]
~ Files: 808 Legitimates Filtered in 00mn 22s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.425B3B231A6B5468E0A453D05AF1DA85] - 11/02/2014 - 15:46:45 ---A- - C:\Windows\Prefetch\PWRISOVM.EXE-4EEDC484.pf
O45 - LFCP:[MD5.75E15B5CDB0702EEF62B7DBCEE4F703B] - 14/02/2014 - 09:30:05 ---A- - C:\Windows\Prefetch\PES2014.EXE-CC68E5B6.pf
O45 - LFCP:[MD5.37A7ED26F88BA4CA6016286541D126FF] - 14/02/2014 - 14:13:44 ---A- - C:\Windows\Prefetch\TOR.EXE-D309B589.pf
O45 - LFCP:[MD5.DC8617DA17ED0050F71B8B7FAB19A143] - 16/02/2014 - 16:53:33 ---A- - C:\Windows\Prefetch\WASEL_PRO.EXE-16AA610C.pf
~ Prefetcher: 101 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{286c050d-60bd-11e3-b20f-002454e29d86}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{286c0513-60bd-11e3-b20f-002454e29d86}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{74a06c71-7f63-11e3-beee-002454e29d86}\AutoRun\command. (...) -- G:\DTVP_Launcher.exe (.not file.)
O51 - MPSK:{e2e5e723-820c-11e3-a6b5-002454e29d86}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{f6984b1f-8212-11e3-a6b5-002454e29d86}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.DF4F000CFC05DEC947D928A8F3ADCD7A] - 31/03/2010 - 16:25:36 ---A- . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Windows\System32\Drivers\ETD.sys [109056]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 20/01/2014 - 19:58:33 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.203BB2691E7D0088A2C1F9C39C15A9B7] - 28/11/2013 - 00:24:18 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [108000]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 20/01/2014 - 19:58:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.2B7E31520F3BCF584B99366A6D192FB5] - 17/09/2010 - 17:42:46 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [64320]
O58 - SDL:[MD5.9C8F881A270E8E3BCC1B6E5F620234BA] - 17/09/2010 - 17:42:46 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [179520]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8CF6E2AE1707D82E904ECCA68CEF8B87] - 28/06/2012 - 07:49:48 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [26624]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 34s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 13/02/2014 - 21:03:10 ---A- . (...) -- C:\Users\Moukasse\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml [57]
O61 - LFC: 13/02/2014 - 21:03:10 ---A- . (...) -- C:\Users\Moukasse\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates.xml [7528]
O61 - LFC: 13/02/2014 - 21:03:26 R--A- . (...) -- C:\Users\Moukasse\AppData\Roaming\Microsoft\Installer\{31B12C11-AE4E-479F-8D6D-242DC265368D}\HitLeap_Viewer.exe [1470]
O61 - LFC: 13/02/2014 - 21:03:26 R--A- . (...) -- C:\Users\Moukasse\AppData\Roaming\Microsoft\Installer\{31B12C11-AE4E-479F-8D6D-242DC265368D}\favicon.exe [318]
O61 - LFC: 13/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\Khalil Benali 'Ila Kenti Katbghini' خليل بنـعلي إلا كنت كتبغيني - YouTube.mp4 [9978208]
O61 - LFC: 13/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\videoplayback_8.MP4 [10035225]
O61 - LFC: 13/02/2014 - 21:03:47 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\طريقة تحويل حساب أدسنس مستضاف لحساب أدسنس عادي‬ - YouTube.mp4 [21067865]
O61 - LFC: 14/02/2014 - 21:03:26 --HA- . (...) -- C:\Users\Moukasse\AppData\Roaming\Microsoft\Templates\~$Normal.dotm [162]
O61 - LFC: 14/02/2014 - 21:03:44 ---A- . (...) -- C:\Users\Moukasse\Downloads\Compressed\KRT_2.1.zip [569934]
O61 - LFC: 14/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\الدرس 3 - شرح موقع link Cash - الدورة المصغرة للربح من جووجل ادسنس ببساطة.MP4 [28704566]
O61 - LFC: 14/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\الدرس 4 - أفكار و استراتيجيات جلب الزوار - الدورة المصغرة للربح من جووجل ادسنس ببساطة.MP4 [34209428]
O61 - LFC: 14/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\الدرس 5 - رفع الآرباح بدون مضاعفة المجهود - الدورة المصغرة للربح من جووجل ادسنس ببساطة.FLV [31114838]
O61 - LFC: 14/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\الدرس 6 - رفع سعر النقرة في ادسنس - الدورة المصغرة للربح من جووجل ادسنس ببساطة.MP4 [26995244]
O61 - LFC: 14/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\حريم السلطان الجزء الثالث الحلقة 80 - 7arim Soultan 3 Ep 80 - b6627.flv [129313656]
O61 - LFC: 15/02/2014 - 21:03:45 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\---Hassan El Fad - Chanily TV - Episode 02 - YouTube.mp4 [38634398]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\---Hassan El Fad - Chanily TV - Episode 02 - YouTube_2.mp4 [38634398]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\EKO et Houda saad.MP4 [3818726]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\Hassan El Fad - Chanily TV - Episode 1 - YouTube.mp4 [34190872]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\ZAPPING 100 ] La 100ème - 400 Vidéos - 90 Min ► Youclip 28 Avril 2013 - YouTube.mp4 [398440268]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\a_4.mp4 [1078083]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\videoplayback_10.MP4 [13137696]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\أخطر زرَّامة في المغرب ، السرقة بأصولها و الإحترافية في الأداء هههه.MP4 [3167856]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\الدرس الثاني - فتح حساب جووجل ادسنس عادي - الدورة المصغرة للربح من جووجل ادسنس ببساطة.MP4 [25830548]
O61 - LFC: 15/02/2014 - 21:03:46 ---A- . (...) -- C:\Users\Moukasse\Downloads\Video\طريقة تحويل حساب أدسنس مستضاف لحساب أدسنس عادي.MP4 [27149551]
O61 - LFC: 16/02/2014 - 21:02:58 ---A- . (...) -- C:\Users\Moukasse\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [272857]
O61 - LFC: 16/02/2014 - 21:03:09 ---A- . (...) -- C:\Users\Moukasse\AppData\Local\Google\Chrome\User Data\Local State [59355]
O61 - LFC: 16/02/2014 - 21:03:27 ---A- . (...) -- C:\Users\Moukasse\AppData\Roaming\ZHP\Log.txt [31147] =>.Nicolas Coolman
O61 - LFC: 16/02/2014 - 21:03:27 ---A- . (...) -- C:\Users\Moukasse\AppData\Roaming\ZHP\TestsZHPDiag.txt [2884] =>.Nicolas Coolman
~ 730 Fichiers temporaires (Temporary files)
~ Files: 1449 Legitimates Filtered in 00mn 50s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Program Files\SecurityXploded\WiFiPasswordKeyGenerator\Uninstall.exe
C:\Program Files\SecurityXploded\WiFiPasswordKeyGenerator\WiFiPasswordKeyGenerator.exe
C:\Users\Moukasse\Documents\Mobogenie\WiFiPasswordKeyGenerator.zip =>PUP.Mobogenie
C:\Users\Moukasse\Music\type\Best Original Soundtracks (2013).www.zone-telechargement.com\26. Suite from the Ballet the Nutcracker, Op.71a, Dance of the Sugar Plum Fairy (From Fantasia) - The Philadelphia Orchestra, Leopold Stokowski.mp3
C:\Program Files\SecurityXploded\WiFiPasswordKeyGenerator\Uninstall.exe
C:\Program Files\SecurityXploded\WiFiPasswordKeyGenerator\WiFiPasswordKeyGenerator.exe
C:\Users\Moukasse\Documents\Mobogenie\WiFiPasswordKeyGenerator.zip =>PUP.Mobogenie
C:\Users\Moukasse\Music\type\Best Original Soundtracks (2013).www.zone-telechargement.com\26. Suite from the Ballet the Nutcracker, Op.71a, Dance of the Sugar Plum Fairy (From Fantasia) - The Philadelphia Orchestra, Leopold Stokowski.mp3
~ Files: Scanned in 00mn 36s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.70880B44091A9375CBC7F531568A7C7F] [SPRF][16/02/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{59A8B662-00EE-429E-A71C-F2926CAE5E02}" | In - Private - P6 - TRUE | .(.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe
O87 - FAEL: "{39F58257-91C8-4F1D-9B9C-9262A8DF06AD}" | In - Private - P17 - TRUE | .(.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe
O87 - FAEL: "{6FFD5D74-0949-4267-80FD-20F251CE595E}" | In - Domain - P6 - FALSE | .(.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe
O87 - FAEL: "{62365A3C-A179-43B3-AAD7-10C409B75BB1}" | In - Domain - P17 - FALSE | .(.Alexander Roshal - WinRAR archiver.) -- C:\Program Files\WinRAR\WinRAR.exe
O87 - FAEL: "{D32479CE-744D-4291-A9F4-38EFB085E11D}" | In - None - P6 - TRUE | .(...) -- C:\Users\Moukasse\AppData\Local\GCC\Controller.exe
~ Firewall: 194 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0D7DE6E7275E2237B24E5325D3FE4D16] [WIS][13/02/2014] (.HitLeap Ltd. - HitLeap Viewer 2.8 Installer.) -- C:\Windows\Installer\494260.msi [27660288]
~ WIS: 33 Legitimates Filtered in 00mn 07s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 04/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 20/01/2014 655712 | (Modem HDM EC156. RunOuc) . (...) - C:\Program Files\Modem HDM EC156\UpdateDog\ouc.exe
SS - | Demand 06/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 07s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Moukasse at 16/02/2014 21:04:40

device: opened successfully
user: MBR read successfully

Disk trace:
C:\Windows\system32\DRIVERS\iaStorA.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x83079BC5] >> \Device\Harddisk0\DR0[0x88B7A030]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Moukasse at 16/02/2014 21:04:42

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13031 - (14/02/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
C:\Users\Moukasse\AppData\Roaming\newnext.me =>PUP.NextLive^
~ Additionnel Scan: 291832 Items scanned in 00mn 19s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 4 link(s) detected in 00mn 19s



~ 3283 Legitimates filtered by white list
End of the scan (598 lines in 07mn 20s)(8)

Publicité


Signaler le contenu de ce document

Publicité