cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.2.1 - Nicolas Coolman (02/04/2014)
~ Lancé par pc (02/04/2014 20:58:51)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v11.0.696.60 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : FG72J
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2048 MB (32% free)
System Restore: Activé (Enable)
System drive C: has 1 GB (1%) free of 78 GB

---\\ Mode de connexion au système
~ Computer Name: PC-PC
~ User Name: pc
~ All Users Names: pc, Administrateur,
~ Unselected Option: O44,O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\pc\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\pc\AppData\Roaming\
~ %Desktop% : C:\Users\pc\Desktop\
~ %Favorites% : C:\Users\pc\Favorites\
~ %LocalAppData% : C:\Users\pc\AppData\Local\
~ %StartMenu% : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 1 Go of 78 Go)
E: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 184 Go of 202 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 02:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 00:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 08:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 08:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 08:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/106
~ Mes Favoris (My Favorites) : 1/45
~ Mes Documents (My Documents) : 1/99
~ Mon Bureau (My Desktop) : 1/11600
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2800]
[MD5.A248662EA8910D7D39F6CA615D4837EC] - (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6852608] [PID.3032]
[MD5.4811D9DC52AEE953F4FA08DC2951221F] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [181360] [PID.3064]
[MD5.00E4F2C80565767C8C74A02F98DEEBF2] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [190064] [PID.3080]
[MD5.E6BEBD2EFD65A39F483122874BB9E7E9] - (...) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [102400] [PID.3136]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1872]
[MD5.0DFDD88C8DA5FAE3664D0B63469621CF] - (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe [7307776] [PID.3452] =>Adware.Bandoo
[MD5.5D71F2C3A40B102D5B9418F33302CB38] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1110816] [PID.3464]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.3472]
[MD5.AC7440D4880D578C09AC9F459DD90919] - (...) -- C:\Program Files\DoubleOptMedia\ProcessUsage.exe [1380496] [PID.3644]
[MD5.04E45EBBD258DE06B375F0D3E9B90C35] - (.Dassault Systèmes SolidWorks Corp. - sldBgDwldresu.) -- C:\Program Files\Common Files\Gestionnaire d'installation SolidWorks\BackgroundDownloading\sldBgDwld.exe [1855560] [PID.3724]
[MD5.E6933DDF947A5C56E2C23528CA7B028A] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [3741984] [PID.712]
[MD5.63D700F14DA977B8DA6D9266B31EB071] - (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe [1010232] [PID.880]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2668]
[MD5.A9AA7C3F056A549631D0B72F893CCF52] - (.Nitro PDF - Nitro Pro 8.) -- C:\Program Files\Nitro\Pro 8\NitroPDF.exe [3991048] [PID.5392]
[MD5.5ED9A7AF39ACFFD9A9402E4C03EBD6A5] - (.Nitro PDF - Nitro Pro 8.) -- C:\Program Files\Nitro\Pro 8\Nitro_PIPAssistant.exe [81416] [PID.5048]
[MD5.5D1BFF0FCE80F9E2E539F436710D4A79] - (.Microsoft Corporation - Preview Handler Surrogate Host.) -- C:\Windows\system32\prevhost.exe [31232] [PID.6040]
[MD5.E433210DD9F9EF43D4D170E52FFFF116] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe [1423008] [PID.4772]
[MD5.E97295DE2A9FDE547FEAB4FE41DF16CA] - (.Microsoft Corporation - Paint.) -- C:\Windows\system32\mspaint.exe [6376960] [PID.2268]
[MD5.F0CE586AEAF318BDDD443651A2E672E7] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe [646144] [PID.6032]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8181760] [PID.6396]
~ Processes Running: Scanned in 00mn 15s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aklgihombecggpndejipmaiafjlcjeba] greattsaveru v.2.7 (Activé) =>PUP.GreatSaver
G2 - GCE: Preference [User Data\Default] [ilfkidmjpkgfjdmkmjcakllpmjaeaecb] SNT v.2.1 (Activé)
G2 - GCE: Preference [User Data\Default] [kanfcllliekbefcagfbdbfdgggdbopcj] Media Watch v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [okpfiebkkmjcnodegbbbiellepfhoglm] Save Flash v.203 (Activé) =>Adware.SafeSave

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 8 Legitimates Filtered in 00mn 34s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: SNT - {14C2F08C-50AF-5A18-12D6-194A43FD0278} . (...) -- C:\Program Files\SNT\nJRson4qpT.dll
O2 - BHO: ggrEaTsaaVer - {B125449A-4C87-7EFE-FA82-4AD3560C22D0} . (...) -- C:\Program Files\ggrEaTsaaVer\dK8O.dll =>PUP.GreatSaver
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Automation Studio 3.0.5.lnk . (...) -- C:\Program Files\Automation Studio 3.0.5\Astudio.exe
O4 - GS\Desktop [Public]: Component Plus.lnk . (.ProSim - IPAO.) -- C:\Program Files\Component Plus\ComponentPlus.exe
O4 - GS\Desktop [Public]: eDrawings 2007.lnk . (.Solidworks - EModelViewer Module.) -- C:\Program Files\Common Files\eDrawings2007\EModelViewer.exe
O4 - GS\Desktop [Public]: HSPA USB MODEM.lnk . (...) -- C:\Program Files\HSPA USB MODEM\ModemApplication.exe
O4 - GS\Desktop [Public]: Internet Mobile.lnk . (...) -- C:\Program Files\Internet Mobile\Internet Mobile.exe
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe
O4 - GS\Desktop [Public]: SMADΔV.lnk . (.Smadsoft - Smadav USB Antivirus & Additional Protectio.) -- C:\Program Files\SMADAV\SMΔRTP.exe
O4 - GS\Desktop [Public]: SolidWorks 2012.lnk . (.Flexera Software, Inc. - InstallShield.) -- C:\Windows\Installer\{FE706200-62BF-4D25-8B34-DC31189DE902}\i386_SldWorks.exe
O4 - GS\Desktop [Public]: SolidWorks eDrawings 2012.lnk . (.Dassault Systèmes SolidWorks Corp. - EModelViewer Module.) -- C:\Program Files\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe
O4 - GS\Desktop [Public]: SolidWorks Explorer 2012.lnk . (.Flexera Software, Inc. - InstallShield.) -- C:\Windows\Installer\{58A53B98-4759-4BBE-8F2D-878CD6B18CE2}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe
O4 - GS\Program [Public]: eDrawings 2007.lnk . (.Solidworks - EModelViewer Module.) -- C:\Program Files\Common Files\eDrawings2007\EModelViewer.exe
O4 - GS\QuickLaunch [pc]: eDrawings 2007.lnk . (.Solidworks - EModelViewer Module.) -- C:\Program Files\Common Files\eDrawings2007\EModelViewer.exe
O4 - GS\QuickLaunch [pc]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\QuickLaunch [pc]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [pc]: SolidWorks 2007 SP0.0.lnk . (.InstallShield Software Corp. - InstallShield.) -- C:\Windows\Installer\{D0B5FD6D-F787-4D40-BB8F-7EDD73DD523E}\i386_SldWorks.exe
O4 - GS\QuickLaunch [pc]: SolidWorks 2012.lnk . (.Flexera Software, Inc. - InstallShield.) -- C:\Windows\Installer\{FE706200-62BF-4D25-8B34-DC31189DE902}\i386_SldWorks.exe
O4 - GS\QuickLaunch [pc]: SolidWorks Explorer 2012.lnk . (.Flexera Software, Inc. - InstallShield.) -- C:\Windows\Installer\{58A53B98-4759-4BBE-8F2D-878CD6B18CE2}\NewShortcut1.exe
O4 - GS\QuickLaunch [pc]: SolidWorks Explorer.lnk . (.SolidWorks Corporation - pdmworks.exe.) -- C:\Program Files\SolidWorks\SolidWorks Explorer\solidworksexplorer.exe
O4 - GS\TaskBar [pc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [pc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [pc]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Program [pc]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [pc]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [pc]: Continue MiniGet Smart Downloader.lnk . (.@@@ - setap file.) -- C:\Users\pc\AppData\Local\Temp\InSetup1394908219.exe http://installer.apps-track.com
O4 - GS\Desktop [pc]: Developer Studio.lnk . (.Microsoft Corporation - Microsoft® Developer Studio.) -- C:\Program Files\DevStudio\SharedIDE\Bin\MSDEV.exe
O4 - GS\Desktop [pc]: ezfm - Raccourci.lnk . (.Delcam - FeatureCAM 2012.) -- C:\Program Files\Delcam\FeatureCAM\Program\ezfm.exe
O4 - GS\Desktop [pc]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [pc]: OriginPro 8.lnk . (.OriginLab Corporation - Origin 8.) -- C:\Program Files\OriginLab\Origin8\Origin8.exe
O4 - GS\Desktop [pc]: SLDWORKS - Raccourci.lnk . (.SolidWorks Corporation - SldWorks.) -- C:\Program Files\SolidWorks\SLDWORKS.exe
O4 - GS\Desktop [pc]: Texmaker.lnk . (...) -- C:\Program Files\Texmaker\texmaker.exe
~ Global Startup: 71 Legitimates Filtered in 00mn 06s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - GS\Startup [Public]: Téléchargement en arrière-plan de SolidWorks.lnk . (.Dassault Systèmes SolidWorks Corp. - sldBgDwldresu.) -- C:\Program Files\Common Files\Gestionnaire d'installation SolidWorks\BackgroundDownloading\sldBgDwld.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Meditel Imola ModemListener] . (...) -- C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
O4 - HKLM\..\Run: [NeroCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [VideoUsage] . (...) -- C:\Program Files\DoubleOptMedia\VideoUsage.exe
O4 - HKLM\..\Run: [TasksWatch] . (...) -- C:\Users\pc\AppData\Local\Temp\TasksWatch.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [Google Update] Clé orpheline
O4 - HKCU\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2873245051-3812281247-3297427779-1000\..\Run: [Google Update] Clé orpheline
O4 - HKUS\S-1-5-21-2873245051-3812281247-3297427779-1000\..\Run: [iLivid] . (.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 7 Legitimates Filtered in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD1B6EC-9B74-456B-9C34-5880F238356B}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6265E2DB-450C-46F4-AA64-9BB88BB70515}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{726E84DE-250C-476D-AA7E-534DFEEFF627}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C57C5FAE-DCE8-495F-8428-0A1D8A04FFFF}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA4CC64D-F51C-4093-B4BC-FCF604157AA3}: NameServer = 212.217.0.12 212.217.1.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D1C42E-BE89-4CC6-B9C5-3A620935A6AC}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{81C7F625-D42C-4E15-B0E5-EB01A3E0ADA6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpNameServer = 196.200.180.34 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpNameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpDomain = ensa-agadir.ac.ma
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpDomain = WAG160N
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AD1B6EC-9B74-456B-9C34-5880F238356B}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6265E2DB-450C-46F4-AA64-9BB88BB70515}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{726E84DE-250C-476D-AA7E-534DFEEFF627}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C57C5FAE-DCE8-495F-8428-0A1D8A04FFFF}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DA4CC64D-F51C-4093-B4BC-FCF604157AA3}: NameServer = 212.217.0.12 212.217.1.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{F1D1C42E-BE89-4CC6-B9C5-3A620935A6AC}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{81C7F625-D42C-4E15-B0E5-EB01A3E0ADA6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpNameServer = 196.200.180.34 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpNameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpDomain = ensa-agadir.ac.ma
O17 - HKLM\System\CS1\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpDomain = WAG160N
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AD1B6EC-9B74-456B-9C34-5880F238356B}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6265E2DB-450C-46F4-AA64-9BB88BB70515}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{726E84DE-250C-476D-AA7E-534DFEEFF627}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C57C5FAE-DCE8-495F-8428-0A1D8A04FFFF}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DA4CC64D-F51C-4093-B4BC-FCF604157AA3}: NameServer = 212.217.0.12 212.217.1.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{F1D1C42E-BE89-4CC6-B9C5-3A620935A6AC}: NameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{81C7F625-D42C-4E15-B0E5-EB01A3E0ADA6}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpNameServer = 196.200.180.34 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpNameServer = 62.251.229.237 62.251.229.223
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C88B834-83A5-4529-AF27-C3DC0B19C08D}: DhcpDomain = ensa-agadir.ac.ma
O17 - HKLM\System\CS2\Services\Tcpip\..\{9E3191CE-ED88-4807-A5DA-FF031154A6BE}: DhcpDomain = WAG160N
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.251.229.237 62.251.229.223
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: GS_Supporter (10fdc8d0) . (...) - C:\Program Files\gs_ena~1\AssistantSvc.dll =>PUP.SaveClicker
O23 - Service: Mobile Broadband HL Service (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCData\StartHelp.exe
~ Services: 12 Legitimates Filtered in 00mn 51s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AmiUpdXp.job [328] =>Hijacker.iHaveNet
[MD5.ACDBCEB985281EC98B1ACB1C2A4AB9C3] [APT] [AmiUpdXp] (...) -- C:\Users\pc\AppData\Local\5562\a9751.exe [288840] =>PUP.Software.Updater
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.D41D8CD98F00B204E9800998ECF8427E] [APT] [smadav] (...) -- C:\Program Files\Smadav\SM?RTP.exe [1609728]
[MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{185312F1-8F19-4AEF-928B-539F749B1870}] (...) -- G:\Nouveau dossier (2)\DW1703_W7_A00_Setup-W1GV9_ZPE.exe (.not file.) [0]
[MD5.24BC3CC54E5DBE1991F77702CEA8E1A0] [APT] [{3D09BBA9-75CD-4570-A86D-43A4FC12BACB}] (.ProSim.) -- C:\Program Files\Component Plus\ComponentPlus.exe [3009024]
[MD5.00000000000000000000000000000000] [APT] [{BC909BE2-F665-49FF-993D-F7AB50EA3981}] (...) -- G:\Nouveau dossier (2)\Vedio_Intel_W84_X00_A01_Setup-5PFY2_ZPE.exe (.not file.) [0]
[MD5.24BC3CC54E5DBE1991F77702CEA8E1A0] [APT] [{E98CCA75-6BD8-4923-977C-AD19948EC92C}] (.ProSim.) -- C:\Program Files\Component Plus\ComponentPlus.exe [3009024]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 23s



---\\ Logiciels installés (O42)
O42 - Logiciel: Automation Studio 3.0.5 - (...) [HKLM] -- Automation Studio 3.0.5
O42 - Logiciel: Component Plus - (...) [HKLM] -- Component Plus
O42 - Logiciel: DoubleOptMedia - (.M/s Tech AnB.) [HKLM] -- DoubleOptMedia11.041.44
O42 - Logiciel: FeatureCAM 2012 - (.Delcam.) [HKLM] -- FeatureCAM2012
O42 - Logiciel: Media Watch - (.Media Watch.) [HKLM] -- MediaWatchV1home8832
O42 - Logiciel: PC Data App - (...) [HKLM] -- PCData App
O42 - Logiciel: SNT - (.SNT.) [HKLM] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
O42 - Logiciel: Singularity (remove only) - (...) [HKLM] -- Singularity
O42 - Logiciel: WinWrap Basic v10 - For COM (x86) NET 4.0 Utility - (.Polar Engineering.) [HKLM] -- {76072017-5208-433D-87FB-B4A3358F3A81}
O42 - Logiciel: ggrEaTsaaVer - (.greeAtsavver.) [HKLM] -- {CA41BB14-E67B-1653-C57B-5CA99418A866} =>PUP.GreatSaver
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKCU] -- iLivid =>Adware.Bandoo
~ Logic: 13 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IRAI]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\PCDataApp]
[HKCU\Software\ProSim]
[HKCU\Software\SMADΔV]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\TR1]
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKLM\Software\ComponentPlus]
[HKLM\Software\Delcam USA]
[HKLM\Software\GS_Enabler]
[HKLM\Software\MediaWatchV1]
[HKLM\Software\PCDataApp]
[HKLM\Software\ProSim]
[HKLM\Software\Security]
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader
~ Key Software: 244 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/12/2013 - 21:35:24 - [22,240] ----D C:\Program Files\Component Plus
O43 - CFD: 18/12/2013 - 09:37:50 - [1023,862] ----D C:\Program Files\Delcam
O43 - CFD: 27/09/2013 - 12:21:05 - [66,975] ----D C:\Program Files\DevStudio
O43 - CFD: 15/03/2014 - 19:34:03 - [9,787] ----D C:\Program Files\DoubleOptMedia
O43 - CFD: 13/01/2014 - 19:44:33 - [0,746] ----D C:\Program Files\ggrEaTsaaVer =>PUP.GreatSaver
O43 - CFD: 17/01/2014 - 23:09:21 - [0,140] ----D C:\Program Files\GS_Enabler
O43 - CFD: 15/03/2014 - 17:19:22 - [1,536] ----D C:\Program Files\IRAI
O43 - CFD: 31/03/2014 - 07:49:47 - [0,372] ----D C:\Program Files\MediaWatchV1
O43 - CFD: 15/03/2014 - 19:34:00 - [1,287] ----D C:\Program Files\PCData
O43 - CFD: 18/12/2013 - 09:40:04 - [0,165] ----D C:\Program Files\Polar Engineering
O43 - CFD: 01/04/2014 - 15:58:17 - [0,022] ----D C:\Program Files\ProSimPlus
O43 - CFD: 11/10/2013 - 03:51:23 - [96,205] ----D C:\Program Files\Singularity
O43 - CFD: 13/01/2014 - 19:46:18 - [0,746] ----D C:\Program Files\SNT
O43 - CFD: 01/04/2014 - 15:57:33 - [0] ----D C:\Program Files\YoutubeAdblocker =>PUP.TubeAdBlocker
O43 - CFD: 18/12/2013 - 09:38:12 - [24,641] ----D C:\Program Files\Common Files\Delcam
O43 - CFD: 01/04/2014 - 15:57:33 - [0,096] ----D C:\ProgramData\f560bcec20491caf
O43 - CFD: 18/12/2013 - 09:43:08 - [2,616] ----D C:\ProgramData\FeatureCAM
O43 - CFD: 13/01/2014 - 19:44:33 - [0,382] ----D C:\ProgramData\ggrEaTsaaVer =>PUP.GreatSaver
O43 - CFD: 13/01/2014 - 19:47:09 - [3,204] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 13/01/2014 - 19:46:19 - [0,382] ----D C:\ProgramData\SNT
O43 - CFD: 01/04/2014 - 22:54:39 - [0] ----D C:\ProgramData\YoutubeAdblocker =>PUP.TubeAdBlocker
O43 - CFD: 15/03/2014 - 18:16:36 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/12/2013 - 09:43:45 - [0] ----D C:\Users\pc\AppData\Roaming\Polar Engineering
O43 - CFD: 15/03/2014 - 20:00:54 - [0,241] ----D C:\Users\pc\AppData\Roaming\Shortcut
O43 - CFD: 15/03/2014 - 17:45:22 - [0] ----D C:\Users\pc\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader
O43 - CFD: 15/03/2014 - 19:31:23 - [0,278] ----D C:\Users\pc\AppData\Local\5562
O43 - CFD: 21/01/2014 - 12:23:48 - [0] ----D C:\Users\pc\AppData\Local\DownBook
O43 - CFD: 25/03/2014 - 22:49:04 - [127,064] ----D C:\Users\pc\AppData\Local\iLivid =>Adware.Bandoo
O43 - CFD: 11/11/2013 - 10:03:52 - [0] ----D C:\Users\pc\AppData\Local\WideSearch
~ Program Folder: 198 Legitimates Filtered in 02mn 27s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 05s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{036a2751-3593-11e3-955d-806e6f6e6963}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{0e59a252-35fd-11e3-97f3-001e101f50a4}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{212495ed-356d-11e3-9580-642737cfc1f7}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{212495f9-356d-11e3-9580-642737cfc1f8}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{7e96fe69-4aa9-11e3-a145-642737cfc1f8}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{a5897e50-6427-11e3-bf2c-24b6fd1a305c}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
O51 - MPSK:{bedee2fe-3928-11e3-953a-642737cfc1f8}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{fd524c46-545c-11e3-9fda-001e101f7c5e}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{fd524c5d-545c-11e3-9fda-001e101f7c5e}\AutoRun\command. (...) -- D:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 04s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"SENTINEL"="snti386.dll" . (...) -- C:\Windows\System32\snti386.dll
O52 - TDSD: \drivers.desc\"snti386.dll"="Sentinel for i386 Systems" . (...) -- C:\Windows\System32\snti386.dll
~ TDSD: 9 Legitimates Filtered in 00mn 08s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 01s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 15/10/2013 - 07:46:37 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 25/03/2001 - 22:18:58 R--A- . (...) -- C:\Windows\System32\Drivers\GiveIO.sys [5248]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 15/10/2013 - 07:46:38 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:[MD5.DA17773297995D1135DFD1ACEEF07D58] - 24/10/2000 - 04:39:00 ---A- . (...) -- C:\Windows\System32\Drivers\SENTINEL.SYS [73216]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 01mn 14s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\pc\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {CA0CF9C7-9491-4C5A-BA9A-E5FF0976DBD6} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.17C8BF490CA207D06EF2A0EC84F47191] [SPRF][27/09/2013] (...) -- C:\Users\pc\Desktop\AdwCleaner.exe [1042066]
[MD5.AC8178963A26E9A1E93E167F8D9D8884] [SPRF][19/02/2014] (...) -- C:\Users\pc\Desktop\camtasia.exe [250287464]
~ Files: 2 Legitimates Filtered in 00mn 30s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{7B4B1B06-499B-4129-9C7C-0BDA7CC7D793}C:\program files\singularity\slvoice.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\singularity\slvoice.exe
O87 - FAEL: "UDP Query User{F8CABCCA-C408-4DE4-B0F1-A2B31DE5C1F8}C:\program files\singularity\slvoice.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\singularity\slvoice.exe
O87 - FAEL: "{18AB3C3E-5C9F-4E7E-B938-F49448BE803B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{812D86C6-5FCC-4832-B792-D9A56B8688E0}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{845AD2B3-7516-4CB8-BD99-FD6782C312B0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{81C4D06C-5879-48D0-9F22-FBFDB3B57AF9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 - FAEL: "{3A805A77-6B9B-4F96-9FED-275BACF6FD2E}" | In - None - P6 - TRUE | .(.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O87 - FAEL: "{C58ECFF8-7892-43A7-B7DD-FC47D5156A64}" | In - None - P17 - TRUE | .(.Bandoo Media Inc. - iLivid Download Manager.) -- C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
~ Firewall: 14 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.56789DA226BECEEB9DFA587F73008AF6] [WIS][21/06/2012] (.Polar Engineering - COM/NET 4.0 Components for Scripting Applications.) -- C:\Windows\Installer\178f46ef.msi [544256]
[MD5.82DBA36C59199A57ECE7A3BF64D45C55] [WIS][28/09/2013] (.Nitro - Nitro Pro 8.0.9.8.) -- C:\Windows\Installer\1a775ed.msi [172556288]
[MD5.62A6BAA3C483A12DC17B0B6F7E59200B] [WIS][15/04/2008] (.Dassault Systemes - Dassault Systemes Prerequisites (8.1.3).) -- C:\Windows\Installer\39037426.msi [4565504]
~ WIS: 56 Legitimates Filtered in 02mn 43s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 13/01/2014 146768 | C:\Program Files\gs_ena~1\AssistantSvc.dll (10fdc8d0) . (...) - C:\Program Files\GS_Enabler\AssistantSvc.dll
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 27/09/2011 89160 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Demand 04/12/2013 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 15/10/2013 655712 | (Internet Mobile. RunOuc) . (...) - C:\Program Files\Internet Mobile\UpdateDog\ouc.exe
SS - | Demand 16/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Auto 14/03/2014 90680 | (ProtectMonitor) . (...) - C:\Program Files\PCData\StartHelp.exe
SS - | Demand 17/08/2011 90168 | (Remote Solver for Flow Simulation 2012) . (.Mentor Graphics Corporation.) - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
SS - | Demand 04/12/2013 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

SR - | Auto 17/01/2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 05/03/2012 782112 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 01/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 20/06/2011 49752 | (Meditel Imola Modem Device Helper) . (...) - C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
SR - | Auto 15/10/2013 230240 | (Mobile Broadband HL Service) . (...) - C:\ProgramData\MobileBrServ\mbbservice.exe
SR - | Auto 29/11/2012 196616 | (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
SR - | Auto 01/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/04/2012 40960 | (wltrysvc) . (.Dell Inc..) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Disabled 10/07/1658 0 | (‮etadpug) . (...) - C:\Program Files\Google\Desktop\Install\{0da4a28b-e312-f491-a1aa-af454a562df9}\ \...\‮ﯹ๛\{0da4a28b-e312-f491-a1aa-af454a562df9}\GoogleUpdate.exe

~ Services: Scanned in 02mn 58s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ MBR: 1 Legitimates Filtered in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 5

[HKLM\Software\Google\Chrome\Extensions\aklgihombecggpndejipmaiafjlcjeba] =>PUP.GreatSaver^
[HKLM\Software\Google\Chrome\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm] =>Adware.SafeSave^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B125449A-4C87-7EFE-FA82-4AD3560C22D0}] =>PUP.GreatSaver^
[HKLM\SYSTEM\CurrentControlSet\Services\10fdc8d0] =>PUP.SaveClicker^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}] =>PUP.GreatSaver^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] =>Adware.Bandoo^
[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}] =>PUP.Software.Updater
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater
[HKLM\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}] =>PUP.Software.Updater
[HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}] =>Dialer.IEAcess
[HKLM\Software\Classes\Updater.AmiUpd] =>PUP.Software.Updater
[HKLM\Software\Classes\Updater.AmiUpd.1] =>PUP.Software.Updater
[HKCU\Software\ilivid] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}] =>PUP.Software.Updater
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:iLivid =>Adware.Bandoo^
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aklgihombecggpndejipmaiafjlcjeba =>PUP.GreatSaver^
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm =>Adware.SafeSave^
C:\Program Files\ggrEaTsaaVer =>PUP.GreatSaver^
C:\Program Files\YoutubeAdblocker =>PUP.TubeAdBlocker^
C:\ProgramData\ggrEaTsaaVer =>PUP.GreatSaver^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\YoutubeAdblocker =>PUP.TubeAdBlocker^
C:\Users\pc\AppData\Roaming\YourFileDownloader =>PUP.YourFileDownloader^
C:\Users\pc\AppData\Local\iLivid =>Adware.Bandoo^
C:\Users\pc\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo^
C:\Windows\Tasks\AmiUpdXp.job =>Hijacker.iHaveNet^
C:\Users\pc\AppData\Local\5562\a9751.exe =>PUP.Software.Updater^
[HKLM\Software\YourFileDownloader] =>PUP.YourFileDownloader^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 552153 Items scanned in 04mn 23s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/29049364-adware-safesave =>Adware.SafeSave
http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie
http://nicolascoolman.webs.com/apps/blog/show/41737185-pup-saveclicker =>PUP.SaveClicker
http://nicolascoolman.webs.com/apps/blog/show/33336602-hijacker-ihavenet =>Hijacker.iHaveNet
http://nicolascoolman.webs.com/apps/blog/show/32713686-pup-software-updater =>PUP.Software.Updater
http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/39592164-hijacker-windows =>Hijacker.Windows
~ MSI: 15 link(s) detected in 00mn 00s



~ 808 Legitimates filtered by white list
End of the scan (638 lines in 26mn 46s)(0)

Publicité


Signaler le contenu de ce document

Publicité