cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.13.25 - Nicolas Coolman (13/04/2014)
~ Lancé par hicham (13/04/2014 21:43:05)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.5.0216.0

---\\ Logiciels d'optimisation du système
CCleaner =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader 8.3.1 - Français
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 48 GB (32%) free of 149 GB

---\\ Mode de connexion au système
~ Computer Name: TIGRE
~ User Name: hicham
~ All Users Names: hicham, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\hicham\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\hicham\AppData\Roaming\
~ %Desktop% : C:\Users\hicham\Desktop\
~ %Favorites% : C:\Users\hicham\Favorites\
~ %LocalAppData% : C:\Users\hicham\AppData\Local\
~ %StartMenu% : C:\Users\hicham\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 48 Go of 149 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 139 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.1E5DF19A5F053345430D7AF87943C47A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/02/2014 - 06:40:18.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/601
~ Mes musiques (My Musics) : 2/334
~ Mes Videos (My Videos) : 1/90
~ Mes Favoris (My Favorites) : 1/88
~ Mes Documents (My Documents) : 2/1890
~ Mon Bureau (My Desktop) : 17/217618
~ Menu demarrer (Programs) : 1/104
~ Hidden Files: Scanned in 01mn 04s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2488]
[MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936] [PID.2052]
[MD5.18A713EFF246F3C1293AD1D921B44396] - (.ASUS - ATK Media.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe [159744] [PID.3560]
[MD5.766E24A20116AFA41F380B57FFE7AF02] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328] [PID.2464]
[MD5.B9E0238332D237523476870717519BAE] - (.PC Tools - SSDMonit Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408] [PID.160]
[MD5.811AC69DB60ACB7F7B802434AA3E37E2] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4853760] [PID.2572]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.912]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2756]
[MD5.675253563B449B0B37E97BD09150B1ED] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648] [PID.3592]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3572]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3480]
[MD5.F5A13CFA90143C3758B0108EE6585AC8] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Programm Files\Internet Download Manager\IDMan.exe [3437976] [PID.1716]
[MD5.935186665A34CAE2FA881A8A1BE80DF2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20918432] [PID.3004]
[MD5.4F9236BE13917B89F7A03DEA85F220FA] - (.Pas de propriétaire - WebPlayer.) -- C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe [202752] [PID.700] =>PUP.CrossRider
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4320]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Programm Files\Internet Download Manager\IEMonitor.exe [263600] [PID.2692]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5760]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5068]
[MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8212992] [PID.5016]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1328]
[MD5.1EE3643D1AA747222427F63353611AD7] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.984]
[MD5.0DC66509A10AEAB8FEAFE02959051748] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1056]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1248]
[MD5.66597AD6098352D11239C0C42100B176] - (.Pas de propriétaire - ASLDR Service.) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208] [PID.1524]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1996]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2008]
[MD5.8B67401495E2059582963E8983297BC3] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [522792] [PID.2044]
[MD5.5EEDDA81DB73A1124F97B07A6A5FB2B1] - (.New Softwares.net - Service Application.) -- C:\Windows\system32\WinFLService.exe [92360] [PID.276]
[MD5.564BAB77CD96CE0E3FD5BBCDDED142DF] - (...) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe [329544] [PID.428]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.12]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1028]
[MD5.A0E7D752514A7D99341D5F2A834224A9] - (.PC Tools - StartMan Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792] [PID.1668]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.840]
[MD5.DF4A7E1E2BA788E28747F1EF49692ED6] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [5341536] [PID.2124]
[MD5.E4AA07F8BCBCB66EF115C443CD45C7A2] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- C:\Program Files\Microsoft Security Client\NisSrv.exe [279776] [PID.3428]
[MD5.E63A5B26588DA2FE985B0A322C49DD76] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [397312] [PID.2224]
[MD5.6C480FD77C86F752F5E83C918B0EDCBB] - (.ATK0100 - HControl.) -- C:\Program Files\ATK Hotkey\Hcontrol.exe [225280] [PID.2208]
[MD5.C1F251686AEDBEF3D173A804B7CF7314] - (.Pas de propriétaire - ATKOSD2.) -- C:\Program Files\ATKOSD2\ATKOSD2.exe [7708672] [PID.3604]
[MD5.D142CB37F10ACF08E68D9A4A21E29059] - (.ASUS - ASPG application.) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe [154168] [PID.4088]
[MD5.BADBC0E13D7BD5B5E09324587041D8C9] - (.Pas de propriétaire - Wireless Console 2.) -- C:\Program Files\Wireless Console 2\wcourier.exe [1040384] [PID.2352]
[MD5.16DEF7EBCB7BB73A55F7486C6D42E288] - (.Pas de propriétaire - ATKOSD.) -- C:\Program Files\ATK Hotkey\ATKOSD.exe [2420736] [PID.4012]
[MD5.A30E7036045BCC35D90DED2FE7642758] - (.Pas de propriétaire - KBFiltr Application.) -- C:\Program Files\ATK Hotkey\KBFiltr.exe [77824] [PID.1936]
[MD5.463790AEF94D8EAB674631257F53252E] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4408]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\hicham\AppData\Roaming\Mozilla\Firefox\Profiles\x1aoq96e.default\prefs.js
M3 - MFPP: Plugins - [hicham] -- C:\Users\hicham\AppData\Roaming\Mozilla\Firefox\Profiles\x1aoq96e.default\searchplugins\ask-search.xml
~ Firefox Browser: 44 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Free PDF to Word Converter.lnk . (.SmartSoft - Free PDF to Word Converter.) -- C:\Program Files\Free PDF to Word Converter\Free PDF to Word Converter.exe
O4 - GS\Desktop [Public]: Registry Mechanic.lnk . (.PC Tools - Registry Mechanic 10.0.) -- C:\Program Files\Registry Mechanic\RegMech.exe
O4 - GS\Desktop [Public]: Wondershare Dr.Fone pour iOS.lnk . (.Wondershare - Wondershare Dr.Fone for iOS.) -- C:\Program Files\Wondershare\Dr.Fone pour iOS\iphoneRecovery_DrFoneForiOS.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [hicham]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [hicham]: LeConjugueur.lnk . (.Le Conjugueur - Le Conjugueur.) -- C:\Program Files\LeConjugueur\LeConjugueur.exe
O4 - GS\QuickLaunch [hicham]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [hicham]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [hicham]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [hicham]: AppsHat.lnk . (...) -- C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe =>PUP.CrossRider
O4 - GS\Desktop [hicham]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [hicham]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [hicham]: UltimaSteganography 1.7.lnk . (.Enplase Research - Pas de description.) -- C:\Program Files\Ultima Steganography\Ultima Steganography.exe
~ Global Startup: 74 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SSDMonitor] . (.PC Tools - SSDMonit Application.) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Windows\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [P2Go_Menu] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Programm Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [MobileDocuments] . (.Apple Inc. - ubd.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [AppsHat] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe =>PUP.CrossRider
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Programm Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [MobileDocuments] . (.Apple Inc. - ubd.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [AppsHat] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe =>PUP.CrossRider
O4 - HKUS\S-1-5-21-1030193903-55354360-408386385-1000\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - C:\Windows\Java\classes\xmldso.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{73471317-8864-40CD-B27C-F53DF2C00BA1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF368787-831B-4F50-8C97-DC69ECF926B7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{73471317-8864-40CD-B27C-F53DF2C00BA1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EF368787-831B-4F50-8C97-DC69ECF926B7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{73471317-8864-40CD-B27C-F53DF2C00BA1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{EF368787-831B-4F50-8C97-DC69ECF926B7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: FLService (FLService) . (.New Softwares.net - Service Application.) - C:\Windows\system32\WinFLService.exe
~ Services: 13 Legitimates Filtered in 00mn 09s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1F826389-4B14-4FAD-A49D-FB86F9F551C9}] (...) -- C:\Users\hicham\AppData\Local\Temp\GomEncDnInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9A0077CC-D261-4B76-9281-B08BB15F4FBC}] (...) -- C:\Program Files\Auralog\TELL ME MORE Performance\bin\Unsetup.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 02s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (WinFLAdrv) . (...) - C:\Windows\System32\WinFLAdrv.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: TI83plus - (...) [HKLM] -- TI83plus
O42 - Logiciel: Ultima Steganography 1.7 - (...) [HKLM] -- Ultima Steganography_is1
O42 - Logiciel: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - (...) [HKLM] -- Yahoo! Companion
O42 - Logiciel: dosier - (.ÒíÑÇæí.) [HKLM] -- ÏÑæÓ ÇÌÊãÇÚíÇÊ 4ãÊæÓØ1.0
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Complitly] =>Adware.PredictAd
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\ElasticLogic]
[HKCU\Software\PCTools]
[HKCU\Software\PartyGaming]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Wif2]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\NetDragon]
[HKLM\Software\PCTools]
~ Key Software: 333 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/08/2013 - 20:14:35 - [0,310] ----D C:\Program Files\1ClickDownload =>PUP.1ClickDownloader
O43 - CFD: 30/11/2010 - 18:42:58 - [4,548] ----D C:\Program Files\Cabri II Plus 1.3 Plug-in
O43 - CFD: 19/01/2014 - 21:04:38 - [0] ----D C:\Program Files\greEaatsaver =>PUP.GreatSaver
O43 - CFD: 19/09/2012 - 22:34:33 - [4,470] ----D C:\Program Files\GUMEC99.tmp
O43 - CFD: 06/03/2014 - 19:02:57 - [1,611] ----D C:\Program Files\My Lockbox
O43 - CFD: 26/09/2013 - 18:21:26 - [0] ----D C:\Program Files\NetDragon
O43 - CFD: 24/01/2014 - 09:52:21 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 19/10/2010 - 12:31:51 - [0] ----D C:\Program Files\Serge_LAGIER
O43 - CFD: 01/01/2011 - 13:41:23 - [2,114] ----D C:\Program Files\TI83plus
O43 - CFD: 30/10/2013 - 15:46:55 - [8,028] ----D C:\Program Files\Ultima Steganography
O43 - CFD: 25/10/2010 - 11:03:39 - [10,957] ----D C:\Program Files\ÏÑæÓ ÇÌÊãÇÚíÇÊ 4ãÊæÓØ
O43 - CFD: 26/09/2013 - 18:21:57 - [0,147] ----D C:\Program Files\Common Files\NetDragon
O43 - CFD: 02/03/2014 - 18:27:19 - [0] ----D C:\ProgramData\APN
O43 - CFD: 17/11/2011 - 14:10:23 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 29/08/2013 - 19:14:40 - [0] ----D C:\ProgramData\blekko toolbars
O43 - CFD: 04/06/2011 - 20:00:15 - [0,004] ----D C:\ProgramData\E3E7
O43 - CFD: 25/01/2014 - 01:17:31 - [0,003] ----D C:\ProgramData\greEaatsaver =>PUP.GreatSaver
O43 - CFD: 19/01/2014 - 21:02:55 - [0,090] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 30/10/2013 - 15:46:58 - [0] ----D C:\Users\hicham\AppData\Roaming\Enplase
O43 - CFD: 31/12/2012 - 19:52:08 - [0,287] ----D C:\Users\hicham\AppData\Roaming\eType
O43 - CFD: 03/10/2013 - 23:32:40 - [0] ----D C:\Users\hicham\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider
O43 - CFD: 01/06/2011 - 10:42:24 - [32,408] ----D C:\Users\hicham\AppData\Local\BearShare =>PUP.BearShare
O43 - CFD: 21/08/2012 - 16:35:07 - [169,608] ----D C:\Users\hicham\AppData\Local\blekkotb_031 =>Toolbar.Blekko
O43 - CFD: 06/06/2011 - 11:47:57 - [0] ----D C:\Users\hicham\AppData\Local\Conduit
O43 - CFD: 07/03/2014 - 14:40:31 - [0] ----D C:\Users\hicham\AppData\Local\Softonic(30) =>Toolbar.Conduit
O43 - CFD: 01/12/2010 - 19:50:54 - [0,002] ----D C:\Users\hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\abir
O43 - CFD: 27/08/2013 - 19:13:52 - [0,004] ----D C:\Users\hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider
O43 - CFD: 25/10/2010 - 11:03:41 - [0,004] ----D C:\Users\hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÏÑæÓ ÇÌÊãÇÚíÇÊ 4ãÊæÓØ
~ 147 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 459 Legitimates Filtered in 00mn 18s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 12/04/2014 - 20:33:02 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.6FE486AF56CCEF0F1CE8F0D46FEEAE13] - 12/04/2014 - 20:37:26 ---A- . (...) -- C:\ComboFix.txt [22881]
~ Files: 12 Legitimates Filtered in 00mn 01s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [Enabled] .(...) -- C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" [Enabled] .(...) -- C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.)
~ Keys Export: 2 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Apps Hat [Key] . (.Pas de propriétaire - WebPlayer.) -- C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe =>PUP.CrossRider
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.6488153ABD58C75FD21DB4F28C0D03C1] - 08/02/2014 - 19:23:28 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [35272]
O58 - SDL:[MD5.97AFFA9D95FFE20EEE6229BC6BE166CF] - 14/12/2006 - 08:11:58 ---A- . (.ATK0100 - ATK0100 ACPI Utility.) -- C:\Windows\System32\Drivers\ATKACPI.sys [7680]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 18/04/2013 - 19:06:08 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20032]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.4F28652EC514FA1BA473BC1A695A5C98] - 26/03/2012 - 22:45:18 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\Windows\System32\Drivers\hssdrv.sys [37376]
O58 - SDL:[MD5.2714BB9E5C05BEBF8488207A1B5A5F62] - 06/07/2011 - 16:14:42 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [89376]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.27BD4AC228EF6C0D490617C32E86A672] - 03/06/2008 - 07:41:52 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15928]
O58 - SDL:[MD5.C8C9800179AF00C90629514E30873D80] - 23/10/2013 - 14:03:38 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [42592]
O58 - SDL:[MD5.8039F480C192DD99FED4EBC71FFBF795] - 29/05/2008 - 09:21:02 ---A- . (.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) -- C:\Windows\System32\Drivers\lullaby.sys [15416]
O58 - SDL:[MD5.0057F29323C393A35903B4C5DAF9A144] - 09/05/2007 - 08:16:40 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [28160]
O58 - SDL:[MD5.0302BC619D4A723317E7F8EB0C362BD3] - 01/10/2007 - 07:59:46 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1769984]
O58 - SDL:[MD5.D720E872772D004E304FCE0CE54E1F8A] - 21/08/2013 - 05:31:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:[MD5.A1CC726323FB41FFD29F436A77237E41] - 21/08/2013 - 05:31:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:[MD5.6507F48723F8469F783F2EE9D7DCC2DD] - 21/08/2013 - 05:31:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudserd.sys [182680]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.6E421CCC57059B0186C6259CA3B6DFC9] - 13/12/2012 - 12:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.CB79207A1E4F697533678B7DF0C91648] - 30/08/2013 - 19:41:22 ---A- . (...) -- C:\Windows\System32\WinFLAdrv.sys [29184]
O58 - SDL:[MD5.2BD447AA9488959A76508E5F78619FE4] - 17/11/2011 - 14:31:15 ---A- . (...) -- C:\Windows\System32\WinVDEdrv6.sys [188176]
~ Drivers: 17 Legitimates Filtered in 00mn 06s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (SearchGol) - http://www.searchgol.com =>Hijacker.SearchGol
O69 - SBI: SearchScopes [HKCU] {1EB28902-DDED-4161-A41C-4B09F37AEE05} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (EazelBar Search) - http://en.eazel.com =>Hijacker.Eazel
O69 - SBI: SearchScopes [HKCU] {3ea5cc93-e372-4e4d-83b9-793689516a65} - (My Web Search) - http://search.mywebsearch.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (Search) - http://www.bigseekpro.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} - (Web Search) - http://search.bearshare.com =>PUP.BearShare
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (4shared.com Customized Web Search) - http://search.conduit.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1846FB0759537B507EF4EC9101537A7F] [SPRF][05/11/2011] (...) -- C:\ProgramData\aspg.dat [84]
[MD5.FEBC9D70FD372C102C6EA8A3678A2F8F] [SPRF][17/11/2011] (...) -- C:\ProgramData\win_mpwd_sys.dat [1040]
[MD5.CDA12F70283C1D0F08E5E729D8799A23] [SPRF][13/06/2011] (...) -- C:\Users\hicham\AppData\Roaming\ezpinst.exe [81920]
[MD5.A4B57F22B966CF2AC4D48E912C91405E] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\dlmgrsi.sav [26]
[MD5.61DE49C85DA4A9955C07EFD1A7DCAFA6] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\downloads.del.sav [2578]
[MD5.48D84253E78BF809C6981C4F8F90CD54] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\downloads.his.sav [30]
[MD5.110E2D3D6F17B1B88CA034E0DAC4FEB0] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\downloads.sav [67755]
[MD5.EBA28EA6F1F5B044B41D888B644EE8E9] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\groups.sav [288]
[MD5.0EDAECA28DD5C58F56DAC4340DC71A96] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\history.sav [120]
[MD5.4A7A0D3BBF9E718CAE21C949B6DC85D0] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\mctasks.sav [32]
[MD5.7DEA362B3FAC8E00956A4952A3D4F474] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\schedules.sav [8]
[MD5.2F23B46C1B14CBB39F17A297DC6EA2A8] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\sites.sav [20]
[MD5.CC6B55CBF27BD31B51ACA1B1020CEB8E] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\spider.sav [24]
[MD5.441018525208457705BF09A8EE3C1093] [SPRF][07/10/2010] (...) -- C:\Users\hicham\Desktop\uploads.1.sav [20]
[MD5.441018525208457705BF09A8EE3C1093] [SPRF][07/10/2010] (...) -- C:\Users\hicham\Desktop\uploads.2.sav [20]
[MD5.441018525208457705BF09A8EE3C1093] [SPRF][10/11/2010] (...) -- C:\Users\hicham\Desktop\uploads.3.sav [20]
[MD5.F6822375929FCAB91566F627EF962924] [SPRF][11/11/2010] (...) -- C:\Users\hicham\Desktop\uploads.4.sav [20]
~ Files: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{C6FBE567-A3EC-4EAA-86D6-34A60FF3BB22}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{50672315-7E3A-46E9-A736-8D200597A1FC}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{44563047-A875-41DA-AFCD-C2E0326F6C29}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{D1716A4A-A234-4610-B23C-DDCEF492CC54}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "TCP Query User{E168DB5E-95E5-4BB1-A936-190FE36FC7C4}C:\program files\bearshare applications\bearshare\bearshare.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\bearshare applications\bearshare\bearshare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "UDP Query User{1FA2807A-5BF8-4859-B8F7-6F471947DAE0}C:\program files\bearshare applications\bearshare\bearshare.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\bearshare applications\bearshare\bearshare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "TCP Query User{E7A4D1DF-070D-4D35-9C1F-425A311DF57D}C:\program files\nero\nero 7\nero home\nerohome.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\nero\nero 7\nero home\nerohome.exe (.not file.)
O87 - FAEL: "UDP Query User{9DE6DEAF-1360-4502-8093-178224E344CE}C:\program files\nero\nero 7\nero home\nerohome.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\nero\nero 7\nero home\nerohome.exe (.not file.)
O87 - FAEL: "TCP Query User{FE779727-3157-4017-B784-57D00D0754EC}C:\users\hicham\appdata\local\temp\rar$ex00.329\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.329\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{97DFA851-3D7E-4294-AA52-9E22E6FECDE2}C:\users\hicham\appdata\local\temp\rar$ex00.329\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.329\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{DF6DD2AB-E25E-44AC-A347-AB888F3442C1}C:\program files\1clickdownload\1clickdownload.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownload.exe (.not file.) =>PUP.1ClickDownloader
O87 - FAEL: "UDP Query User{FD75A343-E52A-44C9-B7FA-A2FAA2A77ECD}C:\program files\1clickdownload\1clickdownload.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownload.exe (.not file.) =>PUP.1ClickDownloader
O87 - FAEL: "TCP Query User{EC69E83F-A5E4-44C7-AFFC-CB7F1B401BCC}C:\users\hicham\appdata\local\temp\rar$ex00.516\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.516\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{D3B94925-1300-49C6-98C4-81913111AEAD}C:\users\hicham\appdata\local\temp\rar$ex00.516\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.516\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{6D50614C-BB52-4D2F-A8B4-1AAAFD2B6F5A}C:\users\hicham\appdata\local\temp\rar$ex03.922\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex03.922\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{8ADD886B-0DDB-458C-B12F-1477D1C255C2}C:\users\hicham\appdata\local\temp\rar$ex03.922\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex03.922\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{E87C0116-4AC0-497B-BB33-774F17DDA78A}C:\users\hicham\appdata\local\temp\rar$ex23.828\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex23.828\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{8D693FE0-1139-48C3-8670-225A3AB95EA2}C:\users\hicham\appdata\local\temp\rar$ex23.828\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex23.828\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{0F746F28-6E1D-4BC1-91BA-CE47649D7C2D}C:\users\hicham\appdata\local\temp\rar$ex25.188\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex25.188\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{AB6E513B-9BBC-41D3-A256-2F3CF3CCC195}C:\users\hicham\appdata\local\temp\rar$ex25.188\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex25.188\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{63E178CA-1621-4AAD-99F3-2E6595EAF815}C:\users\hicham\appdata\local\temp\rar$ex00.531\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.531\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{F0DDB29F-CAE2-4D44-A2D4-60BF3FE182B6}C:\users\hicham\appdata\local\temp\rar$ex00.531\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.531\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{73DC2058-BC65-444A-B645-E4F7A437CAE3}C:\users\hicham\appdata\local\temp\rar$ex00.469\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.469\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{96346AA0-D63E-4029-9256-3745FDAE01C0}C:\users\hicham\appdata\local\temp\rar$ex00.469\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex00.469\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "TCP Query User{7D936E9B-B063-4B62-BE0E-D2534EC52EE9}C:\users\hicham\appdata\local\temp\rar$ex05.156\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex05.156\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "UDP Query User{6B36DE4A-21DA-4D91-95F7-80A72756C668}C:\users\hicham\appdata\local\temp\rar$ex05.156\redsn0w_win_0.9.10b1\redsn0w.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\hicham\appdata\local\temp\rar$ex05.156\redsn0w_win_0.9.10b1\redsn0w.exe (.not file.)
O87 - FAEL: "{67C3986A-8F97-467B-B47C-F3CC2AB782B5}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe (.not file.)
O87 - FAEL: "TCP Query User{395AA4C0-C7C3-47DD-BF27-E6F05B4F0504}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe (.not file.)
O87 - FAEL: "UDP Query User{88B46CB8-E482-444F-B30D-5494E4715284}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe (.not file.)
~ Firewall: 276 Legitimates Filtered in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.E2DD8F0211DB43D4A6049D83EFBB84D4] [WIS][03/10/2010] (.ATI - Catalyst Control Center.) -- C:\Windows\Installer\39e3f.msi [1041408]
~ WIS: 167 Legitimates Filtered in 00mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 30/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (NMIndexingService) . (...) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 27/01/2014 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05/02/2007 94208 | (ASLDRService) . (...) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 27/05/2008 522792 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 30/08/2013 92360 | (FLService) . (.New Softwares.net.) - C:\Windows\system32\WinFLService.exe
SR - | Auto 26/03/2012 329544 | (HssWd) . (...) - C:\Program Files\Hotspot Shield\bin\hsswd.exe
SR - | Demand 21/02/2014 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 01/10/2010 632792 | (PCToolsSSDMonitorSvc) . (.PC Tools.) - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17/12/2013 5341536 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 08s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by hicham at 13/04/2014 21:46:12

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x8344A916] >> \Device\Harddisk0\DR0[0x87A56AC8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 26 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by hicham at 13/04/2014 21:46:14

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (13/04/2014)
Clés trouvées (Keys found) : 29
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Apps Hat] =>PUP.CrossRider^
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}] =>PUP.Minibar
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}] =>Adware.ToolbarCleaner
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{6e4c89cf-3061-4ee4-b22a-b7a8aaea5cb3}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}] =>PUP.BearShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware.BullseyeToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\blekkotb_031] =>Toolbar.Blekko
[HKCU\Software\PartyGaming] =>Casino.OnlineGames
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Complitly] =>Adware.PredictAd
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AppsHat =>PUP.CrossRider^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\Program Files\1ClickDownload =>PUP.1ClickDownloader^
C:\Program Files\greEaatsaver =>PUP.GreatSaver^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\greEaatsaver =>PUP.GreatSaver^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\hicham\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider^
C:\Users\hicham\AppData\Local\BearShare =>PUP.BearShare^
C:\Users\hicham\AppData\Local\blekkotb_031 =>Toolbar.Blekko^
C:\Users\hicham\AppData\Local\Softonic(30) =>Toolbar.Conduit^
C:\Users\hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider^
C:\Program Files\BearShare Applications =>PUP.BearShare
C:\ProgramData\blekko toolbars =>Toolbar.Blekko
C:\Users\hicham\AppData\Roaming\eType =>Adware.Zugo
C:\Users\hicham\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\hicham\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\hicham\AppData\LocalLow\Minibar =>PUP.Minibar
C:\Users\hicham\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\hicham\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\hicham\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe =>PUP.CrossRider^
[HKCU\Software\BearShare] =>PUP.BearShare^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\Conduit] =>Toolbar.Conduit^
~ Additionnel Scan: 316897 Items scanned in 00mn 27s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader =>PUP.1ClickDownloader
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol
http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/34407192-pup-minibar =>PUP.Minibar
http://nicolascoolman.webs.com/apps/blog/show/33105275-adware-toolbarcleaner =>Adware.ToolbarCleaner
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.Whitesmoke
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/27674245-adware-bullseyetoolbar =>Adware.BullseyeToolbar
http://nicolascoolman.webs.com/apps/blog/show/26828293-adware-zugo =>Adware.Zugo
http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong
~ MSI: 18 link(s) detected in 00mn 00s



~ 1974 Legitimates filtered by white list
End of the scan (682 lines in 03mn 37s)(0)

Publicité


Signaler le contenu de ce document

Publicité