cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.2.5 - Nicolas Coolman (02/01/2014)
~ Lancé par Boujir (06/01/2014 20:09:18)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)
GCIE: Google Chrome v31.0.1650.63

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : PMJBM
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Kaspersky Internet Security 2012 v12.0.0.374
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.27 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071.2 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 189 GB (79%) free of 236 GB

---\\ Mode de connexion au système
~ Computer Name: BOUJIR-PC
~ User Name: Boujir
~ All Users Names: UpdatusUser, HomeGroupUser$, Boujir, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Boujir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Boujir\AppData\Roaming\
~ %Desktop% : C:\Users\Boujir\Desktop\
~ %Favorites% : C:\Users\Boujir\Favorites\
~ %LocalAppData% : C:\Users\Boujir\AppData\Local\
~ %StartMenu% : C:\Users\Boujir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 189 Go of 236 Go)
D: Hard drive, Flash drive, Thumb drive (Free 107 Go of 131 Go)
E: Hard drive, Flash drive, Thumb drive (Free 89 Go of 99 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 06:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.6DD03008047432CD4192DD869CBBC485] - (.Microsoft Corporation - Microsoft Tablet PC Component.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [1536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/12/2013 - 10:38:51.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 08:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 08:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 08:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/221
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 2/4576
~ Mon Bureau (My Desktop) : 2/639
~ Menu demarrer (Programs) : 1/53
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lancés
[MD5.DE09BEC7B6F8AA3354DE5E663218B8CA] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe [4180256] [PID.2184] =>Toolbar.Conduit
[MD5.0C0D9A079675E93DEE6BE74E237CC697] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe [2849056] [PID.3920] =>Toolbar.Conduit
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2440]
[MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.1900]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.4072]
[MD5.15378E660B6ECFE704074748E050B056] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896] [PID.4292]
[MD5.98F101E69EA59EFAE909EEDD16E434B5] - (.Gsi Technologies - Pas de description.) -- C:\Program Files\Golden Filter Premium\GFPro.exe [1650688] [PID.4360]
[MD5.B359E8976725CC3F045984851EB90284] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.5272]
[MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.5812]
[MD5.BAF49F90F6F5C212F16A3953335ED8A6] - (...) -- C:\Program Files\Le Robert\Le Petit Robert\PRHYPER.exe [22560] [PID.5260]
[MD5.664FE4DBE0EED8AD9DC9A618057CF596] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3595856] [PID.5500]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2144]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.4376]
[MD5.6DA96FB61AFD0D868BE1172B593C04F3] - (.Pas de propriétaire - mywifi2.) -- C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe [537600] [PID.4608]
[MD5.001C8273B6A21A4B8DA10CDCE833EC4A] - (.Gsi Technologies - Pas de description.) -- C:\Windows\system32\mssvr32.exe [77824] [PID.5404]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [268248] [PID.4700]
[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.4264]
[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.5392]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4440]
[MD5.81DAF0A1CAA34875C2CAC3BDAEC6FB6B] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Boujir\AppData\Roaming\uTorrent\uTorrent.exe [1142864] [PID.5824] =>P2P.BitTorrent
[MD5.486BDC196F8914845302745A15310D62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8321024] [PID.5728]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.7552]
[MD5.78405310A9DB8D3CBF27432ED5393F71] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe [131472] [PID.4560]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Boujir\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] http://search.conduit.com
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Boujir\AppData\Roaming\Mozilla\Firefox\Profiles\ae1q9x0r.default\prefs.js
M3 - MFPP: Plugins - [Boujir] -- C:\Users\Boujir\AppData\Roaming\Mozilla\Firefox\Profiles\ae1q9x0r.default\searchplugins\conduit-search.xml =>Toolbar.Conduit
M0 - MFSP: prefs.js [Boujir - ae1q9x0r.default] http://www.startimes.com
M2 - MFEP: prefs.js [Boujir - ae1q9x0r.default\{96f454ea-9d38-474f-b504-56193e00c1a5}] [] uTorrentControl_v6 v10.23.0.722 (..) =>P2P.µTorrent
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 5



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Achat de fournitures HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: anglaisfacile.com.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- D:\logiciels\anglaisfacile.com.URL
O4 - GS\Desktop [Public]: Configuration du routeur.lnk . (.SAGEM - Pas de description.) -- C:\Program Files\SAGEM\SAGEM F@st 3304\RunHttpCfg.exe C:\Program Files\SAGEM\SAGEM F@st 3304\RunHttpCfg.exe -I
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Le Petit Robert.lnk . (.Dictionnaires Le Robert - Le Petit Robert de la langue française.) -- C:\Program Files\Le Robert\Le Petit Robert\pr1.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PdfGrabber 7.0.lnk . (.PixelPlanet - Pas de description.) -- C:\Program Files\PixelPlanet\PdfGrabber 7.0\PdfGrabber.exe
O4 - GS\Desktop [Public]: Who Is On My Wifi.lnk . (...) -- C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Desktop [Public]: YouTubeGet.lnk . (.YoutubeGet.com - download youtube videos from YouTube.com an.) -- C:\YouTubeGet\YouTubeGet.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [UpdatusUser]: uTorrent Turbo Booster.lnk . (...) -- C:\Program Files\uTorrent Turbo Booster\uTorrent Turbo Booster.exe (.not file.) =>P2P.µTorrent
O4 - GS\QuickLaunch [Boujir]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Boujir]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Boujir]: PDF Suite.lnk . (.Interactive Brands Inc. - PDF Suite Application.) -- C:\Program Files\PDF Suite 2011\PDF Suite.exe
O4 - GS\QuickLaunch [Boujir]: uTorrent Turbo Booster.lnk . (...) -- C:\Program Files\uTorrent Turbo Booster\uTorrent Turbo Booster.exe (.not file.) =>P2P.µTorrent
O4 - GS\QuickLaunch [Boujir]: YouTubeGet.lnk . (.YoutubeGet.com - download youtube videos from YouTube.com an.) -- C:\YouTubeGet\YouTubeGet.exe
O4 - GS\QuickLaunch [Boujir]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Boujir\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Boujir]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Boujir]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Boujir]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Boujir]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Boujir]: DllSuite.lnk . (...) -- C:\Program Files\DLLSuite\2013\DLLSuite.exe
O4 - GS\Desktop [Boujir]: FreeCell.lnk - Clé orpheline
O4 - GS\Desktop [Boujir]: GEXAWIN V 2.0.LNK . (.MENJ DELEGATION DE SETTAT - Pas de description.) -- C:\Program Files\GEXAWIN V 2.0\gexawin.exe
O4 - GS\Desktop [Boujir]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Boujir]: Loops 2013.lnk . (...) -- C:\Program Files\Loops\LOOPS.exe
O4 - GS\Desktop [Boujir]: Passware Kit Enterprise Demo 12.3.lnk . (.Passware - All-in-one password recovery and encryption.) -- C:\Program Files\Passware\Passware Kit 12 Demo\PasswareKitEnterprise.exe
O4 - GS\Desktop [Boujir]: Photo DVD Maker Professional.lnk . (.http://www.photo-dvd-maker.com - Photo DVD Maker Professional.) -- C:\Program Files\AnvSoft\Photo DVD Maker Professional\DVDPhotoMaker.exe
O4 - GS\Desktop [Boujir]: SuperCopier2.lnk . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - GS\Desktop [Boujir]: Your Unin-staller!.lnk . (.URSoft,Inc - Your Uninstaller! - New way to uninstall pr.) -- C:\Program Files\Your Uninstaller 2010\urmain.exe
O4 - GS\Desktop [Boujir]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Boujir\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Boujir]: المسائل حلول2 - Raccourci.lnk . (...) -- C:\Users\Boujir\Documents\Dossier pédagogique\Documents pédagogique\المسائل حلول2.docx
O4 - GS\Desktop [Boujir]: لمسائل حلول1 - Raccourci.lnk . (...) -- C:\Users\Boujir\Documents\Dossier pédagogique\Documents pédagogique\لمسائل حلول1.docx
~ Global Startup: 96 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [Public]: Who Is On My Wifi.lnk . (...) -- C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [GoldenFilterPro] . (.Gsi Technologies - Pas de description.) -- C:\Program Files\Golden Filter Premium\GFPro.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [PixelPlanet PdfPrinter-Monitor] . (.PixelPlanet GmbH - PixelPlanet PdfPrinter Monitor.) -- C:\Program Files\Common Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] . (...) -- C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Boujir\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3814337603-3708613749-4013974593-1001\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-3814337603-3708613749-4013974593-1001\..\Run: [Le Petit Robert Hyperappel] . (...) -- C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKUS\S-1-5-21-3814337603-3708613749-4013974593-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3814337603-3708613749-4013974593-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3814337603-3708613749-4013974593-1001\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Boujir\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F21E27-34F3-4E8A-8EEF-EDD6BDAB1846}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{85F21E27-34F3-4E8A-8EEF-EDD6BDAB1846}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{85F21E27-34F3-4E8A-8EEF-EDD6BDAB1846}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect by Conduit Service (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
~ Services: 13 Legitimates Filtered in 00mn 15s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{01C6E502-E776-4E77-BEDB-A8139C2EF67E}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0978D3BA-14EB-4D41-96D9-711F8F98BAF6}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{13EDEEB5-D52A-4C77-B9B4-6D35B4CCB31D}] (...) -- C:\Program Files\eMule\emule.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2CC9BA84-4767-44A8-8D16-03F8B5FCCBD4}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{407A19C5-9E4F-4A56-85E8-622517839B1E}] (...) -- F:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4995EA1F-753F-4F5A-9B7E-EE07A0A47603}] (...) -- C:\Users\Boujir\Desktop\GoogleEarthPortable.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4C4061BF-2AD0-4D0A-8338-D82FAF0B43F6}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6AA3DA96-A913-4080-B4C8-F995FFA1ADED}] (...) -- C:\Users\Boujir\Desktop\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.BB7787EFCB9D35177E26A5758F53CF29] [APT] [{775C39DF-91BF-4490-B2EF-254632A4F2D1}] (...) -- C:\Program Files\DLLSuite\2013\DLLSuite.exe [7458816]
[MD5.00000000000000000000000000000000] [APT] [{7A4754CC-4DB9-4EEC-B532-4CB54D678DDA}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7CE6F154-4309-4156-B875-0F642A6909CF}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.F6987FF6C6D683F79FDCE707B071A997] [APT] [{964E7430-6284-4A43-8203-A07243995DFD}] (.SFX TEAM.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392]
[MD5.00000000000000000000000000000000] [APT] [{96685495-C81C-4125-9465-693552F3BFD8}] (...) -- C:\Users\Boujir\Desktop\eMule0.48a-Installer2.exe (.not file.) [0]
[MD5.6DA96FB61AFD0D868BE1172B593C04F3] [APT] [{B00536EA-332F-40A8-BB3E-C54994086A58}] (...) -- C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe [537600]
[MD5.00000000000000000000000000000000] [APT] [{B1FAC15F-003D-4D21-A4C3-56B8335E9DF9}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BEDD3D56-5F0C-4D42-A547-C940725E64D3}] (...) -- C:\Program Files\Ufasoft\SocksChain\SocksChain.exe (.not file.) [0]
[MD5.BB7787EFCB9D35177E26A5758F53CF29] [APT] [{F0E4BDCB-1FA6-4829-BFA2-74BBD3ACADE5}] (...) -- C:\Program Files\DLLSuite\2013\DLLSuite.exe [7458816]
[MD5.00000000000000000000000000000000] [APT] [{F135B5ED-8561-49D5-9B60-9CF59149B787}] (...) -- C:\Program Files\Encyclopaedia Universalis 2013\Encyclopaedia Universalis 2013\universalis2013.exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 05s



---\\ Logiciels installés (O42)
O42 - Logiciel: GEXAWIN V 2.0 - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Loops - (...) [HKCU] -- Loops
O42 - Logiciel: PdfGrabber 7.0 (32bit) - (.PixelPlanet.) [HKLM] -- {01517A48-9217-431B-821C-F89F53918E3D}
O42 - Logiciel: Who Is On My Wifi version 2.1.2 - (.IO3O LLC.) [HKLM] -- {010D45A1-093D-4534-8147-4E10E80F81CC}_is1
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\APN]
~ Key Software: 224 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/11/2013 - 16:30:03 - [4.069] ----D C:\Program Files\GEXAWIN V 2.0
O43 - CFD: 11/06/2013 - 19:35:45 - [2.682] RSHAD C:\Program Files\Golden Filter Premium
O43 - CFD: 11/06/2013 - 19:14:18 - [1.784] RSHAD C:\Program Files\Golden Filter Pro
O43 - CFD: 18/06/2013 - 11:13:56 - [3.284] ----D C:\Program Files\Loops
O43 - CFD: 04/06/2013 - 19:20:17 - [0] ----D C:\Program Files\SocksCapV2
O43 - CFD: 02/07/2013 - 11:15:51 - [0.309] ----D C:\Program Files\Toolbar
O43 - CFD: 06/01/2014 - 17:13:46 - [1.228] ----D C:\Users\Boujir\AppData\Roaming\newnext.me
O43 - CFD: 04/01/2014 - 15:07:09 - [1.224] ----D C:\Users\Boujir\AppData\Local\genienext
O43 - CFD: 13/11/2013 - 16:29:34 - [0] ----D C:\Users\Boujir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GEXAWIN V 2.0
O43 - CFD: 18/06/2013 - 11:12:58 - [0.003] ----D C:\Users\Boujir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Loops
~ Program Folder: 187 Legitimates Filtered in 00mn 11s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A103FDF7348130EF3F3FEF56B1700A27] - 04/01/2014 - 15:06:39 ---A- . (...) -- C:\END [9]
~ Files: 8 Legitimates Filtered in 00mn 08s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 01:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 22:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.2AA2C79B9E39C2FCBE0670AECC5B4361] - 27/06/2013 - 09:57:42 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [104928]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 29/06/2013 - 12:37:37 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 29/06/2013 - 20:44:21 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 01:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 29/06/2013 - 18:48:02 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 28/06/2013 - 12:12:09 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 28/06/2013 - 12:12:26 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 21:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 21:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 21:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 21:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 21:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 21:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 21:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 21:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 21:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 21:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 21:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 21:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 21:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/06/2013 - C:\Windows\System32\DRIVERS\idmwfp.sys (IDMWFP) .(.Tonec Inc. - Internet Download Manager WFP Driver.) - LEGACY_IDMWFP
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 117 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("CT3289075.https___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJh[...]
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("CT3289075.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3289075&octid=CT[...]
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("browser.newtab.url", "http://search.conduit.com/?ctid=CT3319415&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1[...]
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("browser.startup.homepage", "http://www.startimes.com/f.aspx?t=33759585&pg=3|http://search.conduit.com/?ctid=CT3319415&o[...]
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.cbid", "^EW");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.crumb", "2013.08.06+10.04.03-dubprdapntlfe13-MA-Q2FzYWJsYW5jYSxNb3JvY2Nv");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.dtid", "^YYYYYY^YY^MA");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.ff-original-keyword-url", "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=[...]
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.guid", "CEBE2562-34CC-4A29-B4B1-F512D77CFBAE");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.if", "first");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.locale", "fr_US");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.location", "Casablanca,Morocco");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.o", "101913");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.sa", "YES");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.saguid", "A4B24D5A-8432-4D64-9DD5-AE9B4AABCA22");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.search-suggestions-enabled", true);
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.slwo", "1");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.themeid", "");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("extensions.asktb.version", "5.12.5.17640");
O69 - SBI: prefs.js [Boujir - ae1q9x0r.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4BBC7C07-45C4-436D-883C-F716C6E19AA6} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
D:\logiciels\Keygen TMG 2012 WinZip 17.zip
~ Files: Scanned in 00mn 10s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.E90240DE9D6BA4EE651DE15C9936887C] [SPRF][06/01/2014] (...) -- C:\Users\Boujir\AppData\Local\Temp\NitroSysFonts01.dat [1818199]
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nskA1FE.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nskADE2.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nskEC0C.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nspF1A8.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nsuA807.exe [167812] =>Toolbar.Conduit
[MD5.C67BCF6441E378371F0D6EEFB7EF0861] [SPRF][16/12/2013] (.Conduit - SP Usage Sender.) -- C:\Users\Boujir\AppData\Local\Temp\nsvE632.exe [167812] =>Toolbar.Conduit
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{F6E532B7-EB01-4980-B1E9-2FD9AD604FF4}C:\program files\passware\passware kit 12 demo\passwarekitenterprise.exe" | In - Private - P6 - TRUE | .(.Passware - All-in-one password recovery and encryption scanning tool.) -- C:\program files\passware\passware kit 12 demo\passwarekitenterprise.exe
O87 - FAEL: "UDP Query User{5E26BB7B-EFB9-477C-9EE0-C6E444988A77}C:\program files\passware\passware kit 12 demo\passwarekitenterprise.exe" | In - Private - P17 - TRUE | .(.Passware - All-in-one password recovery and encryption scanning tool.) -- C:\program files\passware\passware kit 12 demo\passwarekitenterprise.exe
~ Firewall: 207 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "84A715107129B13428C18FF93519E8D3" . (.PdfGrabber 7.0 (32bit).) -- C:\Windows\Installer\{01517A48-9217-431B-821C-F89F53918E3D}\ARPPRODUCTICON.exe
O90 - PUC: "98488E8B403A1F547971420253ED61D7" . (.PixelPlanet PdfPrinter 6 (32bit).) -- C:\Windows\Installer\{B8E88489-A304-45F1-9717-242035DE167D}\ARPPRODUCTICON.exe
~ Update Products: 65 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D49EBC7800F1633E4F6DA46882CC0ECD] [WIS][04/01/2014] (.PixelPlanet - PdfGrabber.) -- C:\Windows\Installer\5eddd5.msi [36397568]
[MD5.760AA99C22C9918EFB96EA72E526CFD6] [WIS][06/08/2013] (.Ask.com - Blank Project Template.) -- C:\Windows\Installer\c6d49a.msi [3352576]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\de7f42.msi [459264]
[MD5.164AD3DD072EBDFF89CF4F47CE6658BA] [WIS][13/05/2013] (.Passware - Passware Kit Enterprise Demo 12.3 installation package.) -- C:\Windows\Installer\e632ba.msi [42860544]
~ WIS: 71 Legitimates Filtered in 00mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 03/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files\WinPcap\rpcapd.exe
SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 04/03/2013 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
SR - | Auto 16/12/2013 2251552 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe =>Toolbar.Conduit
SR - | Demand 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 25/03/2013 196616 | (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
SR - | Auto 27/07/2013 14592288 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 21/06/2013 640288 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 27/07/2013 1889568 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 13/10/2010 791360 | (PDF Suite 2011 Service) . (.Interactive Brands Inc..) - C:\Program Files\PDF Suite 2011\ConversionService.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/06/2013 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Boujir at 06/01/2014 20:11:23

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
C:\Windows\system32\drivers\iaStorV.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82C55BBA] >> \Device\Harddisk0\DR0[0x87570030]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Boujir at 06/01/2014 20:11:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13018 - (02/01/2014)
Clés trouvées (Keys found) : 28
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 16

[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =>Toolbar.Conduit^
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV
C:\Users\Boujir\AppData\Roaming\Mozilla\Firefox\Profiles\ae1q9x0r.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} =>P2P.µTorrent^
C:\Program Files\SearchProtect =>Toolbar.Conduit
C:\Users\Boujir\AppData\Local\SearchProtect =>Toolbar.Conduit
C:\Users\Boujir\AppData\Roaming\Mozilla\Firefox\Profiles\ae1q9x0r.default\Smartbar =>Hijacker.SmartBar
C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^
C:\Program Files\SearchProtect\UI\bin\cltmngui.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nskA1FE.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nskADE2.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nskEC0C.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nspF1A8.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nsuA807.exe =>Toolbar.Conduit^
C:\Users\Boujir\AppData\Local\Temp\nsvE632.exe =>Toolbar.Conduit^
~ Additionnel Scan: 239510 Items scanned in 00mn 26s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27660150-hijacker-torntv =>Hijacker.TornTV
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ MSI: 5 link(s) detected in 00mn 26s



~ 1070 Legitimates filtered by white list
End of the scan (618 lines in 02mn 34s)(1)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !