Qui peut m aider a interpreter ce rapport?.
biman
Messages postés
718
Date d'inscription
Statut
Membre
Dernière intervention
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:20, on 07/04/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mohamed\Downloads\hijackthis_telechargement_01net.exe
C:\Users\mohamed\AppData\Local\Temp\01net\HiJackThis.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/?pc=BB07
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:20, on 07/04/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mohamed\Downloads\hijackthis_telechargement_01net.exe
C:\Users\mohamed\AppData\Local\Temp\01net\HiJackThis.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/?pc=BB07
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
A voir également:
- Qui peut m aider a interpreter ce rapport?.
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- En préparant son diaporama, tom a pris quelques notes qui l'aideront lors de sa présentation. quand il présentera l'âne, il a prévu de raconter une anecdote sur cet animal. comment s'appelle l'âne de son histoire ? - Forum Windows
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
15 réponses
bonjour, il faudrait mettre ton anti-virus à jour car
pareil pour mozilla car tu as la 4 et moi la 11 !!
et windows tu devrais avoir le sp1 de seven !!
et adobe reader version 9 il faudra le désinstaller et installer la version 10 !!
bon vu ton zhpdiag je te conseillerait de passer adw-cleaner mode SUPPRESSION
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Avast4moi c'est la version 7 que j'ai ??
pareil pour mozilla car tu as la 4 et moi la 11 !!
et windows tu devrais avoir le sp1 de seven !!
et adobe reader version 9 il faudra le désinstaller et installer la version 10 !!
bon vu ton zhpdiag je te conseillerait de passer adw-cleaner mode SUPPRESSION
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
# AdwCleaner v1.505 - Rapport créé le 07/04/2012 à 23:34:00
# Mis à jour le 07/04/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : mohamed - MOHAMED-PC
# Exécuté depuis : C:\Users\mohamed\Downloads\adwcleaner (1).exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\mohamed\AppData\Roaming\GetRightToGo
Dossier Supprimé : C:\Users\mohamed\AppData\Local\Agence-Exclusive
Dossier Supprimé : C:\Users\mohamed\AppData\LocalLow\SweetIM
***** [H. Navipromo] *****
***** [Registre] *****
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v4.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\mohamed\AppData\Roaming\Mozilla\FireFox\Profiles\smq9n2v6.default\prefs.js
[OK] Le fichier ne contient aucune entrée illégitime.
-\\ Google Chrome v18.0.1025.151
Fichier : C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[R1].txt - [6048 octets] - [06/04/2012 21:57:18]
AdwCleaner[S1].txt - [6194 octets] - [06/04/2012 22:01:18]
AdwCleaner[S2].txt - [1038 octets] - [06/04/2012 23:13:58]
AdwCleaner[S3].txt - [1580 octets] - [07/04/2012 23:34:00]
########## EOF - C:\AdwCleaner[S3].txt - [1708 octets] ##########
# Mis à jour le 07/04/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : mohamed - MOHAMED-PC
# Exécuté depuis : C:\Users\mohamed\Downloads\adwcleaner (1).exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\mohamed\AppData\Roaming\GetRightToGo
Dossier Supprimé : C:\Users\mohamed\AppData\Local\Agence-Exclusive
Dossier Supprimé : C:\Users\mohamed\AppData\LocalLow\SweetIM
***** [H. Navipromo] *****
***** [Registre] *****
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
***** [Navigateurs] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v4.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\mohamed\AppData\Roaming\Mozilla\FireFox\Profiles\smq9n2v6.default\prefs.js
[OK] Le fichier ne contient aucune entrée illégitime.
-\\ Google Chrome v18.0.1025.151
Fichier : C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[R1].txt - [6048 octets] - [06/04/2012 21:57:18]
AdwCleaner[S1].txt - [6194 octets] - [06/04/2012 22:01:18]
AdwCleaner[S2].txt - [1038 octets] - [06/04/2012 23:13:58]
AdwCleaner[S3].txt - [1580 octets] - [07/04/2012 23:34:00]
########## EOF - C:\AdwCleaner[S3].txt - [1708 octets] ##########
bonjour, relance zhpdiag et postes le nouveau rapport , merci
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rapport de ZHPDiag v1.30.01 par Nicolas Coolman, Update du 06/04/2012
Run by mohamed at 08/04/2012 12:17:09
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.F0CE586AEAF318BDDD443651A2E672E7] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe [646144] [PID.]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.4EADA484E5F7E04CDEEF95030DA4B05C] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.AB875B402869CDF8204D1E9880BFAD43] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [15146376] [PID.]
[MD5.60A00D46783DC8867A11654C5E528BBE] - (.ToniArts - EasyCleaner executable.) -- C:\Users\mohamed\AppData\Local\Temp\Temp1_EClea2_0.zip\EasyClea.exe [2117632] [PID.]
[MD5.15906BF3C9B879AC3C4B05D595EB2F26] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [73088] [PID.]
[MD5.96C93AB890C1A1A766D8CB56012817D9] - (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe [2467648] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 13s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,706] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 08/04/2012 - 12:17:37 - [11,409] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [170,142] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 08/04/2012 - 12:15:00 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,587] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [149,501] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 08/04/2012 - 08:28:42 - [0,090] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,296] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,686] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 08/04/2012 - 12:05:59 - [3,889] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [259,661] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [283,833] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [113,122] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 08/04/2012 - 12:16:10 - [75,377] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 20s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.64787FBCE07E4A818C2EFD0CA4134EAA] - 08/04/2012 - 08:42:55 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1131092]
O44 - LFC:[MD5.72E409F8E31825C5DDEF01A1C2606F77] - 08/04/2012 - 08:38:19 ---A- . (...) -- C:\Windows\setupact.log [538]
O44 - LFC:[MD5.8CEED5300325A5B2584B1C28D3EBD212] - 08/04/2012 - 08:38:08 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2012 - 21:44:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [0]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.3C28F4D6375C38CE987D158D685CC7D2] - 07/04/2012 - 17:12:44 ---A- . (...) -- C:\Windows\PFRO.log [888]
O44 - LFC:[MD5.B37B8BFD56548C86A9D87FCF3F3D2014] - 07/04/2012 - 06:43:17 ---A- . (...) -- C:\TDSSKiller.2.7.26.0_07.04.2012_07.41.34_log.txt [118874]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2012 - 21:43:41 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 08s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.062287CEE536E8AF6680D33259DE6BD6] - 17/08/2009 - 17:05:37 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.04F457E183DCBA69DF20793CD9345768] - 17/08/2009 - 17:05:24 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.06B360D8179959798D2BF054437DF923] - 17/08/2009 - 17:04:29 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23152]
O58 - SDL:[MD5.045ED8EF540E69A41E9C0E255FBAF0C0] - 17/08/2009 - 17:05:52 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.2410F10FAA00F222B3A29308741598D6] - 17/08/2009 - 17:04:40 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51376]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI S
Run by mohamed at 08/04/2012 12:17:09
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.F0CE586AEAF318BDDD443651A2E672E7] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe [646144] [PID.]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.4EADA484E5F7E04CDEEF95030DA4B05C] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.AB875B402869CDF8204D1E9880BFAD43] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [15146376] [PID.]
[MD5.60A00D46783DC8867A11654C5E528BBE] - (.ToniArts - EasyCleaner executable.) -- C:\Users\mohamed\AppData\Local\Temp\Temp1_EClea2_0.zip\EasyClea.exe [2117632] [PID.]
[MD5.15906BF3C9B879AC3C4B05D595EB2F26] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [73088] [PID.]
[MD5.96C93AB890C1A1A766D8CB56012817D9] - (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe [2467648] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 13s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,706] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 08/04/2012 - 12:17:37 - [11,409] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [170,142] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 08/04/2012 - 12:15:00 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,587] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [149,501] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 08/04/2012 - 08:28:42 - [0,090] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,296] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,686] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 08/04/2012 - 12:05:59 - [3,889] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [259,661] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [283,833] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [113,122] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 08/04/2012 - 12:16:10 - [75,377] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 20s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.64787FBCE07E4A818C2EFD0CA4134EAA] - 08/04/2012 - 08:42:55 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1131092]
O44 - LFC:[MD5.72E409F8E31825C5DDEF01A1C2606F77] - 08/04/2012 - 08:38:19 ---A- . (...) -- C:\Windows\setupact.log [538]
O44 - LFC:[MD5.8CEED5300325A5B2584B1C28D3EBD212] - 08/04/2012 - 08:38:08 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2012 - 21:44:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [0]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.3C28F4D6375C38CE987D158D685CC7D2] - 07/04/2012 - 17:12:44 ---A- . (...) -- C:\Windows\PFRO.log [888]
O44 - LFC:[MD5.B37B8BFD56548C86A9D87FCF3F3D2014] - 07/04/2012 - 06:43:17 ---A- . (...) -- C:\TDSSKiller.2.7.26.0_07.04.2012_07.41.34_log.txt [118874]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2012 - 21:43:41 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 08s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.062287CEE536E8AF6680D33259DE6BD6] - 17/08/2009 - 17:05:37 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.04F457E183DCBA69DF20793CD9345768] - 17/08/2009 - 17:05:24 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.06B360D8179959798D2BF054437DF923] - 17/08/2009 - 17:04:29 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23152]
O58 - SDL:[MD5.045ED8EF540E69A41E9C0E255FBAF0C0] - 17/08/2009 - 17:05:52 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.2410F10FAA00F222B3A29308741598D6] - 17/08/2009 - 17:04:40 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51376]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI S
bonjour, pourrais tu suivre la procédure et posterpar le biais d'un hébergeur !! comme tu as fais pour le premier , merci
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
apport de ZHPDiag v1.30.01 par Nicolas Coolman, Update du 06/04/2012
Run by mohamed at 08/04/2012 12:17:09
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.F0CE586AEAF318BDDD443651A2E672E7] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe [646144] [PID.]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.4EADA484E5F7E04CDEEF95030DA4B05C] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.AB875B402869CDF8204D1E9880BFAD43] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [15146376] [PID.]
[MD5.60A00D46783DC8867A11654C5E528BBE] - (.ToniArts - EasyCleaner executable.) -- C:\Users\mohamed\AppData\Local\Temp\Temp1_EClea2_0.zip\EasyClea.exe [2117632] [PID.]
[MD5.15906BF3C9B879AC3C4B05D595EB2F26] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [73088] [PID.]
[MD5.96C93AB890C1A1A766D8CB56012817D9] - (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe [2467648] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 13s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,706] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 08/04/2012 - 12:17:37 - [11,409] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [170,142] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 08/04/2012 - 12:15:00 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,587] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [149,501] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 08/04/2012 - 08:28:42 - [0,090] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,296] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,686] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 08/04/2012 - 12:05:59 - [3,889] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [259,661] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [283,833] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [113,122] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 08/04/2012 - 12:16:10 - [75,377] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 20s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.64787FBCE07E4A818C2EFD0CA4134EAA] - 08/04/2012 - 08:42:55 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1131092]
O44 - LFC:[MD5.72E409F8E31825C5DDEF01A1C2606F77] - 08/04/2012 - 08:38:19 ---A- . (...) -- C:\Windows\setupact.log [538]
O44 - LFC:[MD5.8CEED5300325A5B2584B1C28D3EBD212] - 08/04/2012 - 08:38:08 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2012 - 21:44:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [0]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.3C28F4D6375C38CE987D158D685CC7D2] - 07/04/2012 - 17:12:44 ---A- . (...) -- C:\Windows\PFRO.log [888]
O44 - LFC:[MD5.B37B8BFD56548C86A9D87FCF3F3D2014] - 07/04/2012 - 06:43:17 ---A- . (...) -- C:\TDSSKiller.2.7.26.0_07.04.2012_07.41.34_log.txt [118874]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2012 - 21:43:41 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 08s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.062287CEE536E8AF6680D33259DE6BD6] - 17/08/2009 - 17:05:37 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.04F457E183DCBA69DF20793CD9345768] - 17/08/2009 - 17:05:24 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.06B360D8179959798D2BF054437DF923] - 17/08/2009 - 17:04:29 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23152]
O58 - SDL:[MD5.045ED8EF540E69A41E9C0E255FBAF0C0] - 17/08/2009 - 17:05:52 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.2410F10FAA00F222B3A29308741598D6] - 17/08/2009 - 17:04:40 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51376]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.8B7C1768D2CDE2E02E09A66563DDFD16] - 03/08/2007 - 04:36:10 -
Run by mohamed at 08/04/2012 12:17:09
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 05s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/16
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.F0CE586AEAF318BDDD443651A2E672E7] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\System32\osk.exe [646144] [PID.]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.4EADA484E5F7E04CDEEF95030DA4B05C] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.AB875B402869CDF8204D1E9880BFAD43] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [15146376] [PID.]
[MD5.60A00D46783DC8867A11654C5E528BBE] - (.ToniArts - EasyCleaner executable.) -- C:\Users\mohamed\AppData\Local\Temp\Temp1_EClea2_0.zip\EasyClea.exe [2117632] [PID.]
[MD5.15906BF3C9B879AC3C4B05D595EB2F26] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe [73088] [PID.]
[MD5.96C93AB890C1A1A766D8CB56012817D9] - (.Piriform Ltd - Defraggler.) -- C:\Program Files\Defraggler\Defraggler.exe [2467648] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 06s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 13s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 02s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,706] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 08/04/2012 - 12:17:37 - [11,409] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [170,142] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 08/04/2012 - 12:15:00 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,587] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [149,501] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 08/04/2012 - 08:28:42 - [0,090] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,296] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,686] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 08/04/2012 - 12:05:59 - [3,889] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [259,661] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [283,833] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [113,122] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 08/04/2012 - 12:16:10 - [75,377] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 20s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.64787FBCE07E4A818C2EFD0CA4134EAA] - 08/04/2012 - 08:42:55 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1131092]
O44 - LFC:[MD5.72E409F8E31825C5DDEF01A1C2606F77] - 08/04/2012 - 08:38:19 ---A- . (...) -- C:\Windows\setupact.log [538]
O44 - LFC:[MD5.8CEED5300325A5B2584B1C28D3EBD212] - 08/04/2012 - 08:38:08 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2012 - 21:44:27 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [0]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.3C28F4D6375C38CE987D158D685CC7D2] - 07/04/2012 - 17:12:44 ---A- . (...) -- C:\Windows\PFRO.log [888]
O44 - LFC:[MD5.B37B8BFD56548C86A9D87FCF3F3D2014] - 07/04/2012 - 06:43:17 ---A- . (...) -- C:\TDSSKiller.2.7.26.0_07.04.2012_07.41.34_log.txt [118874]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2012 - 21:43:41 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 08s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.062287CEE536E8AF6680D33259DE6BD6] - 17/08/2009 - 17:05:37 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.04F457E183DCBA69DF20793CD9345768] - 17/08/2009 - 17:05:24 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.06B360D8179959798D2BF054437DF923] - 17/08/2009 - 17:04:29 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23152]
O58 - SDL:[MD5.045ED8EF540E69A41E9C0E255FBAF0C0] - 17/08/2009 - 17:05:52 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.2410F10FAA00F222B3A29308741598D6] - 17/08/2009 - 17:04:40 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [51376]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.8B7C1768D2CDE2E02E09A66563DDFD16] - 03/08/2007 - 04:36:10 -
soit simpa de suivre la procédure pour nous poster le lien afin que nous puissions lire le rapport en entier !! passes par cijoint ou autre pour t'aider au ou https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
tu fais zhpfix comme expliqué
. Copie les lignes suivantes en GRAS entre les deux lignes
__________________________________________________________
SysRestore
FirewallRAZ
EmptyFlash
EmptyTemp
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.) => Fichier absent
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA} => Toolbar.SweetIM
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF} => Empty Folder not necessary
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF} => Empty Folder not necessary
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com => Infection BT (Adware.QuestScan)
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com => Infection BT (Adware.QuestScan)
O87 - FAEL: "{71604BA7-2000-43B9-BF71-618CAA76F05C}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{70F5ADAD-5D9A-4933-A0F7-BD5CB65F6354}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{442D18FC-E975-4F09-A2D5-6F6E9F739368}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{786968A3-139D-4F96-9CFE-B6E445F0514C}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{6E1BDB16-830B-4301-B544-9AC9692AF6DE}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (1).exe (.not file.) => Fichier absent
O87 - FAEL: "{86DF7061-AF69-4499-BB15-9E5C3C457944}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (1).exe (.not file.) => Fichier absent
O87 - FAEL: "{7C1E8F0C-7741-4706-8344-3C205ACC6CFF}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (3).exe (.not file.) => Fichier absent
O87 - FAEL: "{68DD3093-0DE6-4D08-BD6C-78FF975E3E77}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (3).exe (.not file.) => Fichier absent
O87 - FAEL: "{7B6B5751-BD5F-47F3-AB91-F97BCB83F07E}" |In - None - P17 - TRUE | .(...) -- C:\Windows\System32\skype.exe (.not file.) => Fichier absent
O87 - FAEL: "{2C035A35-C642-466B-BC48-369AF55ECA10}" |In - None - P17 - TRUE | .(...) -- C:\Windows\System32\windows lives.exe (.not file.) => Fichier absent
O87 - FAEL: "{3874895D-6ABD-4436-9F42-59223ED9CF9F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows.old\Windows\system32\config\systemprofile\Mes documents\My Skype Pictures\Skype.exe (.not file.) => Fichier absent
[HKLM\Software\BrowserChoice]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1194237-547A-461d-BD44-B97B1574A7DA}] => Toolbar.SweetIM
___________________________________________________________________
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
PS: si rien ne se colle clique sur l'icône en haut sur gauche celui juste à côté de l'appareil photos " coller le presse papier"
!! Déconnecte toi, désactive tes défenses (anti-virus, anti-spyware ) et ferme bien toutes autres applications ( navigateurs compris ) !!
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
. Copie les lignes suivantes en GRAS entre les deux lignes
__________________________________________________________
SysRestore
FirewallRAZ
EmptyFlash
EmptyTemp
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.) => Fichier absent
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA} => Toolbar.SweetIM
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF} => Empty Folder not necessary
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF} => Empty Folder not necessary
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com => Infection BT (Adware.QuestScan)
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4B8C28A7-A9BC-45F8-990D-21499EED643C} - (QuestScan) - http://www.questscan.com => Infection BT (Adware.QuestScan)
O87 - FAEL: "{71604BA7-2000-43B9-BF71-618CAA76F05C}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{70F5ADAD-5D9A-4933-A0F7-BD5CB65F6354}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{442D18FC-E975-4F09-A2D5-6F6E9F739368}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{786968A3-139D-4F96-9CFE-B6E445F0514C}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe (.not file.) => Fichier absent
O87 - FAEL: "{6E1BDB16-830B-4301-B544-9AC9692AF6DE}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (1).exe (.not file.) => Fichier absent
O87 - FAEL: "{86DF7061-AF69-4499-BB15-9E5C3C457944}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (1).exe (.not file.) => Fichier absent
O87 - FAEL: "{7C1E8F0C-7741-4706-8344-3C205ACC6CFF}" |In - Public - P6 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (3).exe (.not file.) => Fichier absent
O87 - FAEL: "{68DD3093-0DE6-4D08-BD6C-78FF975E3E77}" |In - Public - P17 - FALSE | .(...) -- C:\Users\mohamed\Downloads\SweetImSetup (3).exe (.not file.) => Fichier absent
O87 - FAEL: "{7B6B5751-BD5F-47F3-AB91-F97BCB83F07E}" |In - None - P17 - TRUE | .(...) -- C:\Windows\System32\skype.exe (.not file.) => Fichier absent
O87 - FAEL: "{2C035A35-C642-466B-BC48-369AF55ECA10}" |In - None - P17 - TRUE | .(...) -- C:\Windows\System32\windows lives.exe (.not file.) => Fichier absent
O87 - FAEL: "{3874895D-6ABD-4436-9F42-59223ED9CF9F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows.old\Windows\system32\config\systemprofile\Mes documents\My Skype Pictures\Skype.exe (.not file.) => Fichier absent
[HKLM\Software\BrowserChoice]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1194237-547A-461d-BD44-B97B1574A7DA}] => Toolbar.SweetIM
___________________________________________________________________
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
PS: si rien ne se colle clique sur l'icône en haut sur gauche celui juste à côté de l'appareil photos " coller le presse papier"
!! Déconnecte toi, désactive tes défenses (anti-virus, anti-spyware ) et ferme bien toutes autres applications ( navigateurs compris ) !!
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-09-04-2012-13-47-26.txt
Run by mohamed at 09/04/2012 13:47:26
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
SUPPRIME Key*: SearchScopes :{4B8C28A7-A9BC-45F8-990D-21499EED643C}
========== Récapitulatif ==========
1 : Clé(s) du Registre
End of clean in 00mn 01s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2012 12:31:39 [512]
C:\ZHP\ZHPFix[R2].txt - 09/04/2012 13:47:26 [570]
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-09-04-2012-13-47-26.txt
Run by mohamed at 09/04/2012 13:47:26
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
SUPPRIME Key*: SearchScopes :{4B8C28A7-A9BC-45F8-990D-21499EED643C}
========== Récapitulatif ==========
1 : Clé(s) du Registre
End of clean in 00mn 01s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2012 12:31:39 [512]
C:\ZHP\ZHPFix[R2].txt - 09/04/2012 13:47:26 [570]
je peux recommencer, j arrive pas à trouver le 1er rapport
appuis en même temps sur la touche windows celle avec le drapeau et sur R dans la fenêtre exécuter qui s'ouvre tu mets C:\ZHP\ZHPFix[R1].txt tu valides avec OK est ce que le rapport c'est ouvert ?? si oui tu me le postes , merci
car pas la peine de le refaire !! il trouvera rien puisque déjà supprimer , mais je veux le contrôler !!
car pas la peine de le refaire !! il trouvera rien puisque déjà supprimer , mais je veux le contrôler !!
C:\ZHP\ZHPFix[R1].txt
Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011
Fichier d'export Registre :
Run by mohamed at 09/04/2012 13:31:39
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Autre ==========
NON TRAITE http://www.questscan.com
========== Récapitulatif ==========
1 : Autre
End of clean in 00mn 00s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2012 13:31:39 [461]
Fichier d'export Registre :
Run by mohamed at 09/04/2012 13:31:39
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Autre ==========
NON TRAITE http://www.questscan.com
========== Récapitulatif ==========
1 : Autre
End of clean in 00mn 00s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2012 13:31:39 [461]
bon tu me refais un nouveau zhpdiag pour contrôle , merci
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Cliques sur la loupe pour lancer l'analyse.
si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis
Laisses l'outil travailler, il peut être assez long
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Rapport de ZHPDiag v1.30.01 par Nicolas Coolman, Update du 06/04/2012
Run by mohamed at 09/04/2012 17:59:57
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 02s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/18
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\System32\wuauclt.exe [47104] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 16s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,973] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 09/04/2012 - 18:00:17 - [11,413] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [295,046] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 09/04/2012 - 13:29:18 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,589] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [148,510] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 09/04/2012 - 08:02:29 - [0,103] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,380] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,177] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 09/04/2012 - 13:30:35 - [3,742] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [313,895] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [285,952] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [47,113] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 09/04/2012 - 17:58:20 - [59,015] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 22s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AFA63DC3A7E041422CD3346D771D0429] - 09/04/2012 - 13:31:54 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1365222]
O44 - LFC:[MD5.017CC89D3146DD247123B76800BA9C14] - 09/04/2012 - 11:53:17 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.0654C689E7A042043D131D79B5697208] - 09/04/2012 - 06:48:59 ---A- . (...) -- C:\AdwCleaner[S4].txt [294]
O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 09/04/2012 - 06:40:03 ---A- . (...) -- C:\Windows\setupact.log [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/04/2012 - 18:56:43 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 08/04/2012 - 18:07:44 ---A- . (...) -- C:\Windows\system32\config.nt [2577]
O44 - LFC:[MD5.2A746858DB5536A3B0539B1EE01C293C] - 08/04/2012 - 11:20:45 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 05s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.B4079A98F294A3E262872CB76F4849F0] - 25/11/2009 - 23:50:00 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.E2851CB7DBB831888EAEA46C55C05E44] - 25/11/2009 - 23:49:48 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.8080D683489C99CBACE813F6FA4069CC] - 25/11/2009 - 23:48:57 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23120]
O58 - SDL:[MD5.2E5A2AD5004B55DF39B7606130A88142] - 25/11/2009 - 23:50:12 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.D4C83A37EFADFA2C398362E0776E3773] - 25/11/2009 - 23:49:07 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [48560]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.8B7C1768D2CDE2E02E09A66563DDFD16] - 03/08/2007 - 04:36:10 ---A- . (.Sony Corporation - Sony Firmware Extension Parser driver.) -- C:\Windows\system32\drivers\SFEP.sys [9344]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.)
Run by mohamed at 09/04/2012 17:59:57
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible
---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
GCIE: Google Chrome v18.0.1025.151 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 3MBMV
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 0 GB (0%) free of 56 GB
---\\ Logged in mode
~ Computer Name: MOHAMED-PC
~ User Name: mohamed
~ All Users Names: mohamed, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\mohamed\AppData\Roaming\
~ %Desktop% : C:\Users\mohamed\Desktop\
~ %Favorites% : C:\Users\mohamed\Favorites\
~ %LocalAppData% : C:\Users\mohamed\AppData\Local\
~ %StartMenu% : C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 56 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 48 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 06:33:07.) -- C:\Windows\explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\wininit.exe [96256]
[MD5.EE0D7471EBF9CE40CC4A203B1F90F028] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/06/2011 - 06:36:36.) -- C:\Windows\System32\wininet.dll [981504]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\drivers\afd.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\drivers\cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\drivers\dfsc.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\drivers\hdaudbus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\ipnat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\drivers\mrxsmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\drivers\netbt.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 02s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 3/26
~ Mes Documents (My Documents) : 2/18
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 6/22
~ Scan Hidden Files in 00mn 00s
---\\ Processus lancés
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [81000] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\System32\wuauclt.exe [47104] [PID.]
[MD5.C1BACEC1225949B7D31F2900F9E7BBAF] - (.Google Inc. - Google Chrome.) -- C:\Users\mohamed\AppData\Local\Google\Chrome\Application\chrome.exe [1224176] [PID.]
[MD5.7217CBDA073BBC13C088BB81B9BA3034] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [4511744] [PID.]
~ Scan Processes Running in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mohamed\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\System32\Wat\npWatWeb.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (...) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (.not file.)
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\mohamed\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) - {75135117-e742-4ecd-8777-6c1d18432fc5} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s
---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 30
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
~ Scan BHO in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3168886523-3433315848-1557123279-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\Documents - Raccourci.lnk . (...) -- C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - Global Startup: C:\Users\mohamed\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\mohamed\Desktop\ZHPDiag2 - Raccourci.lnk . (.Nicolas Coolman.) -- C:\Users\mohamed\Downloads\ZHPDiag2.exe
O4 - Global Startup: C:\Users\mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
~ Scan Winsock in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{C1CEAC4E-772A-473C-8FA2-DD885D5B7F7C}: DhcpNameServer = 192.168.1.254
~ Scan Domain in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
~ Scan Protocole Additionnel in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Servicevices\aswMo (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! AntivirusntrolSet\Service (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service Google Update (gupdate)ocalServ (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Scan Services in 00mn 01s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: () - File not found
~ Scan Keys in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA.job
[MD5.70FFCB9B44BEF2E2D94C0ECDE130FAE3] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000Core] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3168886523-3433315848-1557123279-1000UA] (.Google Inc..) -- C:\Users\mohamed\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.6E5112179EF0CF22BBB5D7FB85B407E4] [APT] [{19437655-269E-402E-B074-8CDD2B510957}] (...) -- C:\Users\mohamed\Documents\setupengpro.exe
[MD5.AB875B402869CDF8204D1E9880BFAD43] [APT] [{20560A23-AABC-478F-B1B7-5950243CCE7E}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
[MD5.00000000000000000000000000000000] [APT] [{4C39EA25-C511-41EB-896D-3F10C192DA78}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{636E0416-7FD8-4F38-970B-A18BC8B45B20}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C38EAC98-5ACD-4BBB-A739-16A96CFE0D66}] (...) -- c:\program files\mozilla firefox\firefox.exe-chrome:notoffered;disabled (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{E0DD9430-C897-48A0-A56B-B4B0FF30C6C9}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{EC37252D-13DF-4D15-82C1-8C012D828413}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{ED9A5F62-FF62-416A-A66A-7F1C2EDC7F66}] (...) -- c:\program files\mozilla firefox\firefox.exe (.not file.)
~ Scan Scheduled Task in 00mn 16s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Defraggler - (.Piriform.) [HKLM] -- Defraggler
O42 - Logiciel: Glary Utilities 2.27.0.982 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Skype(TM) 5.3 - (.Skype Technologies S.A..) [HKLM] -- {5335DADB-34BA-4AE8-A519-648D78498846}
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA}
O42 - Logiciel: SweetIM for Messenger 3.5 - (.SweetIM Technologies Ltd..) [HKLM] -- {05E33475-46B5-4273-A1ED-46C531A90692}
O42 - Logiciel: avast! Antivirus v4.8 - (.Alwil Software.) [HKLM] -- avast!
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\BabylonChromeExtension]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\EasyBits]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\IM Providers]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Skype]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\DelFix]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\TrendMicro]
[HKLM\Software\ZSMC]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/05/2011 - 23:54:32 - [233,330] ----D C:\Program Files\Adobe
O43 - CFD: 22/05/2011 - 23:40:02 - [170,973] ----D C:\Program Files\Alwil Software
O43 - CFD: 08/04/2012 - 10:07:39 - [4,378] ----D C:\Program Files\CCleaner
O43 - CFD: 14/08/2011 - 12:19:15 - [103,039] ----D C:\Program Files\Common Files
O43 - CFD: 08/04/2012 - 10:20:07 - [4,723] ----D C:\Program Files\Defraggler
O43 - CFD: 14/07/2009 - 11:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 22/05/2011 - 23:19:13 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 22/05/2011 - 23:41:13 - [17,700] ----D C:\Program Files\Glary Utilities
O43 - CFD: 06/04/2012 - 22:03:46 - [90,336] ----D C:\Program Files\Google
O43 - CFD: 16/08/2011 - 15:21:09 - [4,289] ----D C:\Program Files\Internet Explorer
O43 - CFD: 06/04/2012 - 22:43:29 - [11,422] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 08/04/2012 - 09:31:59 - [0] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 11:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 26/05/2011 - 14:34:32 - [0,015] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 14/07/2009 - 06:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 11/03/2012 - 17:23:56 - [18,169] R---D C:\Program Files\Skype
O43 - CFD: 26/05/2011 - 22:10:16 - [3,523] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 25/05/2011 - 20:37:19 - [0,762] ----D C:\Program Files\trend micro
O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 26/05/2011 - 22:25:34 - [0,004] ----D C:\Program Files\Unlocker
O43 - CFD: 22/05/2011 - 23:41:10 - [0,497] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 10:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2009 - 11:01:29 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 25/05/2011 - 19:48:21 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 25/05/2011 - 15:04:07 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 22/05/2011 - 23:19:13 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 10:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 10:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 09/04/2012 - 18:00:17 - [11,413] ----D C:\Program Files\ZHPDiag
O43 - CFD: 22/05/2011 - 23:55:22 - [5,906] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 08/04/2012 - 09:35:11 - [46,147] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 14/08/2011 - 12:19:15 - [2,150] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 23/11/2011 - 21:05:36 - [9,634] ----D C:\Program Files\Common Files\System
O43 - CFD: 22/05/2011 - 23:58:34 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 27/05/2011 - 15:06:37 - [295,046] ----D C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 24/05/2011 - 21:01:43 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 09/04/2012 - 13:29:18 - [13,369] ----D C:\ProgramData\Easybits GO
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 06/04/2012 - 21:50:35 - [0] ----D C:\ProgramData\Google
O43 - CFD: 25/05/2011 - 20:49:41 - [15,589] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 06/04/2012 - 19:50:33 - [148,510] -S--D C:\ProgramData\Microsoft
O43 - CFD: 22/05/2011 - 23:19:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 24/05/2011 - 20:22:07 - [0,000] ----D C:\ProgramData\PC Drivers HeadQuarters
O43 - CFD: 17/08/2011 - 19:25:38 - [27,020] ----D C:\ProgramData\Skype
O43 - CFD: 06/04/2012 - 20:35:34 - [9,964] ----D C:\ProgramData\Skype Extras
O43 - CFD: 26/05/2011 - 22:08:38 - [15,081] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 24/05/2011 - 22:14:14 - [0] ----D C:\ProgramData\WLInstaller
O43 - CFD: 24/05/2011 - 16:10:01 - [2,511] ----D C:\Users\mohamed\AppData\Roaming\Adobe
O43 - CFD: 23/05/2011 - 00:29:31 - [0,010] ----D C:\Users\mohamed\AppData\Roaming\GlarySoft
O43 - CFD: 09/04/2012 - 08:02:29 - [0,103] ----D C:\Users\mohamed\AppData\Roaming\go
O43 - CFD: 24/05/2011 - 15:56:50 - [0] ----D C:\Users\mohamed\AppData\Roaming\Google
O43 - CFD: 22/05/2011 - 23:20:12 - [0] ----D C:\Users\mohamed\AppData\Roaming\Identities
O43 - CFD: 22/05/2011 - 23:32:03 - [0,002] ----D C:\Users\mohamed\AppData\Roaming\Macromedia
O43 - CFD: 25/05/2011 - 20:49:45 - [2,112] ----D C:\Users\mohamed\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 11:00:32 - [0] ----D C:\Users\mohamed\AppData\Roaming\Media Center Programs
O43 - CFD: 29/05/2011 - 14:32:11 - [3,380] -S--D C:\Users\mohamed\AppData\Roaming\Microsoft
O43 - CFD: 08/06/2011 - 21:34:56 - [13,177] ----D C:\Users\mohamed\AppData\Roaming\Mozilla
O43 - CFD: 09/04/2012 - 13:30:35 - [3,742] ----D C:\Users\mohamed\AppData\Roaming\Skype
O43 - CFD: 29/05/2011 - 16:01:56 - [0,052] ----D C:\Users\mohamed\AppData\Roaming\skypePM
O43 - CFD: 24/05/2011 - 15:57:33 - [0,997] ----D C:\Users\mohamed\AppData\Roaming\vlc
O43 - CFD: 24/05/2011 - 15:41:20 - [0] ----D C:\Users\mohamed\AppData\Roaming\Windows Live Writer
O43 - CFD: 02/09/2011 - 16:12:32 - [0,075] ----D C:\Users\mohamed\AppData\Local\Adobe
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Application Data
O43 - CFD: 22/05/2011 - 23:29:04 - [1,173] ----D C:\Users\mohamed\AppData\Local\Apps
O43 - CFD: 22/05/2011 - 23:29:19 - [0] ----D C:\Users\mohamed\AppData\Local\Deployment
O43 - CFD: 19/02/2012 - 10:28:50 - [0] ----D C:\Users\mohamed\AppData\Local\Diagnostics
O43 - CFD: 06/04/2012 - 20:43:47 - [0,171] ----D C:\Users\mohamed\AppData\Local\ElevatedDiagnostics
O43 - CFD: 07/04/2012 - 08:18:13 - [313,895] ----D C:\Users\mohamed\AppData\Local\Google
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Historique
O43 - CFD: 11/03/2012 - 17:25:11 - [285,952] ----D C:\Users\mohamed\AppData\Local\Microsoft
O43 - CFD: 08/06/2011 - 21:34:46 - [47,113] ----D C:\Users\mohamed\AppData\Local\Mozilla
O43 - CFD: 09/04/2012 - 17:58:20 - [59,015] ----D C:\Users\mohamed\AppData\Local\Temp
O43 - CFD: 22/05/2011 - 23:19:38 - [0] ----D C:\Users\mohamed\AppData\Local\Temporary Internet Files
O43 - CFD: 22/05/2011 - 23:19:43 - [0] ----D C:\Users\mohamed\AppData\Local\VirtualStore
O43 - CFD: 24/05/2011 - 20:24:40 - [0,063] ----D C:\Users\mohamed\AppData\Local\Windows Live
O43 - CFD: 24/05/2011 - 15:49:57 - [0,358] ----D C:\Users\mohamed\AppData\Local\Windows Live Writer
O43 - CFD: 25/05/2011 - 14:54:53 - [0] ----D C:\Users\mohamed\AppData\Local\{D68B0303-165C-40BC-AF69-6EBE8B9B22AF}
O43 - CFD: 24/05/2011 - 19:56:44 - [0] ----D C:\Users\mohamed\AppData\Local\{D7DAC814-5D87-4EEC-B737-66B7BDC2DDAF}
O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 25/05/2011 - 19:52:45 - [0,000] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/04/2012 - 08:19:13 - [0,005] ----D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 06/04/2012 - 23:32:38 - [0] R---D C:\Users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 22s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.AFA63DC3A7E041422CD3346D771D0429] - 09/04/2012 - 13:31:54 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1365222]
O44 - LFC:[MD5.017CC89D3146DD247123B76800BA9C14] - 09/04/2012 - 11:53:17 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.0654C689E7A042043D131D79B5697208] - 09/04/2012 - 06:48:59 ---A- . (...) -- C:\AdwCleaner[S4].txt [294]
O44 - LFC:[MD5.D74E3C688AA4F552EB9F55CB8EA67170] - 09/04/2012 - 06:40:03 ---A- . (...) -- C:\Windows\setupact.log [56]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/04/2012 - 18:56:43 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 08/04/2012 - 18:07:44 ---A- . (...) -- C:\Windows\system32\config.nt [2577]
O44 - LFC:[MD5.2A746858DB5536A3B0539B1EE01C293C] - 08/04/2012 - 11:20:45 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.23B9E4ABEDABC98B0C96FB733B8B228F] - 07/04/2012 - 22:34:11 ---A- . (...) -- C:\AdwCleaner[S3].txt [1709]
O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O44 - LFC:[MD5.EF5EC67A40CD6BF29F59154E72B12322] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [123970]
O44 - LFC:[MD5.0199368BBC788D07D119357F0DB49493] - 06/04/2012 - 22:53:29 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [685776]
O44 - LFC:[MD5.2A912720CDA12801D0338F24B0016DB5] - 06/04/2012 - 22:14:07 ---A- . (...) -- C:\AdwCleaner[S2].txt [1038]
O44 - LFC:[MD5.127052E67F96A890FDEBA0DE67EF3C75] - 06/04/2012 - 21:01:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [6194]
O44 - LFC:[MD5.35BEA87A391AFD8251EB292389107225] - 06/04/2012 - 21:01:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [42]
O44 - LFC:[MD5.CC369803B9CB8366A8002D25CB18D444] - 06/04/2012 - 20:57:19 ---A- . (...) -- C:\AdwCleaner[R1].txt [6048]
O44 - LFC:[MD5.4EDD19CD4D08EF6DF63F2423087501A3] - 06/04/2012 - 20:40:53 ---A- . (...) -- C:\DelFix[S1].txt [1373]
O44 - LFC:[MD5.73CF9B8397BF9BB4A867FAC465C8AAAE] - 06/04/2012 - 20:40:31 ---A- . (...) -- C:\DelFix[R2].txt [1280]
O44 - LFC:[MD5.95E5668F29FB5F13314AEEEA6612D573] - 06/04/2012 - 20:39:51 ---A- . (...) -- C:\DelFix[R1].txt [1224]
~ Scan Files in 01mn 05s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s
---\\ MountPoints2 Shell Key (O51) (None)
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53) (None)
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [79952]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 14/07/2009 - 02:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [23616]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.B4079A98F294A3E262872CB76F4849F0] - 25/11/2009 - 23:50:00 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [20560]
O58 - SDL:[MD5.E2851CB7DBB831888EAEA46C55C05E44] - 25/11/2009 - 23:49:48 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [53328]
O58 - SDL:[MD5.8080D683489C99CBACE813F6FA4069CC] - 25/11/2009 - 23:48:57 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [23120]
O58 - SDL:[MD5.2E5A2AD5004B55DF39B7606130A88142] - 25/11/2009 - 23:50:12 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [114768]
O58 - SDL:[MD5.D4C83A37EFADFA2C398362E0776E3773] - 25/11/2009 - 23:49:07 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [48560]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 14/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 14/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 14/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 14/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.20DE769B84960606D8DBB2AEC123021A] - 14/07/2009 - 23:02:49 ---A- . (.Intel Corporation - Pilote NDIS 5.1 de la carte Intel(R) PRO/100.) -- C:\Windows\system32\drivers\e100b325.sys [159232]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 14/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 14/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332352]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 14:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]
O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 07/04/2012 - 21:40:39 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.58218EC6B61B1169CF54AAB0D00F5FE2] - 14/07/2009 - 23:02:51 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\Windows\system32\drivers\netw5v32.sys [4231168]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117312]
O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 14/07/2009 - 02:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [142416]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.8B7C1768D2CDE2E02E09A66563DDFD16] - 03/08/2007 - 04:36:10 ---A- . (.Sony Corporation - Sony Firmware Extension Parser driver.) -- C:\Windows\system32\drivers\SFEP.sys [9344]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.)
une nouvelle fois essais de suivre la procédure car si il est demander de le poster par le biais d'un hébergeur c'est pas que pour faire jolie , mais comme il est trop long il est pas complet si tu le colle directement sur le forum , donc une nouvelle fois merci de bien lire la procédure afin de bien la suivre , MERCI
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
Pour me le transmettre clique sur ce lien :
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
et si problème passe par celui ci : http://threat-rc.com/
ou
http://pjjoint.malekal.com/
merci de ta patience, mais dès que j utilise ci joint.com le texte sort entier quand je publie le rapport. Et pourtant je suis les instructions c est pas difficile, je fais parcourir je prend le rapport et je fais copier le lien etje poste dans ma reponse;
ok merci, j ai un autre problème, j arrive pas a degager de la place sur mon DD C
il est a bloc il me reste 11,8 mo libre sur 55,8 GO j essaye de defragmenter il echou a chaque fois il defragmente seulement 40% du DD C.
as tu des tuyaux?
merci
il est a bloc il me reste 11,8 mo libre sur 55,8 GO j essaye de defragmenter il echou a chaque fois il defragmente seulement 40% du DD C.
as tu des tuyaux?
merci
fais de la place en désinstallant des programmes ou en mettant sur dd externe des chose ou su dvd !! purge la restauration système cela pourra te gagner de la place pense que tu as un disque d qui lui à encore de la place donc déplace des chose comme photos vidéo ou autre
Sous Windows 7, il est possible de les supprimer sans désactiver la restauration système.
*Cliquez sur le logo Windows en bas à gauche, faites un clic droit sur "Ordinateur" puis cliquez sur "Propriétés" :
*Cliquez ensuite sur "Protection du système" :
*Cliquez sur "Configurer" :
*Pour désactiver la restauration du système, cochez "Désactiver la protection du système" puis cliquez sur "Appliquer".
Si vous voulez simplement supprimer les points de restauration, cliquez sur "Supprimer" puis validez en cliquant sur "Oui" :
*Une confirmation est nécessaire et vous informe que les points de restaurations existants vont être supprimés sans possibilité de retour en arrière :
Pour réactiver la restauration système, il suffit de cocher "Restaurer les paramètres système et les versions précédents des fichiers" à la place de "Désactiver la protection du système" puis de validez avec "Appliquer".
Source : https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
Sous Windows 7, il est possible de les supprimer sans désactiver la restauration système.
*Cliquez sur le logo Windows en bas à gauche, faites un clic droit sur "Ordinateur" puis cliquez sur "Propriétés" :
*Cliquez ensuite sur "Protection du système" :
*Cliquez sur "Configurer" :
*Pour désactiver la restauration du système, cochez "Désactiver la protection du système" puis cliquez sur "Appliquer".
Si vous voulez simplement supprimer les points de restauration, cliquez sur "Supprimer" puis validez en cliquant sur "Oui" :
*Une confirmation est nécessaire et vous informe que les points de restaurations existants vont être supprimés sans possibilité de retour en arrière :
Pour réactiver la restauration système, il suffit de cocher "Restaurer les paramètres système et les versions précédents des fichiers" à la place de "Désactiver la protection du système" puis de validez avec "Appliquer".
Source : https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
