Trojan impossible
Fermé
anas
-
8 juin 2013 à 12:52
lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 - 8 juin 2013 à 19:46
lilidurhone Messages postés 43347 Date d'inscription lundi 25 avril 2011 Statut Contributeur sécurité Dernière intervention 31 octobre 2024 - 8 juin 2013 à 19:46
A voir également:
- Trojan impossible
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan win32 - Forum Virus
- Csrss.exe trojan - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan agent ✓ - Forum Virus
4 réponses
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
8 juin 2013 à 12:53
8 juin 2013 à 12:53
Hello
* Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
* Clique sur l'icône représentant une loupe + (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Pour héberger le rapport, clique sur la flèche bleue ce qui va te diriger vers Pjjoint
pour héberger ce rapport.
* Clique sur Parcourir pour chercher le rapport dans ton PC.
* Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt
* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir
* Clique sur envoyer le fichier, puis poste le lien en bleu qu'on va te fournir.
* Si problème d'hébergement sur Pjoint passe par cjoint
* Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
* Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin
* Clique sur l'icône représentant une loupe + (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Pour héberger le rapport, clique sur la flèche bleue ce qui va te diriger vers Pjjoint
pour héberger ce rapport.
* Clique sur Parcourir pour chercher le rapport dans ton PC.
* Le rapport est sauvegardé dans C:\ZHP\ZHPDiag.txt
* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir
* Clique sur envoyer le fichier, puis poste le lien en bleu qu'on va te fournir.
* Si problème d'hébergement sur Pjoint passe par cjoint
* Pour t'aider http://www.pc-infopratique.com/forum-informatique/tutoriel-heberger-rapport-vt-67934.html
mahmoudianas
Messages postés
9
Date d'inscription
lundi 18 mars 2013
Statut
Membre
Dernière intervention
8 juin 2013
8 juin 2013 à 13:19
8 juin 2013 à 13:19
Voila : https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130608_e9t8q15j12p6
sinon :
Rapport de ZHPDiag v2013.6.7.12 par Nicolas Coolman, Update du 07/06/2013
Run by Anas at 08/06/2013 12:02:44
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v27.0.1453.110 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
---\\ System Information
~ Processor: x86 Family 15 Model 4 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2559 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (86%) free of 293 GB
---\\ Logged in mode
~ Computer Name: ANAS-PC
~ User Name: Anas
~ All Users Names: Anas, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Anas\AppData\Roaming\
~ %Desktop% : C:\Users\Anas\Desktop\
~ %Favorites% : C:\Users\Anas\Favorites\
~ %LocalAppData% : C:\Users\Anas\AppData\Local\
~ %StartMenu% : C:\Users\Anas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 293 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 80 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 05:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 12:42:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 06:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 02:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 02:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 16:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 3/7
~ Mes Favoris (My Favorites) : 1/18
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.F979E2139F2DD221ECB8506EEAC9931F] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368] [PID.2356]
[MD5.97C24BC25D9BDB2BDF4D7F69B9D3500B] - (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [7110656] [PID.2384]
[MD5.CC8CB6DDB36BD7AB96F4AB144265D55B] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe [3581816] [PID.2420]
[MD5.2F3390C8E3620B3991D7D82014E26AA7] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [825808] [PID.2272]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [47104] [PID.3580]
[MD5.BA58BE8F544B058C160E7CCDB7A6EA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7472128] [PID.1772]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [hiledapehlkhdehbhppgmekfalnlfajc] Don't Starve v.1.0.0.37 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hkbbcjmckhhnpniafekogpfonhiomnal] HoverPlay v.1.0.4 (Activé)
G2 - GCE: Preference [User Data\Default] [iblfiefpapbbcnkckddciaehinlnopol] Blague du jour v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [mcdfoihgbodkinaeoamnenflcacjhbal] Stefanie Posavec v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [plgellfihbddhjgclldmelbgepdlpapc] O\u00F9 est mon eau? v.1.0 (Activé)
~ Google Browser: 22 Legitimates Filtered in 01mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (...) -- C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL (.not file.)
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe
O4 - HKCU\..\Run: [Microsoft DLL Registrations] C:\Users\Anas\AppData\Roaming\regsrv34.exe (.not file.)
O4 - HKCU\..\Run: [Icmmmu] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Microsoft DLL Registrations] C:\Users\Anas\AppData\Roaming\regsrv34.exe (.not file.)
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Icmmmu] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Screenpresso.lnk . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Counter-Strike 1.6.lnk . (...) -- C:\Program Files\Counter-Strike 1.6\cstrike.exe
O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe
O4 - GS\Desktop: Spider Player.lnk . (.VIT Software, LLC - Spider Player.) -- C:\Program Files\Spider Player\Spider.exe
O4 - GS\Desktop: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{82C12A3C-FFFF-41B7-A5A4-66748CF7B756}] (...) -- C:\Users\Anas\Downloads\ee.exe (.not file.) [0]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 04s
---\\ Logiciels installés (O42)
O42 - Logiciel: BitComet 1.36 - (.CometNetwork.) [HKLM] -- BitComet =>P2P.BitComet
~ Logic: 54 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\Softonic]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
~ Key Software: 102 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/05/2013 - 21:39:26 - [25,816] ----D C:\Program Files\BitComet =>P2P.BitComet
O43 - CFD: 07/06/2013 - 17:02:48 - [1,010] ----D C:\Users\Anas\AppData\Roaming\BitComet =>P2P.BitComet
~ Program Folder: 111 Legitimates Filtered in 00mn 13s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BDA387B58E461D082BB2F20C982B67B6] - 08/06/2013 - 10:47:59 ---A- . (...) -- C:\Windows\Reimage.ini [162] =>Rogue.ReimageRepair
O44 - LFC:[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - 07/06/2013 - 09:59:02 ---A- . (...) -- C:\Windows\win.ini [387]
O44 - LFC:[MD5.3357D6530B6B535CE4CE703C15ED8A32] - 05/06/2013 - 12:17:07 --HA- . (...) -- C:\Windows\System32\elqbcbvpv [88725]
O44 - LFC:[MD5.DE86CC97682CC47EF512D36B99025FB9] - 05/06/2013 - 11:50:49 --HA- . (...) -- C:\Windows\System32\brblnxdrp [78167]
O44 - LFC:[MD5.4D046C32EF12AE35965B619263CB2C0F] - 05/06/2013 - 11:40:08 --HA- . (...) -- C:\Windows\System32\cepxmguii [76512]
O44 - LFC:[MD5.03296A090C2D1FB3B1B32B5659241B86] - 05/06/2013 - 11:28:10 --HA- . (...) -- C:\Windows\System32\nsvggtvkq [61152]
O44 - LFC:[MD5.32B0757755E1F2D436549F41066979CE] - 05/06/2013 - 11:13:56 --HA- . (...) -- C:\Windows\System32\pwlrklanw [59560]
O44 - LFC:[MD5.B8ACA5B5BB772B029CA10575E41CE02E] - 26/05/2013 - 12:44:03 ---A- . (...) -- C:\Windows\IE9_main.log [4755]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 26/05/2013 - 12:42:07 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 26/05/2013 - 01:25:42 --HA- . (...) -- C:\Boot.BAK [212]
O44 - LFC:[MD5.72E77FD660094A57484180C5D4C841E6] - 25/05/2013 - 20:58:45 RSHA- . (...) -- C:\WMLET [373459]
O44 - LFC:[MD5.0EE9E752649A7900ABC0971A88E16DAB] - 25/05/2013 - 17:54:05 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [13153]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 25/05/2013 - 17:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
O44 - LFC:[MD5.9E59A53E958F9B41A55F900C27FCB94F] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\System32\SFFXComm.dll [78672]
O44 - LFC:[MD5.28CDF89F64C91122F2B5514724973E40] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\System32\SFFXDAPO.dll [74064]
O44 - LFC:[MD5.5FCAFCE060F6C6C87B2793DBC9A93696] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\System32\SFFXHAPO.dll [74064]
O44 - LFC:[MD5.66DC7974FF24AF6977D74C28B0C55564] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\System32\SFFXProc.dll [214352]
O44 - LFC:[MD5.10112F07A48D8A4E532C74FD7B0ED838] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\System32\SFFXSAPO.dll [74064]
O44 - LFC:[MD5.CEC124E27FC800115A32DD9D1CD691FC] - 25/05/2013 - 15:30:38 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.5BB30A2C78E761E7230514AB13D7E078] - 25/05/2013 - 15:27:57 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
~ Files: 395 Legitimates Filtered in 00mn 12s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8CC4A8921F332436AA22F76FDEC788F7] - 25/05/2013 - 17:46:25 ---A- - C:\Windows\Prefetch\32BIT_VISTA_WIN7_WIN8_R270.EX-EA7F7ACF.pf
O45 - LFCP:[MD5.27F3AE22DCD2E52053A851EB405352FD] - 25/05/2013 - 17:46:29 ---A- - C:\Windows\Prefetch\DEMO32.EXE-A862FAD0.pf
O45 - LFCP:[MD5.B40C3310FC5630EE255479DFA719443D] - 25/05/2013 - 17:48:48 ---A- - C:\Windows\Prefetch\NS74AA.TMP-AE8836B2.pf
O45 - LFCP:[MD5.DF9E0820AEAD241923AF614920D130D2] - 25/05/2013 - 17:48:49 ---A- - C:\Windows\Prefetch\NS72F8.TMP-BE265D4A.pf
O45 - LFCP:[MD5.4185EE37FE2C785B7317A68C9FDDA584] - 25/05/2013 - 17:54:47 ---A- - C:\Windows\Prefetch\3DVISION_285.62.EXE-9863D6D1.pf
O45 - LFCP:[MD5.CAB841063A10D4529EDEC4EF6CEB81B2] - 25/05/2013 - 17:55:15 ---A- - C:\Windows\Prefetch\NVSTREG.EXE-22C89DF9.pf
O45 - LFCP:[MD5.956489100F11B0129C39E0AB884D4563] - 25/05/2013 - 18:01:58 ---A- - C:\Windows\Prefetch\OSE00000.EXE-D3A23743.pf
O45 - LFCP:[MD5.0E7732EB8338B15A4FC67E235F453D82] - 25/05/2013 - 19:31:51 ---A- - C:\Windows\Prefetch\NVSTLINK.EXE-4891CFF9.pf
O45 - LFCP:[MD5.53F0928A1E21A48D61555BC83E67FEB8] - 26/05/2013 - 11:52:03 ---A- - C:\Windows\Prefetch\VEGASPRO11.0.682_32BIT.EXE-7851FC81.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\0x000101 [Key] . (...) -- C:\Users\Anas\AppData\Roaming\8DB4.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Icmmmu [Key] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 06/06/2013 - 09:51:42 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 06/06/2013 - 09:52:33 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]
O61 - LFC: 06/06/2013 - 11:29:36 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Update.xml [1480]
O61 - LFC: 06/06/2013 - 11:38:27 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\93b6b8bde4d7148be286cd3c23e4fdaa5414a807.torrent [105516] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 11:38:27 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\93b6b8bde4d7148be286cd3c23e4fdaa5414a807.torrent [105516] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 13:49:14 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\c3e2a8bdde960fec5aa829832ddbc5406ab8b89c.torrent [18094] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 14:53:57 ---A- C:\Users\Anas\AppData\Local\Introversion\Prison Architect\debug.txt [7317]
O61 - LFC: 06/06/2013 - 14:53:57 ---A- C:\Users\Anas\AppData\Local\Introversion\Prison Architect\preferences.txt [449]
O61 - LFC: 06/06/2013 - 15:02:23 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\7ec92e30c2852ee045b8eb17c26a133a6b4cc2ab.torrent [149864] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:02:23 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\7ec92e30c2852ee045b8eb17c26a133a6b4cc2ab.torrent [149864] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:11:17 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\830f3cfe05e566d16837058be49281997b691be7.torrent [63067] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml.20130606.bak [664] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\my_history.xml [849] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\my_shares.xml [383] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 10:11:06 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268840]
O61 - LFC: 07/06/2013 - 14:00:09 ---A- C:\Users\Anas\AppData\Local\GDIPFONTCACHEV1.DAT [87088]
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\3db2e140e76e17077016d1bd91be1bdcc4dd8be8.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\3db2e140e76e17077016d1bd91be1bdcc4dd8be8.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\torrents\Counter Strike 1.6 digital.exe.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASH.DMP [85048] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASH.ZIP [24414] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASHLOG.DAT [0] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASHLOG.TXT [2868] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:21 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml.bak [768] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\BitComet.xml [3991] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml [784] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\rules\dhtnodes.dat [39452] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\torrents\Counter Strike 1.6 digital.exe.xml [7277] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:20:41 ---A- C:\Users\Anas\Links\Logiciel.lnk [671]
O61 - LFC: 07/06/2013 - 16:20:45 ---A- C:\Users\Anas\Links\Jeux.lnk [639]
O61 - LFC: 07/06/2013 - 22:07:59 ---A- C:\Users\Anas\Links\Videos.lnk [804]
O61 - LFC: 07/06/2013 - 22:08:01 ---A- C:\Users\Anas\Links\Photos.lnk [804]
O61 - LFC: 07/06/2013 - 22:08:04 ---A- C:\Users\Anas\Links\Musique.lnk [807]
O61 - LFC: 07/06/2013 - 22:54:10 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Spider.xml [9924]
O61 - LFC: 07/06/2013 - 22:54:11 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Spider.m3u [98]
O61 - LFC: 08/06/2013 - 10:38:02 ---A- C:\Users\Anas\AppData\Roaming\Icmmmu.exe [190976]
O61 - LFC: 08/06/2013 - 10:46:07 ---A- C:\Users\Anas\Downloads\ReimageRepair.exe [726288] =>Rogue.ReimageRepair
O61 - LFC: 08/06/2013 - 11:04:48 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Local State [35709]
~ 13 Fichiers temporaires (Temporary files)
~ Files: 1321 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
D:\Logiciel\Professionnel\Sony Vegas Pro 11\Keygen.exe
~ Files: Scanned in 00mn 46s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.6AA2534BCE88C87F81344C37C857F863] [SPRF][08/06/2013] (...) -- C:\Users\Anas\AppData\Local\Temp\libcurl-4.dll [302592]
[MD5.35517BAE454E3F6F2C6A93CF3975FB19] [SPRF][08/06/2013] (.Splinter Cells - Splinters.) -- C:\Users\Anas\AppData\Local\Temp\minerd.exe [296784]
[MD5.492153D3B3F0FB99ABD48752C8D2E796] [SPRF][08/06/2013] (.Open Source Software community LGPL - GNU C x86 (mingw32).) -- C:\Users\Anas\AppData\Local\Temp\pthreadGC2.dll [72206]
[MD5.8252005FF0FB5548D028BCDC0CE185B5] [SPRF][08/06/2013] (.Reimage® - Reimage Repair.) -- C:\Users\Anas\AppData\Local\Temp\ReimagePackage.exe [10676472] =>Rogue.ReimageRepair
[MD5.5B9C3FFA457D829D0AA2781180540CFB] [SPRF][08/06/2013] (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe [190976]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (07/06/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 142469 Items scanned in 00mn 41s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 01/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 28/12/2010 1296728 | (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files\BitComet\tools\BitCometService.exe =>P2P.BitComet
SS - | Auto 06/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 15/10/2011 1136448 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/10/2011 381248 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Anas at 08/06/2013 12:06:30
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys HDAudBus.sys ndis.sys el90Xbc5.SYS
C:\Windows\system32\DRIVERS\el90Xbc5.SYS 3Com Corporation 3Com EtherLink PCI
1 ntkrnlpa!IofCallDriver[0x82E3B718] >> \Device\Harddisk0\DR0[0x85DEB420]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Anas at 08/06/2013 12:06:32
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2629 Legitimates filtered by white list
End of the scan (464 lines in 03mn 48s)(1)
sinon :
Rapport de ZHPDiag v2013.6.7.12 par Nicolas Coolman, Update du 07/06/2013
Run by Anas at 08/06/2013 12:02:44
WebSite: https://nicolascoolman.webs.com/
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v27.0.1453.110 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 ActiveX
---\\ System Information
~ Processor: x86 Family 15 Model 4 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2559 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 43 GB (86%) free of 293 GB
---\\ Logged in mode
~ Computer Name: ANAS-PC
~ User Name: Anas
~ All Users Names: Anas, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Anas\AppData\Roaming\
~ %Desktop% : C:\Users\Anas\Desktop\
~ %Favorites% : C:\Users\Anas\Favorites\
~ %LocalAppData% : C:\Users\Anas\AppData\Local\
~ %StartMenu% : C:\Users\Anas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 43 Go of 293 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 80 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 26 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 05:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.2C96B3921B4CDE10DBAED5AAD760DB67] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/05/2013 - 12:42:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 06:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 02:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 02:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 16:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 3/7
~ Mes Favoris (My Favorites) : 1/18
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.F979E2139F2DD221ECB8506EEAC9931F] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368] [PID.2356]
[MD5.97C24BC25D9BDB2BDF4D7F69B9D3500B] - (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe [7110656] [PID.2384]
[MD5.CC8CB6DDB36BD7AB96F4AB144265D55B] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe [3581816] [PID.2420]
[MD5.2F3390C8E3620B3991D7D82014E26AA7] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [825808] [PID.2272]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [47104] [PID.3580]
[MD5.BA58BE8F544B058C160E7CCDB7A6EA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7472128] [PID.1772]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [hiledapehlkhdehbhppgmekfalnlfajc] Don't Starve v.1.0.0.37 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hkbbcjmckhhnpniafekogpfonhiomnal] HoverPlay v.1.0.4 (Activé)
G2 - GCE: Preference [User Data\Default] [iblfiefpapbbcnkckddciaehinlnopol] Blague du jour v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [mcdfoihgbodkinaeoamnenflcacjhbal] Stefanie Posavec v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [plgellfihbddhjgclldmelbgepdlpapc] O\u00F9 est mon eau? v.1.0 (Activé)
~ Google Browser: 22 Legitimates Filtered in 01mn 03s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (...) -- C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL (.not file.)
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe
O4 - HKCU\..\Run: [Microsoft DLL Registrations] C:\Users\Anas\AppData\Roaming\regsrv34.exe (.not file.)
O4 - HKCU\..\Run: [Icmmmu] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Screenpresso] . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\IDM\IDMan.exe
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Microsoft DLL Registrations] C:\Users\Anas\AppData\Roaming\regsrv34.exe (.not file.)
O4 - HKUS\S-1-5-21-3202494633-4247425408-3177688964-1000\..\Run: [Icmmmu] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Screenpresso.lnk . (.Learnpulse - Screenpresso.) -- C:\Users\Anas\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Counter-Strike 1.6.lnk . (...) -- C:\Program Files\Counter-Strike 1.6\cstrike.exe
O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe
O4 - GS\Desktop: Spider Player.lnk . (.VIT Software, LLC - Spider Player.) -- C:\Program Files\Spider Player\Spider.exe
O4 - GS\Desktop: Vegas Pro 11.0.lnk . (.Sony Creative Software Inc. - Vegas Pro.) -- C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll =>P2P.BitComet
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{765A6286-79B9-4A6C-B85B-FB9624F8436A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{82C12A3C-FFFF-41B7-A5A4-66748CF7B756}] (...) -- C:\Users\Anas\Downloads\ee.exe (.not file.) [0]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 04s
---\\ Logiciels installés (O42)
O42 - Logiciel: BitComet 1.36 - (.CometNetwork.) [HKLM] -- BitComet =>P2P.BitComet
~ Logic: 54 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKCU\Software\Softonic]
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
~ Key Software: 102 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/05/2013 - 21:39:26 - [25,816] ----D C:\Program Files\BitComet =>P2P.BitComet
O43 - CFD: 07/06/2013 - 17:02:48 - [1,010] ----D C:\Users\Anas\AppData\Roaming\BitComet =>P2P.BitComet
~ Program Folder: 111 Legitimates Filtered in 00mn 13s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BDA387B58E461D082BB2F20C982B67B6] - 08/06/2013 - 10:47:59 ---A- . (...) -- C:\Windows\Reimage.ini [162] =>Rogue.ReimageRepair
O44 - LFC:[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - 07/06/2013 - 09:59:02 ---A- . (...) -- C:\Windows\win.ini [387]
O44 - LFC:[MD5.3357D6530B6B535CE4CE703C15ED8A32] - 05/06/2013 - 12:17:07 --HA- . (...) -- C:\Windows\System32\elqbcbvpv [88725]
O44 - LFC:[MD5.DE86CC97682CC47EF512D36B99025FB9] - 05/06/2013 - 11:50:49 --HA- . (...) -- C:\Windows\System32\brblnxdrp [78167]
O44 - LFC:[MD5.4D046C32EF12AE35965B619263CB2C0F] - 05/06/2013 - 11:40:08 --HA- . (...) -- C:\Windows\System32\cepxmguii [76512]
O44 - LFC:[MD5.03296A090C2D1FB3B1B32B5659241B86] - 05/06/2013 - 11:28:10 --HA- . (...) -- C:\Windows\System32\nsvggtvkq [61152]
O44 - LFC:[MD5.32B0757755E1F2D436549F41066979CE] - 05/06/2013 - 11:13:56 --HA- . (...) -- C:\Windows\System32\pwlrklanw [59560]
O44 - LFC:[MD5.B8ACA5B5BB772B029CA10575E41CE02E] - 26/05/2013 - 12:44:03 ---A- . (...) -- C:\Windows\IE9_main.log [4755]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 26/05/2013 - 12:42:07 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.6D3A8799AAF564FBAECEF2D90950FFCE] - 26/05/2013 - 01:25:42 --HA- . (...) -- C:\Boot.BAK [212]
O44 - LFC:[MD5.72E77FD660094A57484180C5D4C841E6] - 25/05/2013 - 20:58:45 RSHA- . (...) -- C:\WMLET [373459]
O44 - LFC:[MD5.0EE9E752649A7900ABC0971A88E16DAB] - 25/05/2013 - 17:54:05 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [13153]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 25/05/2013 - 17:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
O44 - LFC:[MD5.9E59A53E958F9B41A55F900C27FCB94F] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\System32\SFFXComm.dll [78672]
O44 - LFC:[MD5.28CDF89F64C91122F2B5514724973E40] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\System32\SFFXDAPO.dll [74064]
O44 - LFC:[MD5.5FCAFCE060F6C6C87B2793DBC9A93696] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\System32\SFFXHAPO.dll [74064]
O44 - LFC:[MD5.66DC7974FF24AF6977D74C28B0C55564] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\System32\SFFXProc.dll [214352]
O44 - LFC:[MD5.10112F07A48D8A4E532C74FD7B0ED838] - 25/05/2013 - 17:48:56 ---A- . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\System32\SFFXSAPO.dll [74064]
O44 - LFC:[MD5.CEC124E27FC800115A32DD9D1CD691FC] - 25/05/2013 - 15:30:38 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.5BB30A2C78E761E7230514AB13D7E078] - 25/05/2013 - 15:27:57 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
~ Files: 395 Legitimates Filtered in 00mn 12s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8CC4A8921F332436AA22F76FDEC788F7] - 25/05/2013 - 17:46:25 ---A- - C:\Windows\Prefetch\32BIT_VISTA_WIN7_WIN8_R270.EX-EA7F7ACF.pf
O45 - LFCP:[MD5.27F3AE22DCD2E52053A851EB405352FD] - 25/05/2013 - 17:46:29 ---A- - C:\Windows\Prefetch\DEMO32.EXE-A862FAD0.pf
O45 - LFCP:[MD5.B40C3310FC5630EE255479DFA719443D] - 25/05/2013 - 17:48:48 ---A- - C:\Windows\Prefetch\NS74AA.TMP-AE8836B2.pf
O45 - LFCP:[MD5.DF9E0820AEAD241923AF614920D130D2] - 25/05/2013 - 17:48:49 ---A- - C:\Windows\Prefetch\NS72F8.TMP-BE265D4A.pf
O45 - LFCP:[MD5.4185EE37FE2C785B7317A68C9FDDA584] - 25/05/2013 - 17:54:47 ---A- - C:\Windows\Prefetch\3DVISION_285.62.EXE-9863D6D1.pf
O45 - LFCP:[MD5.CAB841063A10D4529EDEC4EF6CEB81B2] - 25/05/2013 - 17:55:15 ---A- - C:\Windows\Prefetch\NVSTREG.EXE-22C89DF9.pf
O45 - LFCP:[MD5.956489100F11B0129C39E0AB884D4563] - 25/05/2013 - 18:01:58 ---A- - C:\Windows\Prefetch\OSE00000.EXE-D3A23743.pf
O45 - LFCP:[MD5.0E7732EB8338B15A4FC67E235F453D82] - 25/05/2013 - 19:31:51 ---A- - C:\Windows\Prefetch\NVSTLINK.EXE-4891CFF9.pf
O45 - LFCP:[MD5.53F0928A1E21A48D61555BC83E67FEB8] - 26/05/2013 - 11:52:03 ---A- - C:\Windows\Prefetch\VEGASPRO11.0.682_32BIT.EXE-7851FC81.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\0x000101 [Key] . (...) -- C:\Users\Anas\AppData\Roaming\8DB4.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Icmmmu [Key] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 06/06/2013 - 09:51:42 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 06/06/2013 - 09:52:33 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]
O61 - LFC: 06/06/2013 - 11:29:36 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Update.xml [1480]
O61 - LFC: 06/06/2013 - 11:38:27 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\93b6b8bde4d7148be286cd3c23e4fdaa5414a807.torrent [105516] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 11:38:27 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\93b6b8bde4d7148be286cd3c23e4fdaa5414a807.torrent [105516] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 13:49:14 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\c3e2a8bdde960fec5aa829832ddbc5406ab8b89c.torrent [18094] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 14:53:57 ---A- C:\Users\Anas\AppData\Local\Introversion\Prison Architect\debug.txt [7317]
O61 - LFC: 06/06/2013 - 14:53:57 ---A- C:\Users\Anas\AppData\Local\Introversion\Prison Architect\preferences.txt [449]
O61 - LFC: 06/06/2013 - 15:02:23 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\7ec92e30c2852ee045b8eb17c26a133a6b4cc2ab.torrent [149864] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:02:23 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\7ec92e30c2852ee045b8eb17c26a133a6b4cc2ab.torrent [149864] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:11:17 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\830f3cfe05e566d16837058be49281997b691be7.torrent [63067] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml.20130606.bak [664] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\my_history.xml [849] =>P2P.BitComet
O61 - LFC: 06/06/2013 - 15:54:10 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\my_shares.xml [383] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 10:11:06 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268840]
O61 - LFC: 07/06/2013 - 14:00:09 ---A- C:\Users\Anas\AppData\Local\GDIPFONTCACHEV1.DAT [87088]
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\archive\3db2e140e76e17077016d1bd91be1bdcc4dd8be8.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\share\3db2e140e76e17077016d1bd91be1bdcc4dd8be8.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:17:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\torrents\Counter Strike 1.6 digital.exe.torrent [12440] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASH.DMP [85048] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASH.ZIP [24414] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASHLOG.DAT [0] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 15:29:54 ---A- C:\Users\Anas\AppData\Roaming\BitComet\CRASHLOG.TXT [2868] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:21 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml.bak [768] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\BitComet.xml [3991] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\Downloads.xml [784] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\rules\dhtnodes.dat [39452] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:02:48 ---A- C:\Users\Anas\AppData\Roaming\BitComet\torrents\Counter Strike 1.6 digital.exe.xml [7277] =>P2P.BitComet
O61 - LFC: 07/06/2013 - 16:20:41 ---A- C:\Users\Anas\Links\Logiciel.lnk [671]
O61 - LFC: 07/06/2013 - 16:20:45 ---A- C:\Users\Anas\Links\Jeux.lnk [639]
O61 - LFC: 07/06/2013 - 22:07:59 ---A- C:\Users\Anas\Links\Videos.lnk [804]
O61 - LFC: 07/06/2013 - 22:08:01 ---A- C:\Users\Anas\Links\Photos.lnk [804]
O61 - LFC: 07/06/2013 - 22:08:04 ---A- C:\Users\Anas\Links\Musique.lnk [807]
O61 - LFC: 07/06/2013 - 22:54:10 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Spider.xml [9924]
O61 - LFC: 07/06/2013 - 22:54:11 ---A- C:\Users\Anas\AppData\Roaming\Spider Player\Spider.m3u [98]
O61 - LFC: 08/06/2013 - 10:38:02 ---A- C:\Users\Anas\AppData\Roaming\Icmmmu.exe [190976]
O61 - LFC: 08/06/2013 - 10:46:07 ---A- C:\Users\Anas\Downloads\ReimageRepair.exe [726288] =>Rogue.ReimageRepair
O61 - LFC: 08/06/2013 - 11:04:48 ---A- C:\Users\Anas\AppData\Local\Google\Chrome\User Data\Local State [35709]
~ 13 Fichiers temporaires (Temporary files)
~ Files: 1321 Legitimates Filtered in 00mn 08s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
D:\Logiciel\Professionnel\Sony Vegas Pro 11\Keygen.exe
~ Files: Scanned in 00mn 46s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.6AA2534BCE88C87F81344C37C857F863] [SPRF][08/06/2013] (...) -- C:\Users\Anas\AppData\Local\Temp\libcurl-4.dll [302592]
[MD5.35517BAE454E3F6F2C6A93CF3975FB19] [SPRF][08/06/2013] (.Splinter Cells - Splinters.) -- C:\Users\Anas\AppData\Local\Temp\minerd.exe [296784]
[MD5.492153D3B3F0FB99ABD48752C8D2E796] [SPRF][08/06/2013] (.Open Source Software community LGPL - GNU C x86 (mingw32).) -- C:\Users\Anas\AppData\Local\Temp\pthreadGC2.dll [72206]
[MD5.8252005FF0FB5548D028BCDC0CE185B5] [SPRF][08/06/2013] (.Reimage® - Reimage Repair.) -- C:\Users\Anas\AppData\Local\Temp\ReimagePackage.exe [10676472] =>Rogue.ReimageRepair
[MD5.5B9C3FFA457D829D0AA2781180540CFB] [SPRF][08/06/2013] (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe [190976]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (07/06/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Reimage] =>Rogue.ReimageRepair
[HKLM\Software\Reimage] =>Rogue.ReimageRepair
C:\Windows\Reimage.ini =>Rogue.ReimageRepair
~ Additionnel Scan: 142469 Items scanned in 00mn 41s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 01/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 28/12/2010 1296728 | (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files\BitComet\tools\BitCometService.exe =>P2P.BitComet
SS - | Auto 06/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 15/10/2011 1136448 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/10/2011 381248 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Anas at 08/06/2013 12:06:30
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys HDAudBus.sys ndis.sys el90Xbc5.SYS
C:\Windows\system32\DRIVERS\el90Xbc5.SYS 3Com Corporation 3Com EtherLink PCI
1 ntkrnlpa!IofCallDriver[0x82E3B718] >> \Device\Harddisk0\DR0[0x85DEB420]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Anas at 08/06/2013 12:06:32
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2629 Legitimates filtered by white list
End of the scan (464 lines in 03mn 48s)(1)
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
8 juin 2013 à 19:23
8 juin 2013 à 19:23
Hello
Il aurait fallu hébergé le rapport
Premièrement tu n as pas d av?
attention aux cracks
Il aurait fallu hébergé le rapport
Premièrement tu n as pas d av?
attention aux cracks
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
8 juin 2013 à 19:26
8 juin 2013 à 19:26
Salut
Bah le rapport est hébergé lili regarde bien :)
Trololololololol ^^
Anas c'est possible d'envoyer ces fichiers sur http://upload.malekal.com stp ?
Sinon ton windows 7 ne me parait pas très légal ...
Bah le rapport est hébergé lili regarde bien :)
O4 - HKCU\..\Run: [Microsoft DLL Registrations] C:\Users\Anas\AppData\Roaming\regsrv34.exe (.not file.) O4 - HKCU\..\Run: [Icmmmu] . (.Sensei - Master.) -- C:\Users\Anas\AppData\Roaming\Icmmmu.exe
Trololololololol ^^
Anas c'est possible d'envoyer ces fichiers sur http://upload.malekal.com stp ?
Sinon ton windows 7 ne me parait pas très légal ...
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
8 juin 2013 à 19:29
8 juin 2013 à 19:29
Hello
louche très louche
juju je parlais sur cjoint moi
louche très louche
juju je parlais sur cjoint moi
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 796
8 juin 2013 à 19:32
8 juin 2013 à 19:32
cjoint/pjjoint/fec upload/... c'pareil non ?
lilidurhone
Messages postés
43347
Date d'inscription
lundi 25 avril 2011
Statut
Contributeur sécurité
Dernière intervention
31 octobre 2024
3 806
8 juin 2013 à 19:46
8 juin 2013 à 19:46
Tu as raison ;)
