PC infecter
Résolu/Fermé
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
-
23 nov. 2013 à 20:00
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 25 nov. 2013 à 14:22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 25 nov. 2013 à 14:22
A voir également:
- PC infecter
- Test performance pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Audacity enregistrer son pc - Guide
19 réponses
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
Modifié par Fish66 le 23/11/2013 à 20:05
Modifié par Fish66 le 23/11/2013 à 20:05
Bonsoir,
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
@+
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
Télécharge : AdwCleaner (merci à Xplode)
Lance AdwCleaner
Clique sur Scanner puis Nettoyer, et patiente le temps du nettoyage.
Poste le rapport qui apparait en fin de recherche.
(Le rapport est sauvegardé aussi sous C:\AdwCleaner\AdwCleaner[x].txt)
@+
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
23 nov. 2013 à 20:20
23 nov. 2013 à 20:20
Voila le rapport
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (23/11/2013 20:14:43)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v16.0.0.125
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 86 GB (57%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 86 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 36 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/586
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.196]
[MD5.F9834C28353985D4FAC508A87F5A7724] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe [969048] [PID.2768]
[MD5.8E93CDF0EA8EDBA63F07E2898A9B2147] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [43008] [PID.2568]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2948]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1428]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.1104]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.1392]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.504]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3120]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.2396]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.1336]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.2584] =>Toolbar.Ask
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.3952]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.3676]
[MD5.8AC07485A7473392EEA6489F31747AE8] - (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe [1953320] [PID.3980] =>PUP.MyPCBackup
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4704]
[MD5.E8B0A9ECB76AAA0C3519E16F34A49858] - (.Microsoft Corporation - Consolidateur SQM Windows.) -- C:\Windows\System32\wsqmcons.exe [192000] [PID.2432]
[MD5.467A3B03E924B7B7EDD16D34740574B0] - (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe [134656] [PID.3864]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4592]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.2872]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.6028]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.524]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.932]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1284]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1756]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2032]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.316] =>Toolbar.Ask
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.868]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1180]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1476]
[MD5.309970047D2810380B34A629FC1CFEDD] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [115560] [PID.1584]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.3192]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.3500]
[MD5.D466BAC7B0F83F075CB3A6D9D11BA799] - (.Just Develop It - Backup Stack.) -- C:\Program Files\MyPC Backup\BackupStack.exe [38440] [PID.3844] =>PUP.MyPCBackup
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.3244]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.1444]
[MD5.DB3D19F850C6EB32BDCB9BC0836ACDDB] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\Windows\system32\vssvc.exe [1055232] [PID.3868]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\user.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\user.js
M3 - MFPP: Plugins - [HASSANIN] -- C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [HASSANIN] -- C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.3.0.2 (..) =>Toolbar.Conduit
~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
O2 - BHO: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} . (.Conduit Ltd. - Monitization BHO Proxy.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\IE\MonPrx.dll =>Toolbar.Conduit
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 66 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - GS\Startup [HASSANIN]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] . (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\CH\TBVerifier.dll =>Toolbar.Conduit
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] . (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\CH\TBVerifier.dll =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch
[MD5.8AC07485A7473392EEA6489F31747AE8] [APT] [LaunchApp] (.MyPCBackup.com.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe [1953320] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\HASSANIN\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Logiciels installés (O42)
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
~ Logic: 92 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\mamverifier]
~ Key Software: 144 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:54:08 - [37,491] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/11/2013 - 20:35:16 - [0] ----D C:\Program Files\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 23/11/2013 - 18:37:24 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:26:25 - [1,594] ----D C:\Users\HASSANIN\AppData\Roaming\ValueApps =>Toolbar.Conduit
O43 - CFD: 22/11/2013 - 13:27:14 - [0,005] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
O43 - CFD: 22/11/2013 - 13:26:01 - [0,002] ----D C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/11/2013 - 13:26:41 ---A- . (...) -- C:\END [0]
~ Files: 802 Legitimates Filtered in 02mn 12s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.2AEF80076B0932D6483F36D5566AA510] - 23/11/2013 - 03:03:35 ---A- - C:\Windows\Prefetch\DOTNETFX35LANGPACK_X86FR.EXE-7C57C3A5.pf
O45 - LFCP:[MD5.72C6496E3A2A7DCED00970D062A57A41] - 23/11/2013 - 09:56:02 ---A- - C:\Windows\Prefetch\PREREQTOOL.EXE-D31CD8E4.pf
O45 - LFCP:[MD5.1F8F1C002BAE7D0352BDF961F4B854A6] - 23/11/2013 - 12:55:53 ---A- - C:\Windows\Prefetch\NVUNRM.EXE-F6088CF9.pf
O45 - LFCP:[MD5.F3F70D89A7CF6D622AC5FB52049124F9] - 23/11/2013 - 13:05:42 ---A- - C:\Windows\Prefetch\HASHCLEANUP.EXE-905F576F.pf
O45 - LFCP:[MD5.F27747114409365BBE40B9A9C5C7984C] - 23/11/2013 - 13:06:01 ---A- - C:\Windows\Prefetch\WSWTRSVC.EXE-47DAAD90.pf
O45 - LFCP:[MD5.3F28AE53BC2307AAB6FE37AD9A625CEB] - 23/11/2013 - 13:07:45 ---A- - C:\Windows\Prefetch\BACKUPSTACK.EXE-D76D7F90.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.1ACA6D58AFEC064BD0D9E2DA127FE0B5] - 23/11/2013 - 13:07:45 ---A- - C:\Windows\Prefetch\DEVICEPROPS.EXE-910AB7D6.pf
O45 - LFCP:[MD5.56DBDB034BD81F7B92FDE47244D81849] - 23/11/2013 - 13:07:53 ---A- - C:\Windows\Prefetch\SYSHIPER.EXE-02E8CC35.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 00s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 20/11/2013 - 20:18:13 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Local State [45901]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey [1704]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey.pub [716]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [5244]
O61 - LFC: 22/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\IE\uninstaller.exe [76406] =>Toolbar.Conduit
O61 - LFC: 22/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\daemonprocess.txt [0]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim-N_vbr_mp3.zip [664812958]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim_Without_Children.zip [648694915]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (.Conduit.) -- C:\Users\HASSANIN\Downloads\FileZilla_brff.exe [1125856]
O61 - LFC: 22/11/2013 - 20:18:45 ---A- . (.Tim Kosse.) -- C:\Users\HASSANIN\Downloads\MainOffer1.exe [4812567]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_Alghamdi.torrent [18064]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3(1).zip [445445730]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3.zip [445445730]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sodais_And_Shuraim.zip [288973375]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sudais_Shuraim_Erdu-el-moslem.com.zip [2158879684]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103] =>PUP.MyPCBackup
O61 - LFC: 23/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\GDIPFONTCACHEV1.DAT [77624]
O61 - LFC: 23/11/2013 - 20:18:41 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
O61 - LFC: 23/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [17827] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
~ 17 Fichiers temporaires (Temporary files)
~ Files: 1360 Legitimates Filtered in 00mn 45s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("browser.search.order.1", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.aflt", "dnldstr"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCt[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cntry", "FR"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cr", "961128378"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hdrMd5", "6CBC9AE0DE1640512BD23733223CCB53"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyE[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.id", "00248C9CA4166A39"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.instlDay", "16028"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.lastB", "http://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtC[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:14:44"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0A[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.sg", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:14:44"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 9p9l3x85.default] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
[MD5.3E368066E475D559EECF89C82793F080] [SPRF][10/09/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\EnableExtDll.dll [93184]
~ Files: 7 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 45 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008] =>Toolbar.Avira
~ WIS: 47 Legitimates Filtered in 00mn 05s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 19/09/2013 38440 | (BackupStack) . (.Just Develop It.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/05/2009 115560 | (Norton Internet Security) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 23/11/2013 20:19:25
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 9
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\Mysearchdial =>Adware.MyWebSearch^
C:\Users\HASSANIN\AppData\Roaming\ValueApps =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup^
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
~ Additionnel Scan: 235501 Items scanned in 00mn 23s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ MSI: 8 link(s) detected in 00mn 24s
~ 3146 Legitimates filtered by white list
End of the scan (646 lines in 05mn 07s)(0)
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (23/11/2013 20:14:43)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v16.0.0.125
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 86 GB (57%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 86 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 36 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/586
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.196]
[MD5.F9834C28353985D4FAC508A87F5A7724] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe [969048] [PID.2768]
[MD5.8E93CDF0EA8EDBA63F07E2898A9B2147] - (.Microsoft Corporation - Windows Update Automatic Updates.) -- C:\Windows\system32\wuauclt.exe [43008] [PID.2568]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2948]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1428]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.1104]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.1392]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.504]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3120]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.2396]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.1336]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.2584] =>Toolbar.Ask
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.3952]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.3676]
[MD5.8AC07485A7473392EEA6489F31747AE8] - (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe [1953320] [PID.3980] =>PUP.MyPCBackup
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4704]
[MD5.E8B0A9ECB76AAA0C3519E16F34A49858] - (.Microsoft Corporation - Consolidateur SQM Windows.) -- C:\Windows\System32\wsqmcons.exe [192000] [PID.2432]
[MD5.467A3B03E924B7B7EDD16D34740574B0] - (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe [134656] [PID.3864]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4592]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.2872]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.6028]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.524]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.932]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1284]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1756]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2032]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.316] =>Toolbar.Ask
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.868]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1180]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1476]
[MD5.309970047D2810380B34A629FC1CFEDD] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [115560] [PID.1584]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.3192]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.3500]
[MD5.D466BAC7B0F83F075CB3A6D9D11BA799] - (.Just Develop It - Backup Stack.) -- C:\Program Files\MyPC Backup\BackupStack.exe [38440] [PID.3844] =>PUP.MyPCBackup
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.3244]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.1444]
[MD5.DB3D19F850C6EB32BDCB9BC0836ACDDB] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\Windows\system32\vssvc.exe [1055232] [PID.3868]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\user.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\user.js
M3 - MFPP: Plugins - [HASSANIN] -- C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [HASSANIN] -- C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}] [] Value Apps v1.3.0.2 (..) =>Toolbar.Conduit
~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
O2 - BHO: Value Apps plugin - {F63AAEDC-3602-49EF-AA45-262380A98980} . (.Conduit Ltd. - Monitization BHO Proxy.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\IE\MonPrx.dll =>Toolbar.Conduit
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 66 Legitimates Filtered in 00mn 02s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - GS\Startup [HASSANIN]: MyPC Backup.lnk . (.MyPCBackup.com - MyPC Backup.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] . (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\CH\TBVerifier.dll =>Toolbar.Conduit
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] . (.Conduit Ltd. - Conduit Toolbar Verifier.) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\CH\TBVerifier.dll =>Toolbar.Conduit
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) . (.Just Develop It - Backup Stack.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MySearchDial.job [304] =>Adware.MyWebSearch
[MD5.8AC07485A7473392EEA6489F31747AE8] [APT] [LaunchApp] (.MyPCBackup.com.) -- C:\Program Files\MyPC Backup\MyPC Backup.exe [1953320] =>PUP.MyPCBackup
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (...) -- C:\Users\HASSANIN\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Logiciels installés (O42)
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
~ Logic: 92 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\mamverifier]
~ Key Software: 144 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:54:08 - [37,491] ----D C:\Program Files\MyPC Backup =>PUP.MyPCBackup
O43 - CFD: 19/11/2013 - 20:35:16 - [0] ----D C:\Program Files\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 23/11/2013 - 18:37:24 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:26:25 - [1,594] ----D C:\Users\HASSANIN\AppData\Roaming\ValueApps =>Toolbar.Conduit
O43 - CFD: 22/11/2013 - 13:27:14 - [0,005] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
O43 - CFD: 22/11/2013 - 13:26:01 - [0,002] ----D C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup
~ Program Folder: 127 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/11/2013 - 13:26:41 ---A- . (...) -- C:\END [0]
~ Files: 802 Legitimates Filtered in 02mn 12s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.2AEF80076B0932D6483F36D5566AA510] - 23/11/2013 - 03:03:35 ---A- - C:\Windows\Prefetch\DOTNETFX35LANGPACK_X86FR.EXE-7C57C3A5.pf
O45 - LFCP:[MD5.72C6496E3A2A7DCED00970D062A57A41] - 23/11/2013 - 09:56:02 ---A- - C:\Windows\Prefetch\PREREQTOOL.EXE-D31CD8E4.pf
O45 - LFCP:[MD5.1F8F1C002BAE7D0352BDF961F4B854A6] - 23/11/2013 - 12:55:53 ---A- - C:\Windows\Prefetch\NVUNRM.EXE-F6088CF9.pf
O45 - LFCP:[MD5.F3F70D89A7CF6D622AC5FB52049124F9] - 23/11/2013 - 13:05:42 ---A- - C:\Windows\Prefetch\HASHCLEANUP.EXE-905F576F.pf
O45 - LFCP:[MD5.F27747114409365BBE40B9A9C5C7984C] - 23/11/2013 - 13:06:01 ---A- - C:\Windows\Prefetch\WSWTRSVC.EXE-47DAAD90.pf
O45 - LFCP:[MD5.3F28AE53BC2307AAB6FE37AD9A625CEB] - 23/11/2013 - 13:07:45 ---A- - C:\Windows\Prefetch\BACKUPSTACK.EXE-D76D7F90.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.1ACA6D58AFEC064BD0D9E2DA127FE0B5] - 23/11/2013 - 13:07:45 ---A- - C:\Windows\Prefetch\DEVICEPROPS.EXE-910AB7D6.pf
O45 - LFCP:[MD5.56DBDB034BD81F7B92FDE47244D81849] - 23/11/2013 - 13:07:53 ---A- - C:\Windows\Prefetch\SYSHIPER.EXE-02E8CC35.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 00s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 20/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 20/11/2013 - 20:18:13 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Local State [45901]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey [1704]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey.pub [716]
O61 - LFC: 22/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [5244]
O61 - LFC: 22/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ValueApps\IE\uninstaller.exe [76406] =>Toolbar.Conduit
O61 - LFC: 22/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\daemonprocess.txt [0]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim-N_vbr_mp3.zip [664812958]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim_Without_Children.zip [648694915]
O61 - LFC: 22/11/2013 - 20:18:44 ---A- . (.Conduit.) -- C:\Users\HASSANIN\Downloads\FileZilla_brff.exe [1125856]
O61 - LFC: 22/11/2013 - 20:18:45 ---A- . (.Tim Kosse.) -- C:\Users\HASSANIN\Downloads\MainOffer1.exe [4812567]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_Alghamdi.torrent [18064]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3(1).zip [445445730]
O61 - LFC: 22/11/2013 - 20:18:46 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3.zip [445445730]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sodais_And_Shuraim.zip [288973375]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sudais_Shuraim_Erdu-el-moslem.com.zip [2158879684]
O61 - LFC: 22/11/2013 - 20:18:47 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103] =>PUP.MyPCBackup
O61 - LFC: 23/11/2013 - 20:18:02 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\GDIPFONTCACHEV1.DAT [77624]
O61 - LFC: 23/11/2013 - 20:18:41 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
O61 - LFC: 23/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [17827] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 20:18:43 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
~ 17 Fichiers temporaires (Temporary files)
~ Files: 1360 Legitimates Filtered in 00mn 45s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("browser.search.order.1", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.aflt", "dnldstr"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCt[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cntry", "FR"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.cr", "961128378"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hdrMd5", "6CBC9AE0DE1640512BD23733223CCB53"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyE[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.id", "00248C9CA4166A39"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.instlDay", "16028"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.instlRef", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.lastB", "http://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtC[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:14:44"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0A[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.sg", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 316j4hzt.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:14:44"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [HASSANIN - 9p9l3x85.default] user_pref("browser.search.defaultenginename", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
[MD5.3E368066E475D559EECF89C82793F080] [SPRF][10/09/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\EnableExtDll.dll [93184]
~ Files: 7 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 45 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008] =>Toolbar.Avira
~ WIS: 47 Legitimates Filtered in 00mn 05s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 19/09/2013 38440 | (BackupStack) . (.Just Develop It.) - C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/05/2009 115560 | (Norton Internet Security) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 23/11/2013 20:19:25
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 22
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 9
Fichiers trouvés (Files found) : 9
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}] =>Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\SYSTEM\CurrentControlSet\Services\MyPC Backup) (BackupStack] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} =>Toolbar.Conduit^
C:\Program Files\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\Mysearchdial =>Adware.MyWebSearch^
C:\Users\HASSANIN\AppData\Roaming\ValueApps =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup =>PUP.MyPCBackup^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files\MyPC Backup\MyPC Backup.exe =>PUP.MyPCBackup^
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Program Files\MyPC Backup\BackupStack.exe =>PUP.MyPCBackup^
C:\Windows\Tasks\MySearchDial.job =>Adware.MyWebSearch^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
~ Additionnel Scan: 235501 Items scanned in 00mn 23s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ MSI: 8 link(s) detected in 00mn 24s
~ 3146 Legitimates filtered by white list
End of the scan (646 lines in 05mn 07s)(0)
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
23 nov. 2013 à 20:33
23 nov. 2013 à 20:33
J'attends le rapport ADWCleaner : https://forums.commentcamarche.net/forum/affich-29167988-pc-infecter#1
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
23 nov. 2013 à 20:43
23 nov. 2013 à 20:43
voila le rapport
# AdwCleaner v3.012 - Rapport créé le 23/11/2013 à 20:35:44
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : HASSANIN - PC-DE-HASSANIN
# Exécuté depuis : C:\Users\HASSANIN\Downloads\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
Service Supprimé : BackupStack
***** [ Fichiers / Dossiers ] *****
[!] Dossier Supprimé : C:\Program Files\MyPC Backup
Dossier Supprimé : C:\Program Files\Mysearchdial
Dossier Supprimé : C:\Program Files\PC Speed Maximizer
Dossier Supprimé : C:\Users\HASSANIN\AppData\LocalLow\Mysearchdial
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\ValueApps
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD}
Fichier Supprimé : C:\END
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Fichier Supprimé : C:\Users\HASSANIN\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Fichier Supprimé : C:\Users\HASSANIN\Desktop\MyPC Backup.lnk
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\user.js
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\user.js
Fichier Supprimé : C:\Windows\System32\Tasks\LaunchApp
Fichier Supprimé : C:\Windows\Tasks\MySearchDial.job
Fichier Supprimé : C:\Windows\System32\Tasks\MySearchDial
***** [ Raccourcis ] *****
***** [ Registre ] *****
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6AC9996-055D-4669-9FC9-8B9726E8A823}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AC9996-055D-4669-9FC9-8B9726E8A823}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F860EBFF-2987-458C-8566-660E6A2CA84A}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F860EBFF-2987-458C-8566-660E6A2CA84A}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
***** [ Navigateurs ] *****
-\\ Internet Explorer v7.0.6002.18005
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v25.0.1 (fr)
[ Fichier : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js ]
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Mysearchdial");
Ligne Supprimée : user_pref("browser.search.order.1", "Mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.aflt", "dnldstr");
Ligne Supprimée : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Ligne Supprimée : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R");
Ligne Supprimée : user_pref("extensions.mysearchdial.cntry", "FR");
Ligne Supprimée : user_pref("extensions.mysearchdial.cr", "961128378");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltLng", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltSrch", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dnsErr", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.excTlbr", false);
Ligne Supprimée : user_pref("extensions.mysearchdial.hdrMd5", "6CBC9AE0DE1640512BD23733223CCB53");
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.id", "00248C9CA4166A39");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlDay", "16028");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlRef", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:14:44");
Ligne Supprimée : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutC[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Ligne Supprimée : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.sg", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czu[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.newTab", false);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:14:44");
[ Fichier : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js ]
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v31.0.1650.57
[ Fichier : C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Supprimée : icon_url
*************************
AdwCleaner[R0].txt - [9419 octets] - [23/11/2013 20:34:35]
AdwCleaner[S0].txt - [9083 octets] - [23/11/2013 20:35:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9143 octets] ##########
# AdwCleaner v3.012 - Rapport créé le 23/11/2013 à 20:35:44
# Mis à jour le 11/11/2013 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Nom d'utilisateur : HASSANIN - PC-DE-HASSANIN
# Exécuté depuis : C:\Users\HASSANIN\Downloads\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
Service Supprimé : BackupStack
***** [ Fichiers / Dossiers ] *****
[!] Dossier Supprimé : C:\Program Files\MyPC Backup
Dossier Supprimé : C:\Program Files\Mysearchdial
Dossier Supprimé : C:\Program Files\PC Speed Maximizer
Dossier Supprimé : C:\Users\HASSANIN\AppData\LocalLow\Mysearchdial
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\ValueApps
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Dossier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD}
Fichier Supprimé : C:\END
Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Fichier Supprimé : C:\Users\HASSANIN\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Fichier Supprimé : C:\Users\HASSANIN\Desktop\MyPC Backup.lnk
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\searchplugins\Mysearchdial.xml
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\user.js
Fichier Supprimé : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\user.js
Fichier Supprimé : C:\Windows\System32\Tasks\LaunchApp
Fichier Supprimé : C:\Windows\Tasks\MySearchDial.job
Fichier Supprimé : C:\Windows\System32\Tasks\MySearchDial
***** [ Raccourcis ] *****
***** [ Registre ] *****
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6AC9996-055D-4669-9FC9-8B9726E8A823}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AC9996-055D-4669-9FC9-8B9726E8A823}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F860EBFF-2987-458C-8566-660E6A2CA84A}
[#] Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F860EBFF-2987-458C-8566-660E6A2CA84A}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
***** [ Navigateurs ] *****
-\\ Internet Explorer v7.0.6002.18005
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v25.0.1 (fr)
[ Fichier : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js ]
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Mysearchdial");
Ligne Supprimée : user_pref("browser.search.order.1", "Mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.aflt", "dnldstr");
Ligne Supprimée : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Ligne Supprimée : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R");
Ligne Supprimée : user_pref("extensions.mysearchdial.cntry", "FR");
Ligne Supprimée : user_pref("extensions.mysearchdial.cr", "961128378");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltLng", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.dfltSrch", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dnsErr", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.excTlbr", false);
Ligne Supprimée : user_pref("extensions.mysearchdial.hdrMd5", "6CBC9AE0DE1640512BD23733223CCB53");
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.id", "00248C9CA4166A39");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlDay", "16028");
Ligne Supprimée : user_pref("extensions.mysearchdial.instlRef", "");
Ligne Supprimée : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:14:44");
Ligne Supprimée : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutC[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Ligne Supprimée : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.sg", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0Czy0C0AyEtCyCyC0AtAzytN0D0Tzu0SyCzzzytN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czu[...]
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.hmpg", true);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.newTab", false);
Ligne Supprimée : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:14:44");
[ Fichier : C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js ]
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Mysearchdial");
-\\ Google Chrome v31.0.1650.57
[ Fichier : C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Supprimée : icon_url
*************************
AdwCleaner[R0].txt - [9419 octets] - [23/11/2013 20:34:35]
AdwCleaner[S0].txt - [9083 octets] - [23/11/2013 20:35:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9143 octets] ##########
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
23 nov. 2013 à 20:50
23 nov. 2013 à 20:50
je fait quoi maintenant
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
24 nov. 2013 à 09:54
24 nov. 2013 à 09:54
Bonjour,
Lance ZHPDiag depuis le bureau,ensuite coche tout au tournevis (aide ici) puis lance l'analyse, ferme le et héberge le rapport. colle le lien dans ta prochaine réponse
@+
Lance ZHPDiag depuis le bureau,ensuite coche tout au tournevis (aide ici) puis lance l'analyse, ferme le et héberge le rapport. colle le lien dans ta prochaine réponse
@+
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 10:21
24 nov. 2013 à 10:21
Voila le rapport
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (24/11/2013 10:18:59)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 87 GB (58%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 87 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 36 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/586
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1032]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3912]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1364]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.3052]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.2952]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.3220]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.2372]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.3364]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.3464]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.860] =>Toolbar.Ask
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.4016]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.3564]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3852]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2832]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.3280]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.556]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.4556]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.944]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1288]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1780]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2028]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.2044] =>Toolbar.Ask
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.356]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.372]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.568]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.2652]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.2844]
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.2584]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.2440]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
~ BHO: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 63 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 11 Legitimates Filtered in 00mn 07s
---\\ Tâches planifiées en automatique (O39)
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
~ Logic: 88 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\mamverifier]
~ Key Software: 139 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 24/11/2013 - 09:59:37 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:27:14 - [0,354] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
~ Program Folder: 118 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
~ Files: 802 Legitimates Filtered in 00mn 05s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey [1704]
O61 - LFC: 22/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey.pub [716]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim-N_vbr_mp3.zip [664812958]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim_Without_Children.zip [648694915]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3(1).zip [445445730]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\daemonprocess.txt [0]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (.Conduit.) -- C:\Users\HASSANIN\Downloads\FileZilla_brff.exe [1125856]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (.Tim Kosse.) -- C:\Users\HASSANIN\Downloads\MainOffer1.exe [4812567]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_Alghamdi.torrent [18064]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3.zip [445445730]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sodais_And_Shuraim.zip [288973375]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sudais_Shuraim_Erdu-el-moslem.com.zip [2158879684]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103] =>PUP.MyPCBackup
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [370700]
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\GDIPFONTCACHEV1.DAT [77624]
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPDiag.txt [41961] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Norton_Removal_Tool.exe [870728]
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\adwcleaner.exe [1085542]
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [78675] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
~ 20 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 971 Legitimates Filtered in 00mn 24s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
[MD5.3E368066E475D559EECF89C82793F080] [SPRF][10/09/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\EnableExtDll.dll [93184]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\Quarantine.exe [350377]
~ Files: 8 Legitimates Filtered in 00mn 01s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D6617C32-BEA8-4373-BB3D-D0A23D4CEAE9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{5ACD988B-FF71-4B66-95E0-6BA1BAC71041}" |In - Public - P17 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
~ Firewall: 161 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 45 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008] =>Toolbar.Avira
~ WIS: 47 Legitimates Filtered in 00mn 03s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by HASSANIN at 24/11/2013 10:20:17
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x81A82912] >> \Device\Harddisk0\DR0[0x853C8AC8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 24/11/2013 10:20:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
~ Additionnel Scan: 232512 Items scanned in 00mn 19s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ MSI: 4 link(s) detected in 00mn 19s
~ 2652 Legitimates filtered by white list
End of the scan (549 lines in 01mn 40s)(0)
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (24/11/2013 10:18:59)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 87 GB (58%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 87 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 36 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/586
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1032]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3912]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1364]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.3052]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.2952]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.3220]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.2372]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.3364]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.3464]
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.860] =>Toolbar.Ask
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.4016]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.3564]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3852]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2832]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.3280]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.556]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.4556]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.944]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1288]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1780]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2028]
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.2044] =>Toolbar.Ask
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.356]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.372]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.568]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.2652]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.2844]
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.2584]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.2440]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
~ BHO: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 63 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 11 Legitimates Filtered in 00mn 07s
---\\ Tâches planifiées en automatique (O39)
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 01s
---\\ Logiciels installés (O42)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
~ Logic: 88 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\mamverifier]
~ Key Software: 139 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 24/11/2013 - 09:59:37 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:27:14 - [0,354] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
~ Program Folder: 118 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
~ Files: 802 Legitimates Filtered in 00mn 05s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey [1704]
O61 - LFC: 22/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\.android\adbkey.pub [716]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim-N_vbr_mp3.zip [664812958]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Al-Husaree_Almoalim_Without_Children.zip [648694915]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3(1).zip [445445730]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\daemonprocess.txt [0]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (.Conduit.) -- C:\Users\HASSANIN\Downloads\FileZilla_brff.exe [1125856]
O61 - LFC: 22/11/2013 - 10:19:52 ---A- . (.Tim Kosse.) -- C:\Users\HASSANIN\Downloads\MainOffer1.exe [4812567]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_Alghamdi.torrent [18064]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Saad_al-Ghaamidi_vbr_mp3.zip [445445730]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sodais_And_Shuraim.zip [288973375]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Sudais_Shuraim_Erdu-el-moslem.com.zip [2158879684]
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103] =>PUP.MyPCBackup
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [370700]
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\GDIPFONTCACHEV1.DAT [77624]
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPDiag.txt [41961] =>.Nicolas Coolman
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\Norton_Removal_Tool.exe [870728]
O61 - LFC: 23/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\Downloads\adwcleaner.exe [1085542]
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [78675] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 10:19:52 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
~ 20 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 971 Legitimates Filtered in 00mn 24s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][22/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
[MD5.3E368066E475D559EECF89C82793F080] [SPRF][10/09/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\EnableExtDll.dll [93184]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (...) -- C:\Users\HASSANIN\AppData\Local\Temp\Quarantine.exe [350377]
~ Files: 8 Legitimates Filtered in 00mn 01s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D6617C32-BEA8-4373-BB3D-D0A23D4CEAE9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{5ACD988B-FF71-4B66-95E0-6BA1BAC71041}" |In - Public - P17 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
~ Firewall: 161 Legitimates Filtered in 00mn 00s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 45 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008] =>Toolbar.Avira
~ WIS: 47 Legitimates Filtered in 00mn 03s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by HASSANIN at 24/11/2013 10:20:17
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x81A82912] >> \Device\Harddisk0\DR0[0x853C8AC8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 24/11/2013 10:20:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
~ Additionnel Scan: 232512 Items scanned in 00mn 19s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ MSI: 4 link(s) detected in 00mn 19s
~ 2652 Legitimates filtered by white list
End of the scan (549 lines in 01mn 40s)(0)
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
24 nov. 2013 à 12:10
24 nov. 2013 à 12:10
D'accord! :-)
1/
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").
Script ZHPFix
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.860] =>Toolbar.Ask
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.2044] =>Toolbar.Ask
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
[HKCU\Software\AskPartnerNetwork] => Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork => Toolbar.Ask
O43 - CFD: 22/11/2013 - 13:27:14 - [0,354] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork => Toolbar.Ask
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103]
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [370700] => Toolbar.AskPartner
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008]
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
EmptyCLSID
EmptyFlash
EmptyTemp
=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)
=> Une fois ZHPFix ouvert, clique sur "importer" puis sur "ok" et ensuite colle le texte dans la fenêtre, clique sur GO en bas de page et confirme par oui pour lancer le nettoyage des données
=> laisse travailler l'outil et ne touche à rien ...
=> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPDIAG)
===================================
Aide : <<< ZHPDiag - ZHPFix : ICI >>>
2/
Lance Malwarebytes, fais la mise à jour, choisis une analyse complète, supprime tous ce qu'il trouve puis poste le rapport stp
3/
Tu peux faire la mise à jour d'Internet explorer
@+
1/
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").
Script ZHPFix
[MD5.C9FB758B994B96E8858D6F7D1F96142D] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680] [PID.860] =>Toolbar.Ask
[MD5.BEF294FFE5F40BE768BDCBE1837DFABE] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.2044] =>Toolbar.Ask
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-00A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (.not file.) =>Toolbar.Avira
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll =>Toolbar.Ask
O4 - HKLM\..\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
[HKCU\Software\AskPartnerNetwork] => Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:43:14 - [11,140] ----D C:\Program Files\AskPartnerNetwork => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:42:39 - [0] ----D C:\ProgramData\APN => Toolbar.Ask
O43 - CFD: 19/11/2013 - 20:43:14 - [4,453] ----D C:\ProgramData\AskPartnerNetwork => Toolbar.Ask
O43 - CFD: 22/11/2013 - 13:27:14 - [0,354] ----D C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork => Toolbar.Ask
M2 - MFEP: prefs.js [HASSANIN - 316j4hzt.default\FissaPlugin-trash] [] Fissa v1.0 (..) =>PUP.OfferBox
O61 - LFC: 22/11/2013 - 10:19:53 ---A- . (...) -- C:\Users\HASSANIN\SyncFolder\MyPC Backup Guide rapide de démarrage .pdf [890103]
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash =>PUP.OfferBox^
O61 - LFC: 23/11/2013 - 10:19:29 ---A- . (...) -- C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork\Toolbar\AVIRA-V7\APNStorage.stg [370700] => Toolbar.AskPartner
[MD5.FEAA167CAD403F11684733CACF58CDA4] [SPRF][17/07/2013] (.Conduit - Pas de description.) -- C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe [78000] =>Toolbar.Conduit
O90 - PUC: "25946514D2147365007A7A857BC06000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0600}\ToolbarIcon.exe =>Toolbar.Avira
[MD5.45BC2E20FB0D0D7651D4E429332BA0A3] [WIS][19/11/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\17de790.msi [811008]
SR - | Auto 23/10/2013 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-00A7-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\Users\HASSANIN\AppData\Local\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit^
C:\Windows\Installer\17de790.msi =>Toolbar.Avira^
EmptyCLSID
EmptyFlash
EmptyTemp
=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)
=> Une fois ZHPFix ouvert, clique sur "importer" puis sur "ok" et ensuite colle le texte dans la fenêtre, clique sur GO en bas de page et confirme par oui pour lancer le nettoyage des données
=> laisse travailler l'outil et ne touche à rien ...
=> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPDIAG)
===================================
Aide : <<< ZHPDiag - ZHPFix : ICI >>>
2/
Lance Malwarebytes, fais la mise à jour, choisis une analyse complète, supprime tous ce qu'il trouve puis poste le rapport stp
3/
Tu peux faire la mise à jour d'Internet explorer
@+
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 12:58
24 nov. 2013 à 12:58
Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
Fichier d'export Registre :
Run by HASSANIN at 24/11/2013 12:54:31
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
voila le 1 rapport 1
Corbeille vidée (00mn 22s)
========== Logiciels ==========
ABSENT Uninstall Process: c:\users\hassanin\appdata\roaming\valueapps\ie\uninstaller.exe
========== Processus mémoire ==========
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
SUPPRIMÉ: Memory Process: C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe
========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
SUPPRIMÉ: CLSID BHO: {41564952-412D-5637-00A7-7A786E7484D7}
SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
SUPPRIMÉ: Service: APNMCP
SUPPRIMÉ: HKCU\Software\AskPartnerNetwork
SUPPRIMÉ: HKLM\Software\AskPartnerNetwork
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\25946514D2147365007A7A857BC06000]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\25946514D2147365007A7A857BC06000]
SUPPRIMÉ: HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {41564952-412D-5637-00A7-7A786E7484D7}
SUPPRIMÉ RunValue: ApnTBMon
========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMÉS Flash Cookies (59)
SUPPRIMÉS Temporaires Windows (65)
========== Fichiers ==========
SUPPRIMÉ: c:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe
SUPPRIMÉ: c:\program files\askpartnernetwork\toolbar\apnmcp.exe
SUPPRIMÉ: c:\users\hassanin\syncfolder\mypc backup guide rapide de démarrage .pdf
SUPPRIMÉ: C:\Windows\Installer\17de790.msi
SUPPRIMÉS Flash Cookies (30) (4 274 octets)
SUPPRIMÉS Temporaires Windows (161) (230 476 117 octets)
========== Récapitulatif ==========
3 : Processus mémoire
9 : Clés du Registre
2 : Valeurs du Registre
3 : Dossiers
6 : Fichiers
1 : Logiciels
End of clean in 00mn 59s
========== Chemin de fichier rapport ==========
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/11/2013 12:54:54 [2283]
Fichier d'export Registre :
Run by HASSANIN at 24/11/2013 12:54:31
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
voila le 1 rapport 1
Corbeille vidée (00mn 22s)
========== Logiciels ==========
ABSENT Uninstall Process: c:\users\hassanin\appdata\roaming\valueapps\ie\uninstaller.exe
========== Processus mémoire ==========
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
SUPPRIMÉ Redémarrage: Memory Process: C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
SUPPRIMÉ: Memory Process: C:\Users\HASSANIN\AppData\Local\Temp\dlLogic.exe
========== Clés du Registre ==========
SUPPRIMÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
SUPPRIMÉ: CLSID BHO: {41564952-412D-5637-00A7-7A786E7484D7}
SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
SUPPRIMÉ: Service: APNMCP
SUPPRIMÉ: HKCU\Software\AskPartnerNetwork
SUPPRIMÉ: HKLM\Software\AskPartnerNetwork
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Products\\25946514D2147365007A7A857BC06000]
SUPPRIMÉ: [HKLM\Software\Classes\Installer\Features\25946514D2147365007A7A857BC06000]
SUPPRIMÉ: HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
========== Valeurs du Registre ==========
SUPPRIMÉ: Toolbar: {41564952-412D-5637-00A7-7A786E7484D7}
SUPPRIMÉ RunValue: ApnTBMon
========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMÉS Flash Cookies (59)
SUPPRIMÉS Temporaires Windows (65)
========== Fichiers ==========
SUPPRIMÉ: c:\program files\askpartnernetwork\toolbar\updater\tbnotifier.exe
SUPPRIMÉ: c:\program files\askpartnernetwork\toolbar\apnmcp.exe
SUPPRIMÉ: c:\users\hassanin\syncfolder\mypc backup guide rapide de démarrage .pdf
SUPPRIMÉ: C:\Windows\Installer\17de790.msi
SUPPRIMÉS Flash Cookies (30) (4 274 octets)
SUPPRIMÉS Temporaires Windows (161) (230 476 117 octets)
========== Récapitulatif ==========
3 : Processus mémoire
9 : Clés du Registre
2 : Valeurs du Registre
3 : Dossiers
6 : Fichiers
1 : Logiciels
End of clean in 00mn 59s
========== Chemin de fichier rapport ==========
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/11/2013 12:54:54 [2283]
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 15:52
24 nov. 2013 à 15:52
Et voila le 2 rapport de malwarebyte
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.11.24.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
HASSANIN :: PC-DE-HASSANIN [administrateur]
Protection: Activé
24/11/2013 12:57:47
mbam-log-2013-11-24 (12-57-47).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 384125
Temps écoulé: 2 heure(s), 45 minute(s), 4 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 5
C:\Users\HASSANIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TMQ56FH\checktbexist[1].exe (PUP.Optional.Conduit) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENONHV7W\mamstub[1].exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\AppData\Roaming\ZHP\Quarantine\dllogic.exe.VIR (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\Downloads\FileZilla_brff.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\Downloads\Winzip_brff.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
(fin)
Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.11.24.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
HASSANIN :: PC-DE-HASSANIN [administrateur]
Protection: Activé
24/11/2013 12:57:47
mbam-log-2013-11-24 (12-57-47).txt
Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 384125
Temps écoulé: 2 heure(s), 45 minute(s), 4 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 5
C:\Users\HASSANIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6TMQ56FH\checktbexist[1].exe (PUP.Optional.Conduit) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENONHV7W\mamstub[1].exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\AppData\Roaming\ZHP\Quarantine\dllogic.exe.VIR (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\Downloads\FileZilla_brff.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\HASSANIN\Downloads\Winzip_brff.exe (PUP.Optional.Conduit.A) -> Mis en quarantaine et supprimé avec succès.
(fin)
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
24 nov. 2013 à 16:02
24 nov. 2013 à 16:02
Bien!
Redémarre ton PC. Ensuite fais moi un nouveau rapport ZHPDiag.
Puisque le rapport est long, héberge le comme suit :
* Rends toi sur pjjoint.malekal.com
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux héberger et clique sur Ouvrir
* Clique sur le bouton Envoyer
* Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015
* Copie le lien dans ta prochaine réponse.
@+
Redémarre ton PC. Ensuite fais moi un nouveau rapport ZHPDiag.
Puisque le rapport est long, héberge le comme suit :
* Rends toi sur pjjoint.malekal.com
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux héberger et clique sur Ouvrir
* Clique sur le bouton Envoyer
* Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015
* Copie le lien dans ta prochaine réponse.
@+
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 16:14
24 nov. 2013 à 16:14
voila le rapport et j'ai envoyer aussi sur le lien que vous m'avez dit
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (24/11/2013 16:08:25)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (58%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 39 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/587
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1516]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3552]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1448]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.2412]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.1440]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.2000]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3596]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.2880]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.3064]
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.3724]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.1520]
[MD5.A8986E339A9215B9410484814224531E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\ieuser.exe [299520] [PID.3712]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3776]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2456]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.2272]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.3080]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3236]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.948]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1268]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1784]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2016]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.296]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.528]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.888]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.2672]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.2960]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.3388]
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.3944]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 63 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\mamverifier]
~ Key Software: 136 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/11/2013 - 15:57:04 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
~ Program Folder: 114 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
~ Files: 807 Legitimates Filtered in 00mn 52s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 24/11/2013 - 16:10:24 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
O61 - LFC: 24/11/2013 - 16:10:25 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [82052] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPDiag.txt [39998] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPExportRegistry-24-11-2013-12-54-54.txt [21882] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [1479] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt [2366] =>.Nicolas Coolman
~ Files: 14 Legitimates Filtered in 00mn 25s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D6617C32-BEA8-4373-BB3D-D0A23D4CEAE9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{5ACD988B-FF71-4B66-95E0-6BA1BAC71041}" |In - Public - P17 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
~ Firewall: 161 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by HASSANIN at 24/11/2013 16:11:05
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x81A7A912] >> \Device\Harddisk0\DR0[0x85CB8820]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 24/11/2013 16:11:07
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 229593 Items scanned in 00mn 18s
~ 1719 Legitimates filtered by white list
End of the scan (457 lines in 03mn 01s)(0)
~ Rapport de ZHPDiag v2013.11.22.46 - Nicolas Coolman (22/11/2013)
~ Lancé par HASSANIN (24/11/2013 16:08:25)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):
---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 44MV3
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.0.411
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (58%) free of 150 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-HASSANIN
~ User Name: HASSANIN
~ All Users Names: HASSANIN, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HASSANIN\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HASSANIN\AppData\Roaming\
~ %Desktop% : C:\Users\HASSANIN\Desktop\
~ %Favorites% : C:\Users\HASSANIN\Favorites\
~ %LocalAppData% : C:\Users\HASSANIN\AppData\Local\
~ %StartMenu% : C:\Users\HASSANIN\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 88 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 2 Go)
F: Hard drive, Flash drive, Thumb drive (Free 39 Go of 135 Go)
G: CD-ROM drive (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.17413EF7D95632D892B4C914CD7E66F9] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 17:04:00.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:32:21.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.11/04/2009 - 07:32:55.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/587
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1516]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3552]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1448]
[MD5.5DD88D743665BCA0D70922EC49850190] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe [148712] [PID.2412]
[MD5.FD009568BE3B8118ED48F03642859CDD] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608] [PID.1440]
[MD5.B2D8F5C48913CB14B9C8CABF2469E1F0] - (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- C:\Program Files\Cyberlink\PlayMovie\PMVService.exe [177384] [PID.2000]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.3596]
[MD5.FD31F3CDEC63ECAA170A97068FE3866C] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [974848] [PID.2880]
[MD5.ED54F07E57BB1CF7BBB5C02E5C1A4385] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032] [PID.3064]
[MD5.1B29F9D1FEF53A1A1C93827F494B3434] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088] [PID.3724]
[MD5.806756B4C5F032EADC4D40C4D5E9A107] - (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe [564072] [PID.1520]
[MD5.A8986E339A9215B9410484814224531E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\ieuser.exe [299520] [PID.3712]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3776]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2456]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.2272]
[MD5.06BC146E6C2E881A7235A142BA877B82] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8262144] [PID.3080]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3236]
[MD5.F531F9B76E3E2595049F145160D280DE] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 182.1.) -- C:\Windows\system32\nvvsvc.exe [207392] [PID.948]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1268]
[MD5.3478F48B23A0D9F6EADD4A2405BA70EF] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392] [PID.1784]
[MD5.AFFE7C21A4FCA1963371F10066911D3A] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392] [PID.2016]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.296]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.528]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.888]
[MD5.6A2F29C5423200CFC5377992615FEE33] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431688] [PID.2672]
[MD5.BA4772044917FDF80ADEAB2E9C3F863B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [1164360] [PID.2960]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43904] [PID.3388]
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.3944]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HASSANIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\316j4hzt.default\prefs.js
C:\Users\HASSANIN\AppData\Roaming\Mozilla\Firefox\Profiles\9p9l3x85.default\prefs.js
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Jouer à HP Games.lnk . (...) -- C:\Program Files\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\Program [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HASSANIN]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [HASSANIN]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HASSANIN]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HASSANIN]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HASSANIN]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HASSANIN]: Athan.lnk . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - GS\Desktop [HASSANIN]: Hassanin - Raccourci.lnk . (...) -- F:\Hassanin
O4 - GS\Desktop [HASSANIN]: Sync Folder.lnk . (...) -- C:\Users\HASSANIN\SyncFolder
~ Global Startup: 63 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: WinZip Quick Pick.lnk . (.WinZip Computing, S.L. - WinZip Quick Pick.) -- C:\Program Files\WinZip\WZQKPICK32.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [PCMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-4063774554-4158981153-2877707243-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.dll
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.B06712BF5643BB55600A040F210DC218] [APT] [{41CED368-F25E-433F-B7B3-2632F7822A23}] (...) -- C:\Users\HASSANIN\Downloads\SkypeSetup [1].exe [20586496]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\mamverifier]
~ Key Software: 136 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/11/2013 - 15:57:04 - [1,228] ----D C:\Users\HASSANIN\AppData\Roaming\newnext.me
O43 - CFD: 22/11/2013 - 13:27:03 - [1,224] ----D C:\Users\HASSANIN\AppData\Local\genienext
~ Program Folder: 114 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2AD5160FB082B9E84C46AEB04520878E] - 19/11/2013 - 12:43:54 ---A- . (...) -- C:\Windows\DtcInstall.log [4257]
O44 - LFC:[MD5.88F404E02C68C4F0CFAF8EAF699721FD] - 19/11/2013 - 13:44:49 ---A- . (...) -- C:\Windows\TSSysprep.log [3652]
O44 - LFC:[MD5.63B85A580D21AF9BC788FE69854FABD7] - 19/11/2013 - 13:45:13 ---A- . (.EasyBits Software AS - EasyBits services for Windows.) -- C:\Windows\System32\ezsvc7x.dll [588472]
O44 - LFC:[MD5.C1B82F19766ADE7284AF9223E59D0E4D] - 19/11/2013 - 13:59:18 RSHA- . (...) -- C:\Windows\System32\Drivers\103C_HP_CPC_VC886AA-ABF CQ5106FR_YC_0Pres_QCNX921_E93WEv3PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.38_T090320_WUH1_L40C_M2942_J320_7AMD_8Athlon 7550 Dual-Core_92.5_#100417_N10DE03EF_Z_G10DE03D0.MRK [1738]
O44 - LFC:[MD5.18B2C06EF8DC3FAF83C074089024391E] - 19/11/2013 - 14:25:13 ---A- . (...) -- C:\Windows\System32\wlan.tmf [2501921]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 19/11/2013 - 14:32:25 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/11/2013 - 15:14:55 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.306B48A3C287BD1C670C50D6CA94FB9F] - 19/11/2013 - 15:34:02 ---A- . (...) -- C:\Windows\Athan Setup Log.txt [9787]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 20/11/2013 - 20:59:46 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 20/11/2013 - 21:00:24 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 20/11/2013 - 21:00:28 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 20/11/2013 - 21:00:31 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 20/11/2013 - 21:00:44 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 20/11/2013 - 21:00:48 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 20/11/2013 - 21:00:52 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 20/11/2013 - 21:00:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 20/11/2013 - 21:00:54 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 20/11/2013 - 21:01:01 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 20/11/2013 - 21:01:03 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
~ Files: 807 Legitimates Filtered in 00mn 52s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:32:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 24/11/2013 - 16:10:24 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\newnext.me\nengine.cookie [3072]
O61 - LFC: 24/11/2013 - 16:10:25 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\Log.txt [82052] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\TestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPDiag.txt [39998] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPExportRegistry-24-11-2013-12-54-54.txt [21882] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [1479] =>.Nicolas Coolman
O61 - LFC: 24/11/2013 - 16:10:30 ---A- . (...) -- C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt [2366] =>.Nicolas Coolman
~ Files: 14 Legitimates Filtered in 00mn 25s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {3558675E-3BE5-4FFD-8E7B-8A35EE727FEE} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {74E404C7-7331-48F9-ABCA-05923022275C} - (Yahoo!) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {B4D8A115-64B8-48D0-8480-9151204DAB9C} - (Kelkoo) - http://fr.kelkoopartners.net
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{D6617C32-BEA8-4373-BB3D-D0A23D4CEAE9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{5ACD988B-FF71-4B66-95E0-6BA1BAC71041}" |In - Public - P17 - TRUE | .(...) -- C:\Users\HASSANIN\AppData\Local\Temp\7zSF6DC.tmp\SymNRT.exe (.not file.)
~ Firewall: 161 Legitimates Filtered in 00mn 01s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/10/2013 440392 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/10/2013 440392 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/10/2013 1164360 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 08/03/2009 207392 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SS - | Demand 02/02/2009 20848 | (PCDSRVC{4F253FFC-7957E8FC-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc.pkms
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by HASSANIN at 24/11/2013 16:11:05
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x81A7A912] >> \Device\Harddisk0\DR0[0x85CB8820]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HASSANIN at 24/11/2013 16:11:07
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 12996 - (22/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 229593 Items scanned in 00mn 18s
~ 1719 Legitimates filtered by white list
End of the scan (457 lines in 03mn 01s)(0)
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
24 nov. 2013 à 18:21
24 nov. 2013 à 18:21
Bonsoir,
1/
Ce n'est pas un problème, nous avons presque fnis..
------------------------
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").
Script ZHPFix
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)
=> Une fois ZHPFix ouvert, clique sur "importer" puis sur "ok" et ensuite colle le texte dans la fenêtre, clique sur GO en bas de page et confirme par oui pour lancer le nettoyage des données
=> laisse travailler l'outil et ne touche à rien ...
=> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPDIAG)
2/
Comment va ton PC maintenant?
1/
voila le rapport et j'ai envoyer aussi sur le lien que vous m'avez ditTu n'as pas copié l'adresse du lien du rapport ZHPDiag! :-)
Ce n'est pas un problème, nous avons presque fnis..
------------------------
--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").
Script ZHPFix
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
=> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
(Sous Vista/Win7/Win8, il faut cliquer droit sur le raccourci de ZHPFix et choisir Exécuter en tant qu'administrateur)
=> Une fois ZHPFix ouvert, clique sur "importer" puis sur "ok" et ensuite colle le texte dans la fenêtre, clique sur GO en bas de page et confirme par oui pour lancer le nettoyage des données
=> laisse travailler l'outil et ne touche à rien ...
=> S'il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !
Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...
Ce rapport est copié sur le bureau
( ce rapport est en outre sauvegardé dans ce dossier C:/ZHP/ZHPDIAG)
2/
Comment va ton PC maintenant?
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 21:39
24 nov. 2013 à 21:39
bonsoir voila le rapport
Script ZHPFix
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
Script ZHPFix
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.exe
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 21:57
24 nov. 2013 à 21:57
toute a l heure j'ai pas bien compris voila le lien
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20131124_z9o8z7l13n5
et merci d'avance , et j'ai fait tout ce que vous m'avez demander et voila le rapport de ZHPFIX
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.ex
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20131124_z9o8z7l13n5
et merci d'avance , et j'ai fait tout ce que vous m'avez demander et voila le rapport de ZHPFIX
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Clé orpheline => Orphean Key not necessary
OPT:O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
OPT:O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline => Orphean Key not necessary
O51 - MPSK:{85acbe94-5118-11e3-b93e-00248c9ca416}\AutoRun\command. (...) -- I:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
OPT:O4 - HKLM\..\Run: [PlayMovie] . (.CyberLink Corp. - CyberLink PlayMovie Resident Program.) -- c:\Program Files\CyberLink\PlayMovie\PMVService.ex
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
24 nov. 2013 à 22:00
24 nov. 2013 à 22:00
pardonne je me suis trompe de rapport voila le bon rapport
Merci d'avance
Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
Fichier d'export Registre :
Run by HASSANIN at 24/11/2013 21:59:22
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Corbeille vidée (00mn 02s)
========== Récapitulatif ==========
End of clean in 00mn 02s
========== Chemin de fichier rapport ==========
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/11/2013 12:54:54 [2366]
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R2].txt - 24/11/2013 21:38:06 [887]
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R3].txt - 24/11/2013 21:59:24 [562]
Merci d'avance
Rapport de ZHPFix 2013.11.19.7 par Nicolas Coolman, Update du 19/11/2013
Fichier d'export Registre :
Run by HASSANIN at 24/11/2013 21:59:22
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Corbeille vidée (00mn 02s)
========== Récapitulatif ==========
End of clean in 00mn 02s
========== Chemin de fichier rapport ==========
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/11/2013 12:54:54 [2366]
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R2].txt - 24/11/2013 21:38:06 [887]
C:\Users\HASSANIN\AppData\Roaming\ZHP\ZHPFix[R3].txt - 24/11/2013 21:59:24 [562]
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
25 nov. 2013 à 08:28
25 nov. 2013 à 08:28
Bonjour,
Comment fonctionne ton PC maintenant ?
@+
Comment fonctionne ton PC maintenant ?
@+
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
25 nov. 2013 à 10:45
25 nov. 2013 à 10:45
le problème et résolu merci beaucoup
mais pour évite d'avoir ce genre de problème vous me conseil quoi SVP?
mais pour évite d'avoir ce genre de problème vous me conseil quoi SVP?
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
25 nov. 2013 à 11:13
25 nov. 2013 à 11:13
mais pour évite d'avoir ce genre de problème vous me conseil quoi SVP?Bon, ao moment de téléchargement des logiciels, choisis des sites sures (par exemple, évite Softonic et 01Net).
De plus tu peux suivre les procédures indiquées ci-dessous :
Mise à jour des logiciels :
Updatechecker :
Téléchage updatechecker pour t'indiquer les logiciels qui ne sont pas à jour et te permet aussi d'effectuer ces mises à jour
Tu peux l'utiliser une fois par semaine
===========================================
Suppression des outils de désinfections:
Télecharge Delfix sur ton bureau :
<<< ICI >>> ou <<< ICI >>>
* Coche la case suivante :
=> Supprimer les outils de désinfection (coché par défaut)
* Clique ensuite sur Exécuter puis patiente pendant le processus de suppression.
* Lorsque les procédures seront terminées, l'outil va se fermer et disparaître du bureau
* Un rapport est sauvegardé dans le presse-papier : il te suffit de faire un clic droit et "coller" dans ta prochaine réponse pour me poster le rapport
===========================================
Défragmentation :
Défragmente tes disques dur par defraggler
Tu peux lutiliser une fois par trimestre
===========================================
Vacciner les supports amovibles :
*Télécharge : MKV (créé par El Desaparecido) sur ton Bureau.
*Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.
*Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
*Double clique sur MKV.exe.
*Clique sur Vacciner.
===========================================
Nettoyage des fichiers et des clés de registre
* Télécharge et installe CCleaner version Slim
* Lance-le.(clic droit "en tant qu'administrateur" pour Vista et Seven) Va dans Options puis
* Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse .
** Aide ici : https://www.malekal.com/tutoriel-ccleaner/
Tu peux utiliser Ccleaner une fois par semaine
===========================================
Purger les points de restauration système
* Désactive et réactive la restauration de système en suivant les procédures indiquées dans ces liens :
Windows XP
Windows Vista
Windows 7
Windows 8
* Après avoir vidé la restauration du système, il est nécessaire de créer un nouveau point de restauration ...
===========================================
Conseils :
1/ Je te conseille d'utiliser le navigateur Firefox et d'installer les modules
complémentaires WOT pour t'indiquer les sites douteux et Adblock plus pour bloquer les publicités...
2/ Aussi tu peux garder Malwarebytes et l'utiliser aussi une fois par semaine.
3/ Un peu de lecture :
* Les dangers du Peer-To-Peer, Emule etc..
* Comment Sécuriser son ordinateur...
*Pourquoi et comment je me fais infecter
*pourquoi maintenir son navigateur à jour
hayet05
Messages postés
45
Date d'inscription
jeudi 14 novembre 2013
Statut
Membre
Dernière intervention
20 juillet 2015
25 nov. 2013 à 13:33
25 nov. 2013 à 13:33
Merci beaucoup pour ces conseil et j'ai Supprimée les outils de désinfections
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
25 nov. 2013 à 14:22
25 nov. 2013 à 14:22
Merci beaucoup pour ces conseil et j'ai Supprimée les outils de désinfectionsDe rien. Est ce que tu as lancé Delfix ?
Sois prudent et bon surf..