10 réponses
ok, ceci n'a rien à voir avec alga.exe !
/!\ Attention :
de plus en plus de programmes proposent l'installation des barres d'outils (Toolbars, case précochée), donc n'oublie pas d'utiliser le mode d'installation personnalisé et décocher la/les cases correspondantes pendant l'installation.
De plus de ceci, évite fortement les sites comme 01n@t et S@ftonic, les logiciels gratuits et libres sont repackés avec leurs barres d'outils !
Pour les tuto diffusés par Tuto4pc, Eorezo, Agence exclusif .. etc (quelque soit son nom puisqu'on le change sans arrêt !
Il faut bien lire le contrat de licence d'utilisation avant l'installation !!!
https://forum.security-x.fr/securite-generale/tuto4pc-et-accord-de-licence/
? Télécharger et enregistre ADWcleaner sur ton bureau (de Xplode) :
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Lance le,
clique sur scanner
Patiente jusqu'à la fin,
Une fois le scan terminé, clique sur le rapport
Copie et colle la totalité du rapport sur ton prochain message
/!\ Attention :
de plus en plus de programmes proposent l'installation des barres d'outils (Toolbars, case précochée), donc n'oublie pas d'utiliser le mode d'installation personnalisé et décocher la/les cases correspondantes pendant l'installation.
De plus de ceci, évite fortement les sites comme 01n@t et S@ftonic, les logiciels gratuits et libres sont repackés avec leurs barres d'outils !
Pour les tuto diffusés par Tuto4pc, Eorezo, Agence exclusif .. etc (quelque soit son nom puisqu'on le change sans arrêt !
Il faut bien lire le contrat de licence d'utilisation avant l'installation !!!
https://forum.security-x.fr/securite-generale/tuto4pc-et-accord-de-licence/
? Télécharger et enregistre ADWcleaner sur ton bureau (de Xplode) :
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Lance le,
clique sur scanner
Patiente jusqu'à la fin,
Une fois le scan terminé, clique sur le rapport
Copie et colle la totalité du rapport sur ton prochain message
# AdwCleaner v3.022 - Rapport créé le 17/03/2014 à 22:15:22
# Mis à jour le 13/03/2014 par Xplode
# Système d'exploitation : Windows 7 Professional (32 bits)
# Nom d'utilisateur : HP -
# Exécuté depuis : C:\Users\HP\Desktop\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v27.0.1 (fr)
[ Fichier : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nw3e38p6.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1014 octets] - [17/03/2014 21:44:48]
AdwCleaner[R1].txt - [909 octets] - [17/03/2014 21:56:12]
AdwCleaner[R2].txt - [968 octets] - [17/03/2014 22:00:53]
AdwCleaner[R3].txt - [1027 octets] - [17/03/2014 22:13:46]
AdwCleaner[S0].txt - [1084 octets] - [17/03/2014 21:47:49]
AdwCleaner[S1].txt - [950 octets] - [17/03/2014 22:15:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1009 octets] ##########
c le rapport de AdwCleaner qui n'a pas resolu le probleme en tout cas
# Mis à jour le 13/03/2014 par Xplode
# Système d'exploitation : Windows 7 Professional (32 bits)
# Nom d'utilisateur : HP -
# Exécuté depuis : C:\Users\HP\Desktop\adwcleaner.exe
# Option : Nettoyer
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v27.0.1 (fr)
[ Fichier : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nw3e38p6.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1014 octets] - [17/03/2014 21:44:48]
AdwCleaner[R1].txt - [909 octets] - [17/03/2014 21:56:12]
AdwCleaner[R2].txt - [968 octets] - [17/03/2014 22:00:53]
AdwCleaner[R3].txt - [1027 octets] - [17/03/2014 22:13:46]
AdwCleaner[S0].txt - [1084 octets] - [17/03/2014 21:47:49]
AdwCleaner[S1].txt - [950 octets] - [17/03/2014 22:15:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1009 octets] ##########
c le rapport de AdwCleaner qui n'a pas resolu le probleme en tout cas
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici aussi le rapport d'un antispyware ZHPDiag
~ Report of ZHPDiag v2014.3.12.13 -
~ Launched by HP (17/03/2014 22:24:55)
~ Web site address : http://n
~ Free support forums for disinfection : /apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Microsoft Security Client v4.0.1526.0
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
---\\ Information on the system
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2765 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 109 GB (72%) free of 151 GB
---\\ Connection to the system mode
~ Computer Name: OUCHEM-AZZOUZ
~ User Name: HP
~ All Users Names: HP, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\HP\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HP\AppData\Roaming\
~ %Desktop% : C:\Users\HP\Desktop\
~ %Favorites% : C:\Users\HP\Favorites\
~ %LocalAppData% : C:\Users\HP\AppData\Local\
~ %StartMenu% : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 151 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 147 Go of 147 Go)
---\\ State of the Windows Security Center
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.1E5DF19A5F053345430D7AF87943C47A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/03/2014 - 23:36:58.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/19
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 2/11
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 3/61
~ Mon Bureau (My Desktop) : 2/1981
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.0B92113765B45B1C0458593A6B87D379] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3152]
[MD5.511D37D2B50D22335BFE6CA9A5B14ADD] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [2508104] [PID.3228]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3260]
[MD5.6ECC8A2B5780B31D7FD0A88F8424262B] - (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe [5399888] [PID.3276]
[MD5.BD120A9BC95443E08A1D9E1A9B9D180E] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1008928] [PID.3308]
[MD5.4A757F66433B4511BEF5EB1E1DF04087] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [506824] [PID.3380]
[MD5.C57788BE8BE76EF6E344D74EE3DE3D42] - (.Microsoft - Windows.) -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe [185344] [PID.3580]
[MD5.4AFD08389D5F8CF1F3E3ECA8A63273D6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [3544352] [PID.4048]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (iag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8353792] [PID.5736]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nw3e38p6.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Internet Everywhere.lnk . (.WebToGo Mobiles Internet GmbH - Internet Everywhere.) -- C:\Program Files\InternetEverywhere\InternetEverywhere.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Nitro Reader.lnk . (.Nitro PDF - Nitro Reader 3.) -- C:\Program Files\Canon\Easy-WebPrint EX\NitroPDFReader.exe
O4 - GS\Desktop [Public]: ?????? ??????.lnk . (...) -- C:\Program Files\?????? ??????\autorun.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HP]: Camfrog Video Chat 6.3.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\QuickLaunch [HP]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HP]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\QuickLaunch [HP]: Upgrade to Paltalk Extreme.lnk - Orphan key
O4 - GS\TaskBar [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [HP]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HP]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HP]: Camfrog Video Chat 6.3.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\Desktop [HP]: GoldWave.lnk . (.GoldWave Inc. - GoldWave Digital Audio Editor.) -- C:\Program Files\GoldWave\GoldWave.exe
O4 - GS\Desktop [HP]: magic video converter.lnk . (...) -- C:\Program Files\Magic Video Converter\videoapp.exe
O4 - GS\Desktop [HP]: Mes documents -.lnk . (...) -- C:\Users\HP\Documents
O4 - GS\Desktop [HP]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\Desktop [HP]: Proxifier.lnk . (.Initex - Proxifier Standard Edition v3.15.) -- C:\Program Files\Proxifier\Proxifier.exe
O4 - GS\Desktop [HP]: WebCam Companion 2.lnk . (.ArcSoft Inc. - ArcSoft WebCam Companion.) -- C:\Program Files\ArcSoft\WebCam Companion 2\uWebCam.exe
~ Global Startup: 84 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - GS\Startup [Public]: Launcher.lnk . (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
O4 - GS\Startup [HP]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKUS\S-1-5-21-3449044470-3362476256-2425266981-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3449044470-3362476256-2425266981-1000\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000010\Winsock LSP File . (.No owner - Proxifier Namespace Service Provider.) -- C:\Windows\system32\PrxerNsp.dll
~ Winsock: 10 Legitimates Filtered in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_5_1_4_1.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
O42 - Logiciel: ?????? ?????? - (...) [HKLM] -- {D34E77E2-939A-461B-940C-B724813744CC}_is1
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Condut]
[HKCU\Software\Filseclab]
[HKLM\Software\Filseclab]
[HKLM\Software\mamverifier]
~ Key Software: 178 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 28/12/2012 - 00:59:12 - [793,091] ----D C:\Program Files\?????? ??????
O43 - CFD: 05/08/2012 - 02:56:48 - [0] ----D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gestion
O43 - CFD: 30/03/2012 - 16:08:05 - [0,005] ----D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GestProf
~ Program Folder: 180 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 15/03/2014 - 23:36:57 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
~ Files: 80 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{89e6258a-028a-11e2-8255-60d819d935c9}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
O51 - MPSK:{b44b54dc-e5d7-11e0-aa21-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 19/09/2012 - 19:50:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DFAA87E30868FE4CB7D335837A4BF39C] - 31/01/2013 - 10:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys [22656]
O58 - SDL:[MD5.D8C0B2EB928D57C928522EFF500C4BA8] - 20/07/2012 - 11:11:58 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys [34432]
O58 - SDL:[MD5.8075A313A5A4E0C15E5A974E8A4EEC66] - 19/09/2012 - 19:50:40 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [860928]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Last modified or created user files (O61)
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPExportRegistry-16-03-2014-01-58-40.txt [184892] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPExportRegistry-16-03-2014-01-59-01.txt [181952] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [3800] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R1].txt [3144] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R2].txt [945] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\Desktop.lnk [469]
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\Downloads.lnk [904]
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\RecentPlaces.lnk [383]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Links.go [134]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Rand.Max [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Rand.Mini [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.1 [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.2 [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.3 [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.4 [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Wait.Max [6]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Wait.Mini [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\html.html [2292]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\web.html [886]
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\Log.txt [95912] =>
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\TestsZHPDiag.txt [2718] =>.Nicolas Coolman
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.N
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPDiag.txt [29537] =>.Nicolas Coolman
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R3].txt [764] =>.N
~ 1 Fichiers temporaires (Temporary files)
~ Files: 125 Legitimates Filtered in 00mn 01s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.an.) [HKLM] -- ZHPDiag_is1 =>.
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 17/03/2014 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O64 - Services: CurCS - 15/04/2011 - C:\Windows\System32\DRIVERS\igdpmd32.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {088F1988-758E-4956-932C-7EF0AE3B2C05} - (Yahoo! Search) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {1B921AED-0BDD-43DC-9CFC-734CD4BE24A8} - (Yahoo) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.3B1569344BA1663C09D47CF20419FFED] [SPRF][20/03/2012] (...) -- C:\ProgramData\ezsid.dat [32]
[MD5.C9467E77B8DCF9E62FE69C00F19CF482] [SPRF][06/02/2014] (...) -- C:\ProgramData\patch.dll [148]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][17/03/2014] (...) -- C:\Users\HP\Desktop\adwcleaner.exe [1950720]
[MD5.8C1787B048E19DC1205290C86EB28002] [SPRF][16/03/2014] (.Elex do Brasil Participa??es Ltda - installer application.) -- C:\Users\HP\Desktop\yet_another_cleaner.exe [10170096]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HP at 17/03/2014 22:25:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
~ Additionnel Scan: 212777 Items scanned in 00mn 13s
---\\ Summary of the detections found on your workstation
~ http://s.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://n.webs.com/apps/blog/show/27328365-trojan-usyndication =>Trojan.USyndication
~ MSI: 3 link(s) detected in 00mn 13s
~ 1164 Legitimates filtered by white list
End of the scan (441 lines in 00mn 43s)(0)
~ Report of ZHPDiag v2014.3.12.13 -
~ Launched by HP (17/03/2014 22:24:55)
~ Web site address : http://n
~ Free support forums for disinfection : /apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program
---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Professional, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Microsoft Security Client v4.0.1526.0
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI
---\\ Information on the system
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2765 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 109 GB (72%) free of 151 GB
---\\ Connection to the system mode
~ Computer Name: OUCHEM-AZZOUZ
~ User Name: HP
~ All Users Names: HP, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\HP\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HP\AppData\Roaming\
~ %Desktop% : C:\Users\HP\Desktop\
~ %Favorites% : C:\Users\HP\Favorites\
~ %LocalAppData% : C:\Users\HP\AppData\Local\
~ %StartMenu% : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 151 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 147 Go of 147 Go)
---\\ State of the Windows Security Center
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.1E5DF19A5F053345430D7AF87943C47A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.15/03/2014 - 23:36:58.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.06/09/2012 - 17:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/19
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 2/11
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 3/61
~ Mon Bureau (My Desktop) : 2/1981
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.0B92113765B45B1C0458593A6B87D379] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.3152]
[MD5.511D37D2B50D22335BFE6CA9A5B14ADD] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe [2508104] [PID.3228]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3260]
[MD5.6ECC8A2B5780B31D7FD0A88F8424262B] - (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe [5399888] [PID.3276]
[MD5.BD120A9BC95443E08A1D9E1A9B9D180E] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1008928] [PID.3308]
[MD5.4A757F66433B4511BEF5EB1E1DF04087] - (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe [506824] [PID.3380]
[MD5.C57788BE8BE76EF6E344D74EE3DE3D42] - (.Microsoft - Windows.) -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe [185344] [PID.3580]
[MD5.4AFD08389D5F8CF1F3E3ECA8A63273D6] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [3544352] [PID.4048]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (iag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8353792] [PID.5736]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\nw3e38p6.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Internet Everywhere.lnk . (.WebToGo Mobiles Internet GmbH - Internet Everywhere.) -- C:\Program Files\InternetEverywhere\InternetEverywhere.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Nitro Reader.lnk . (.Nitro PDF - Nitro Reader 3.) -- C:\Program Files\Canon\Easy-WebPrint EX\NitroPDFReader.exe
O4 - GS\Desktop [Public]: ?????? ??????.lnk . (...) -- C:\Program Files\?????? ??????\autorun.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [HP]: Camfrog Video Chat 6.3.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\QuickLaunch [HP]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [HP]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\QuickLaunch [HP]: Upgrade to Paltalk Extreme.lnk - Orphan key
O4 - GS\TaskBar [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [HP]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [HP]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [HP]: Camfrog Video Chat 6.3.lnk . (.Camshare Inc. - Camfrog Video Chat.) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - GS\Desktop [HP]: GoldWave.lnk . (.GoldWave Inc. - GoldWave Digital Audio Editor.) -- C:\Program Files\GoldWave\GoldWave.exe
O4 - GS\Desktop [HP]: magic video converter.lnk . (...) -- C:\Program Files\Magic Video Converter\videoapp.exe
O4 - GS\Desktop [HP]: Mes documents -.lnk . (...) -- C:\Users\HP\Documents
O4 - GS\Desktop [HP]: Paltalk Messenger.lnk . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - GS\Desktop [HP]: Proxifier.lnk . (.Initex - Proxifier Standard Edition v3.15.) -- C:\Program Files\Proxifier\Proxifier.exe
O4 - GS\Desktop [HP]: WebCam Companion 2.lnk . (.ArcSoft Inc. - ArcSoft WebCam Companion.) -- C:\Program Files\ArcSoft\WebCam Companion 2\uWebCam.exe
~ Global Startup: 84 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Bluetooth.lnk . (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - GS\Startup [Public]: Launcher.lnk . (...) -- C:\Program Files\InternetEverywhere\InternetEverywhere_Launcher.exe
O4 - GS\Startup [HP]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
O4 - HKUS\S-1-5-21-3449044470-3362476256-2425266981-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3449044470-3362476256-2425266981-1000\..\Run: [ManyCam] . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} . (.AVM Software Inc. - Paltalk Messenger.) -- C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000010\Winsock LSP File . (.No owner - Proxifier Namespace Service Provider.) -- C:\Windows\system32\PrxerNsp.dll
~ Winsock: 10 Legitimates Filtered in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} ((no name)) - http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_5_1_4_1.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D046EF2-8FA0-4554-8772-8622A08AADE1}: NameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpNameServer = 192.168.18.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B842A0F-CACB-4F91-8F7F-CC7D1406A312}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{20BFE635-35F4-415B-9AFB-49CEED3E0A22}: DhcpDomain = bits.com.tn
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps =>Toolbar.Conduit
O42 - Logiciel: ?????? ?????? - (...) [HKLM] -- {D34E77E2-939A-461B-940C-B724813744CC}_is1
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Condut]
[HKCU\Software\Filseclab]
[HKLM\Software\Filseclab]
[HKLM\Software\mamverifier]
~ Key Software: 178 Legitimates Filtered in 00mn 00s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 28/12/2012 - 00:59:12 - [793,091] ----D C:\Program Files\?????? ??????
O43 - CFD: 05/08/2012 - 02:56:48 - [0] ----D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gestion
O43 - CFD: 30/03/2012 - 16:08:05 - [0,005] ----D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GestProf
~ Program Folder: 180 Legitimates Filtered in 00mn 00s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 15/03/2014 - 23:36:57 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
~ Files: 80 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{89e6258a-028a-11e2-8255-60d819d935c9}\AutoRun\command. (...) -- F:\.\Setup.exe (.not file.)
O51 - MPSK:{b44b54dc-e5d7-11e0-aa21-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 19/09/2012 - 19:50:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DFAA87E30868FE4CB7D335837A4BF39C] - 31/01/2013 - 10:50:58 ---A- . (.ManyCam LLC - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv.sys [22656]
O58 - SDL:[MD5.D8C0B2EB928D57C928522EFF500C4BA8] - 20/07/2012 - 11:11:58 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- C:\Windows\System32\Drivers\mcvidrv.sys [34432]
O58 - SDL:[MD5.8075A313A5A4E0C15E5A974E8A4EEC66] - 19/09/2012 - 19:50:40 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [860928]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Last modified or created user files (O61)
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPExportRegistry-16-03-2014-01-58-40.txt [184892] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPExportRegistry-16-03-2014-01-59-01.txt [181952] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [3800] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R1].txt [3144] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R2].txt [945] =>.
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\Desktop.lnk [469]
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\Downloads.lnk [904]
O61 - LFC: 16/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\Links\RecentPlaces.lnk [383]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Links.go [134]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Rand.Max [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Rand.Mini [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.1 [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.2 [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.3 [4]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Selection.4 [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Wait.Max [6]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\Wait.Mini [2]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\html.html [2292]
O61 - LFC: 17/03/2014 - 22:25:09 ---A- . (...) -- C:\Users\HP\AppData\Local\web.html [886]
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\Log.txt [95912] =>
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\TestsZHPDiag.txt [2718] =>.Nicolas Coolman
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.N
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPDiag.txt [29537] =>.Nicolas Coolman
O61 - LFC: 17/03/2014 - 22:25:10 ---A- . (...) -- C:\Users\HP\AppData\Roaming\ZHP\ZHPFix[R3].txt [764] =>.N
~ 1 Fichiers temporaires (Temporary files)
~ Files: 125 Legitimates Filtered in 00mn 01s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.an.) [HKLM] -- ZHPDiag_is1 =>.
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 17/03/2014 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O64 - Services: CurCS - 15/04/2011 - C:\Windows\System32\DRIVERS\igdpmd32.sys (intelkmd) .(.Intel Corporation - Intel Graphics Kernel Mode Driver.) - LEGACY_INTELKMD
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {088F1988-758E-4956-932C-7EF0AE3B2C05} - (Yahoo! Search) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {1B921AED-0BDD-43DC-9CFC-734CD4BE24A8} - (Yahoo) - https://search.yahoo.com/
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.3B1569344BA1663C09D47CF20419FFED] [SPRF][20/03/2012] (...) -- C:\ProgramData\ezsid.dat [32]
[MD5.C9467E77B8DCF9E62FE69C00F19CF482] [SPRF][06/02/2014] (...) -- C:\ProgramData\patch.dll [148]
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][17/03/2014] (...) -- C:\Users\HP\Desktop\adwcleaner.exe [1950720]
[MD5.8C1787B048E19DC1205290C86EB28002] [SPRF][16/03/2014] (.Elex do Brasil Participa??es Ltda - installer application.) -- C:\Users\HP\Desktop\yet_another_cleaner.exe [10170096]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HP at 17/03/2014 22:25:24
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
~ Additionnel Scan: 212777 Items scanned in 00mn 13s
---\\ Summary of the detections found on your workstation
~ http://s.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://n.webs.com/apps/blog/show/27328365-trojan-usyndication =>Trojan.USyndication
~ MSI: 3 link(s) detected in 00mn 13s
~ 1164 Legitimates filtered by white list
End of the scan (441 lines in 00mn 43s)(0)
ok,
* /!\ Avertissement /!\,
* ce script est seulement valable pour ce pc, en cours du nettoyage, à ne pas utiliser sur un autre pc, risque de plantage !
* Lance ZHPFix via le raccourci sur ton Bureau, l'icône est sous forme de seringue.
/!\Utilisateur de Vista, Seven et W8 :
* Clique droit sur le logo de ZHPfix, « exécuter en tant qu'Administrateur »
Clique sur « importer »
Tu vas voir apparaitre un message d'avertissement, clique sur Ok.
* * Copie ( Ctrl + C ) et colle ( Ctrl + V ) les lignes suivantes en gras dans la fenêtre de Zhpfix :
---------------------------------------------------------
Script Zhpfix
[MD5.C57788BE8BE76EF6E344D74EE3DE3D42] - (.Microsoft - Windows.) -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe [185344] [PID.3580]
O64 - Services: CurCS - 17/03/2014 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD [HKCU\Software\USyndication]
[HKCU\Software\usyndication.com]
O51 - MPSK:{b44b54dc-e5d7-11e0-aa21-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps
[HKLM\Software\mamverifier] [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid
----------------------------------------------------------
- Clique sur le bouton « GO » pour lancer le nettoyage,
- confirme le nettoyage
- Héberge le rapport ZHPFIX.txt sur
https://www.cjoint.com/
ou
https://up2sha.re/
puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
Tuto en bas de cette page :
http://nicolascoolman.webs.com/tutorials.htm
* /!\ Avertissement /!\,
* ce script est seulement valable pour ce pc, en cours du nettoyage, à ne pas utiliser sur un autre pc, risque de plantage !
* Lance ZHPFix via le raccourci sur ton Bureau, l'icône est sous forme de seringue.
/!\Utilisateur de Vista, Seven et W8 :
* Clique droit sur le logo de ZHPfix, « exécuter en tant qu'Administrateur »
Clique sur « importer »
Tu vas voir apparaitre un message d'avertissement, clique sur Ok.
* * Copie ( Ctrl + C ) et colle ( Ctrl + V ) les lignes suivantes en gras dans la fenêtre de Zhpfix :
---------------------------------------------------------
Script Zhpfix
[MD5.C57788BE8BE76EF6E344D74EE3DE3D42] - (.Microsoft - Windows.) -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe [185344] [PID.3580]
O64 - Services: CurCS - 17/03/2014 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD [HKCU\Software\USyndication]
[HKCU\Software\usyndication.com]
O51 - MPSK:{b44b54dc-e5d7-11e0-aa21-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU] -- ValueApps
[HKLM\Software\mamverifier] [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps]
EmptyPrefetch
ShortcutFix
Emptytemp
EmptyClsid
----------------------------------------------------------
- Clique sur le bouton « GO » pour lancer le nettoyage,
- confirme le nettoyage
- Héberge le rapport ZHPFIX.txt sur
https://www.cjoint.com/
ou
https://up2sha.re/
puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
Tuto en bas de cette page :
http://nicolascoolman.webs.com/tutorials.htm