Sujet Précédent Sujet Suivant

PC devenu très lent

Résolu/Fermé
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 - 2 avril 2013 à 15:09
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 - 15 avril 2013 à 22:37
Bonjour, depuis plusieurs semaines mon pc est devenu très lent. J'ai effectué plusieurs analyses avec kaspersky qui n'a détecté aucun virus.
J'ai l'impression qu'il y a une application qui tourne en background.
Comment rendre le pc plus performant?



A voir également:

10 réponses

Réponse 1 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
2 avril 2013 à 16:39
Bonjour,

Je te réponds à la demande de buckhulk, qui est occupé.

Peux-tu utiliser ce logiciel de diagnostic, ça me permettra de t'aider :

¶ Télécharge ZHPDiag (de Nicolas Coolman)
¶ Lance le (si tu es sous Windows Vista ou Windows 7, fais le par un clic-droit --> Exécuter en tant qu'administrateur)
¶ Laisse toi guider lors de l'installation (pense à cocher la case pour créer un raccourci sur le Bureau)
¶ Il se lancera automatiquement à la fin de l'installation
¶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
¶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
¶ Rends toi sur ce site, clique sur "Parcourir", sélectionne le rapport de ZHPDiag et clique sur Envoyer le fichier. Patiente pendant l'envoi du fichier, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
1
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
3 avril 2013 à 15:59
Merci d'avance:
lien du rapport:

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130403_w13r12w12n12f11
0
Réponse 2 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
3 avril 2013 à 19:22
Bonjour,

Ton ordinateur est infecté par des logiciels publicitaires... Pour éviter ce genre de problème :
- Ne télécharge pas n'importe quel programme gratuit sans te renseigner dessus
- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects, préfère les sites connus ou le téléchargement directement sur le site de l'éditeur.
- Lis attentivement lorsque tu installes un programme gratuit, et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !
Stop les publicités intempestives et programmes parasites
_______________________________________________________________

1) A désinstaller via menu démarrer > panneau de configuration > programmes et fonctionnalités :
-Yontoo 2.051

2) Utilise cet outil de désinfection spécifique aux logiciels publicitaires :

*Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
*Lance le puis clique sur [Suppression]. Sauvegarde tout travail en cours puis accepte la fermeture des programmes en cours d'exécution.
*Patiente le temps du nettoyage.
*Une fois le scan fini, il te sera proposé de redémarrer.
*Au redémarrage du PC, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
*Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

3) Utilise ce logiciel de désinfection généraliste :

¶ Télécharge et installe Malwarebytes' Anti-Malware
¶ A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
¶ Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
¶ Sélectionne tes disques durs" puis clique sur "Lancer l'examen"
¶ A la fin de l'analyse, clique sur Afficher les résultats
¶ Coche tous les éléments détectés puis clique sur Supprimer la sélection
¶ Enregistre le rapport
¶ S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
¶ Poste dans ta prochaine réponse le rapport apparaissant après la suppression
1
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
3 avril 2013 à 20:07
Le rapport de AdwCleaner:

# AdwCleaner v2.200 - Rapport créé le 03/04/2013 à 18:02:14
# Mis à jour le 02/04/2013 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (32 bits)
# Nom d'utilisateur : BEN AJMCI - BENAJMCI
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\BEN AJMCI\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : Yontoo Desktop Updater

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\Yontoo
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Babylon
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Conduit
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Local\PutLockerDownloader
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Roaming\OpenCandy
Dossier Supprimé : C:\Users\BEN AJMCI\AppData\Roaming\Yontoo
Fichier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Fichier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_images.search.conduit.com_0.localstorage-journal
Fichier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Fichier Supprimé : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Supprimé au redémarrage : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp

***** [Registre] *****

Clé Supprimée : HKCU\Software\1ClickDownload
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Clé Supprimée : HKCU\Software\Headlight
Clé Supprimée : HKCU\Software\IGearSettings
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : HKLM\SOFTWARE\Classes\oneclick
Clé Supprimée : HKLM\SOFTWARE\Classes\oneclickmg
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Clé Supprimée : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKLM\Software\Tarma Installer
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16470

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119776&tl=wgkn448278&babsrc=HP_ss&mntrId=747818A90538F6CF --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.43

Fichier : C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.28] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Supprimée [l.31] : keyword = "delta-search.com",
Supprimée [l.35] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&tl=wgkn448278&babsrc=[...]
Supprimée [l.2246] : homepage = "hxxp://www.delta-search.com/?affID=119776&tl=wgkn448278&babsrc=HP_ss&mntrId=747818A9[...]

*************************

AdwCleaner[S1].txt - [8304 octets] - [03/04/2013 18:02:14]

########## EOF - C:\AdwCleaner[S1].txt - [8364 octets] ##########
0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
3 avril 2013 à 21:39
Le rapport d'analyse de MBAM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Version de la base de données: v2013.04.03.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
BEN AJMCI :: BENAJMCI [administrateur]

03/04/2013 18:26:06
mbam-log-2013-04-03 (18-26-06).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|L:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 432240
Temps écoulé: 1 heure(s), 11 minute(s), 37 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 3
C:\Users\BEN AJMCI\Desktop\MiroVideoConverter_Setup.exe (PUP.BundleInstaller.OI) -> Mis en quarantaine et supprimé avec succès.
C:\Users\BEN AJMCI\Desktop\mini-KMS_Activator_v1.052\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\bkstsc.acn (Trojan.FakeMS) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 3 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
4 avril 2013 à 07:26
Bonjour,

Ok, ouvre Malwarebytes > quarantaine > tout supprimer.


*Télécharger sur le bureau RogueKiller (par tigzy)
*Quitter tous les programmes en cours
*Lancer RogueKiller.exe
* Attendre la fin du Prescan ...
*Cliquer sur Scan.
*A la fin du scan Cliquer sur Rapport et copier coller le contenu du notepad dans ta réponse
Pour t'aider
1
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
4 avril 2013 à 15:56
Merci,
Rapport du scan:

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : BEN AJMCI [Droits d'admin]
Mode : Recherche -- Date : 04/04/2013 13:55:44
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\BEN AJMCI\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3530667064-976285209-3027803733-1000[...]\Run : Yontoo Desktop ("C:\Users\BEN AJMCI\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0x8FAAF35B)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0x8FAE5942)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++
--- User ---
[MBR] 29284cebeb293726c4acdb2a853012c7
[BSP] 131e77ac618fa274983ab5a7ac93fd33 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1023 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2097152 | Size: 30720 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 65011712 | Size: 270101 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 618178560 | Size: 3398 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_04042013_135544.txt >>
RKreport[1]_S_04042013_135544.txt
0
Réponse 4 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
4 avril 2013 à 18:36
*Quitter tous les programmes en cours
*Lancer RogueKiller.exe
* Attendre la fin du Prescan ...
*Cliquer sur Suppression. Cliquer sur Rapport et copier coller le contenu du notepad dans ta réponse
Pour t'aider

- A suivre :
*Lance ZHPDiag clique sur "Options" (en haut à droite)
*Clique sur "Tous" referme la fenêtre
*Clique sur la "loupe" pour lancer l'analyse (héberge le rapport)
Pour t'aider
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
11 avril 2013 à 15:22
Bonjour,

Ceci : 
System drive C: has 5 GB (17%) free of 30 GB    => Seuil critique dépassé
Pense à désinstaller les programmes/logiciels qui ne te servent plus ou peu.

On finalise :)
________________________________________________________________


1) Ce script va cibler certains éléments à supprimer : 

SysRestore
G1 - GCS: Preference [User Data\Default] http://www.delta-search.com
O4 - GS\Desktop: Stylus SX110 - Raccourci.lnk - Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [{351B0E42-59CE-4FA2-8024-868C2E6038FC}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9BF37F88-0ECD-4797-AF80-1F94F6DDB5A2}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA3F232A-64B6-456E-83CD-1551B46CAAF3}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FB4A7F8D-70A3-4756-BAF6-D5F8848C316C}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
FirewallRaz
EmptyTemp


* Sélectionne le script en entier et copie le (Édition --> Copier)
* Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en tant qu'administrateur"
* Clique sur l'icône représentant le presse-papier (« coller le presse-papier »)
* Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
>>les lignes ci-dessus sont celles qui doivent apparaître dans la fenêtre de ZHPFix. Si ce n'est pas le cas, ne surtout pas cliquer sur le bouton GO. Il faut veiller à bien copier les lignes<<
* Clique sur le bouton « GO » pour lancer le nettoyage,
* Copie/colle la totalité du rapport dans ta prochaine réponse

2) Sécuriser ses navigateurs :
Si ce n'est pas déjà fait, installe Wot sur tes navigateurs :
https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
-Adblock plus > Firefox > Chrome

3) Vacciner les supports amovibles :
*Télécharge MKV (créé par El Desaparecido) sur ton Bureau.
*Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement.
*Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
*Double clique sur MKV.exe.
*Clique sur Vacciner.

4) Il faut supprimer tous les outils que nous avons utilisés :
Télécharge DelFix (de Xplode) sur ton Bureau --> Lance le et coche toutes les cases sauf "Effectuer une sauvegarde du registre" --> Clique ensuite sur Exécuter.
* Le rapport sera enregistré dans le presse-papier. Copie/Colle le dans ta prochaine réponse (Ouvre le Bloc-Note et fais Coller pour faire apparaître le rapport).

5) Optimisation :
* Télécharge CCleaner, lance le.
* Clique sur Nettoyeur >> Analyse >> Lancer le nettoyage, puis sur OK dans la fenêtre qui s'affiche.
* Enfin, clique sur Registre >> corrige toutes les erreurs et recommence jusqu'à ce que CCleaner ne trouve plus d'erreurs.

* Télécharge Defraggler. Installe le (décoche l'installation de la barre d'outil Yahoo qui est proposée lors de l'installation) puis lance le.
Ferme tous tes autres programmes, sélectionne ton disque dur et clique sur "Défragmentation rapide".

6) Prévention :
Je te conseille vivement de lire cet article qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet

7) Précautions :
Fais régulièrement une sauvegarde de tes documents importants sur un support externe (disque dur externe, CD/DVD réinscriptible...)
Ici, nous avons pu désinfecter ton ordinateur, mais ce n'est pas toujours le cas. Certaines infections cryptent les documents et demandent une rançon pour les récupérer, d'autres les modifient pour diffuser des infections, obligeant donc à les effacer... Il faut donc toujours avoir une sauvegarde saine de tes documents, sinon tu risques de les perdre.

Conseils :
-Désinstalles tout ce qui ne te sert pas, ça te fait de l'espace en plus.
-Il est important d'avoir les dernières mises à jour sur ton PC. En effet, celles ci corrigent des failles de sécurité qui peuvent parfois être exploitées par un programme malveillant.
-Garde Malwarebyte's et passe des scans complet de temps en temps, ne pas oublier de le mettre à jour avant un scan.



Bonne lecture et bon courage, n'hésite pas à poser des questions en cas de besoin ;)

J'attends les rapports ZHPFix et DelFix.

Passer un sujet en résolu
1
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
13 avril 2013 à 13:47
rapport de ZHPFix

Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
Fichier d'export Registre :
Run by BEN AJMCI at 13/04/2013 11:43:59
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Corbeille vidée

========== Valeur(s) du Registre ==========
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
SUPPRIME FirewallRaz (Public) : {75E6EF69-03F2-44A1-A4D5-128CF9224BEF}
SUPPRIME FirewallRaz (Public) : {95406FD1-A62E-4629-9F46-A5D5929E55C5}
SUPPRIME FirewallRaz (Public) : {9E11F95D-5375-4FAC-8DC2-1E71DF73ACF8}
SUPPRIME FirewallRaz (Public) : {9045B2EF-1F6B-421D-B444-CFB99F3EC8C7}
SUPPRIME FirewallRaz (Public) : {AC14A6CD-67F9-4C97-8772-363A89B36B54}
SUPPRIME FirewallRaz (Public) : {C818C657-AB66-4C91-8ED2-D102767FBAF4}
SUPPRIME FirewallRaz (Public) : {F9EA9BFE-5EAC-48A2-9E86-64EB65DFBC5E}
SUPPRIME FirewallRaz (Public) : {1285E556-BD91-4723-888F-DC062D7F1A60}
SUPPRIME FirewallRaz (Public) : {35C3C2EF-19C8-4F07-897C-39AB0A9C3DEF}
SUPPRIME FirewallRaz (Public) : {8D2FA55F-FFD3-40A0-A54F-392D6C734121}
SUPPRIME FirewallRaz (Public) : {F4376C7C-7ED5-4962-AAFD-CC72394DF637}
SUPPRIME FirewallRaz (Public) : {2515657B-A8FE-4097-9E06-CCA1300C69EA}
SUPPRIME FirewallRaz (Public) : {2FC37DCE-0822-4C78-9D68-0A693146B6F5}
SUPPRIME FirewallRaz (Public) : {49B873BB-2BD9-42DE-8402-833948DBB787}
SUPPRIME FirewallRaz (Public) : {3A07CD16-85EA-42D0-9124-883992F981AD}
SUPPRIME FirewallRaz (Public) : {4702E2F1-4EE3-4ACA-9C04-8B01D4BDA647}
SUPPRIME FirewallRaz (Public) : {33C70302-9E90-406A-A845-24709F810854}
SUPPRIME FirewallRaz (Public) : {C822164F-8752-49FC-99DD-8E62F84ABD2C}
SUPPRIME FirewallRaz (Public) : {E14D736B-91B0-4648-B7FF-4D201E27F991}
SUPPRIME FirewallRaz (Public) : {9AAF3949-1A1A-49ED-91A9-4B85E80C25F0}
SUPPRIME FirewallRaz (Public) : {45745475-BCD6-4024-8AF6-BE0F16C7EAAB}
SUPPRIME FirewallRaz (Public) : {3DEF2444-8F16-443F-82C4-E87D0B31F608}
SUPPRIME FirewallRaz (Public) : {4B604429-A35F-4B60-A5A3-6802CF836435}
SUPPRIME FirewallRaz (Public) : {8B9FA427-1BD6-4A90-910B-D8E2CD00BA3F}
SUPPRIME FirewallRaz (Public) : {F6E2DA7B-CF9B-419B-AB42-A6609B783E9D}
SUPPRIME FirewallRaz (Public) : {EE14373C-B0EF-4352-A5E2-6A88BCC6ACA1}
SUPPRIME FirewallRaz (Public) : {96DD7C38-4DA7-4D20-BD76-BDD58FAB2B3A}
SUPPRIME FirewallRaz (Public) : {B6B382D6-F093-4466-8D63-436D8DFBF110}
SUPPRIME FirewallRaz (Public) : {2E310203-7858-404B-881D-577905399C6A}
SUPPRIME FirewallRaz (Public) : {FE468246-FA10-4AA3-B4CA-FDCD82B9612F}
SUPPRIME FirewallRaz (Public) : {4F518DA9-6AB9-46DB-9CEF-BAB146453067}
SUPPRIME FirewallRaz (Public) : {CB01E92C-D95E-4B8A-A4BB-B6519F83565B}
SUPPRIME FirewallRaz (Public) : {3C5D0A81-708A-46C6-A5E5-AFD380D16C13}
SUPPRIME FirewallRaz (Public) : {E5CA3A0B-30E7-4F65-9DF3-8005FE9DB60A}
SUPPRIME FirewallRaz (Public) : {739E8AD9-2458-42A5-BDB7-0C5ACCBCE9CF}
SUPPRIME FirewallRaz (Public) : {25325909-0672-4035-975D-4E4AADDBA84C}
SUPPRIME FirewallRaz (Public) : {A9990382-3017-4E6B-B735-17F3839E0983}
SUPPRIME FirewallRaz (Public) : {A61850D6-63EF-4349-827C-D8E5D5D19D44}
SUPPRIME FirewallRaz (Public) : {F1DBB125-3E3B-4DC8-9C3F-FB5C8F82A770}
SUPPRIME FirewallRaz (Public) : {4FBADE64-F1E8-432C-8912-55C960A64597}
SUPPRIME FirewallRaz (Public) : {403DA0EF-C1E5-4505-AF13-E235623D42E8}
SUPPRIME FirewallRaz (Public) : {15AD9CF6-27F7-4686-A245-82F75121A973}
SUPPRIME FirewallRaz (Public) : {2AC39B69-5D49-44D1-82D0-F1BD3D51993E}
SUPPRIME FirewallRaz (Public) : {F8FDA35C-6877-4702-9FA7-650D264E6B6E}
SUPPRIME FirewallRaz (Public) : {F1D80193-D880-4485-B7B3-20319461977E}
SUPPRIME FirewallRaz (Public) : {9CBC2BA9-B22E-48E5-824F-431A270DCBB0}
SUPPRIME FirewallRaz (Public) : {3B93FD82-004D-489A-982E-D14925E07C9D}
SUPPRIME FirewallRaz (Public) : {F9A5779F-2D67-4593-8490-704C6D5D299F}
SUPPRIME FirewallRaz (Public) : {ED1881F2-BFAF-4C89-9BCB-2C82FAD8AECD}
SUPPRIME FirewallRaz (Public) : {5A25F1AE-D429-4F6F-8EC1-3C3592A8164E}
SUPPRIME FirewallRaz (Public) : {A94CCDB4-AA9D-4533-BD35-642DAAE08EDE}
SUPPRIME FirewallRaz (Public) : {DCC3B917-F612-44F7-895C-AD23F1F4A91C}
SUPPRIME FirewallRaz (Public) : {DFD2CCBB-4568-49B2-8725-10DDD1A73846}
SUPPRIME FirewallRaz (Public) : {A09C6BC0-298D-460E-B1C9-204BC8BA0553}
SUPPRIME FirewallRaz (Public) : {DF306EB5-C94A-4826-8A40-2AB0B4A56725}
SUPPRIME FirewallRaz (Public) : {F0862FD2-1EC2-4D76-BD1B-16BB2DC5FD69}
SUPPRIME FirewallRaz (Public) : {DC3AE259-A102-41B6-9895-FF09567BA443}
SUPPRIME FirewallRaz (Public) : {8E22CADB-342F-4E75-91E4-5F683872DD13}
SUPPRIME FirewallRaz (Public) : {0E4B7A6B-EADE-47CE-A359-723D4C1E7E48}

========== Préférences navigateur ==========
PRESENT Chrome File: C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Preferences
SUPPRIME Chrome Site: http://www.delta-search.com
SUPPRIME Chrome Site: http://www.delta-search.com

========== Dossier(s) ==========
SUPPRIME Temporaires Windows

========== Fichier(s) ==========
SUPPRIME File: c:\users\ben ajmci\desktop\stylus sx110 - raccourci.lnk
SUPPRIME Temporaires Windows

========== Tache planifiée ==========
SUPPRIME Task: {351B0E42-59CE-4FA2-8024-868C2E6038FC}
SUPPRIME Task: {9BF37F88-0ECD-4797-AF80-1F94F6DDB5A2}
SUPPRIME Task: {DA3F232A-64B6-456E-83CD-1551B46CAAF3}
SUPPRIME Task: {FB4A7F8D-70A3-4756-BAF6-D5F8848C316C}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
61 : Valeur(s) du Registre
1 : Dossier(s)
2 : Fichier(s)
3 : Préférences navigateur
4 : Tache planifiée
1 : Restauration Système


End of clean in 00mn 21s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2013 13:21:21 [3749]
C:\ZHP\ZHPFix[R2].txt - 10/04/2013 12:56:44 [3382]
C:\ZHP\ZHPFix[R3].txt - 13/04/2013 11:44:00 [5818]
0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
13 avril 2013 à 13:57
Rapport de DelFix

y# DelFix v10.2 - Rapport créé le 13/04/2013 à 11:54:47
# Mis à jour le 02/04/2013 par Xplode
# Nom d'utilisateur : BEN AJMCI - BENAJMCI

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\ZHP
Supprimé : C:\Users\BEN AJMCI\Desktop\RK_Quarantine
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Users\BEN AJMCI\Desktop\ZHPDiag.txt
Supprimé : C:\Users\BEN AJMCI\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\BEN AJMCI\Downloads\ZHPDiag2.exe
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration système ...

Supprimé : RP #188 [P | 04/13/2013 11:43:43]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########
0
Réponse 6 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
15 avril 2013 à 22:29
Bonsoir,

Impeccable, bon surf ;)
1
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
15 avril 2013 à 22:37
Grande merci mon PC va bien mieux.
0
Réponse 7 / 10
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
8 avril 2013 à 15:25
Rapport de RogueKiller:
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : BEN AJMCI [Droits d'admin]
Mode : Suppression -- Date : 08/04/2013 13:24:36
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0xAE62B35B)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0xAE661942)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++
--- User ---
[MBR] 29284cebeb293726c4acdb2a853012c7
[BSP] 131e77ac618fa274983ab5a7ac93fd33 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1023 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2097152 | Size: 30720 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 65011712 | Size: 270101 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 618178560 | Size: 3398 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[4]_D_08042013_132436.txt >>
RKreport[1]_S_04042013_135544.txt ; RKreport[2]_D_04042013_135907.txt ; RKreport[3]_S_08042013_132350.txt ; RKreport[4]_D_08042013_132436.txt
0
Réponse 8 / 10
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
8 avril 2013 à 15:36
Rapport de ZHPDiag

Rapport de ZHPDiag v2013.4.2.8 par Nicolas Coolman, Update du 03/04/2013
Run by BEN AJMCI at 08/04/2013 13:26:32
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v26.0.1410.43 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (9%) free of 30 GB

---\\ Logged in mode
~ Computer Name: BENAJMCI
~ User Name: BEN AJMCI
~ All Users Names: BEN AJMCI, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\BEN AJMCI\AppData\Roaming\
~ %Desktop% : C:\Users\BEN AJMCI\Desktop\
~ %Favorites% : C:\Users\BEN AJMCI\Favorites\
~ %LocalAppData% : C:\Users\BEN AJMCI\AppData\Local\
~ %StartMenu% : C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 30 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 127 Go of 264 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 3 Go)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 03:30:21.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 08:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 08:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 17:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 08:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/13
~ Mes musiques (My Musics) : 1/55
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 4/284
~ Mon Bureau (My Desktop) : 10/129
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.2864]
[MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.1716]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.3720]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.3704]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.3652]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.3764]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.796]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.1708]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3868]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.5672]
[MD5.A854BC2D2AD9856F6B84C7870FF246D9] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [706776] [PID.6000]
[MD5.95FB55B85D0AFC0962443808383C5588] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6396416] [PID.3500]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.delta-search.com
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.5.635.) -- C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ BHO: 8 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] . (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Dll-Files Fixer.lnk . (.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: GESTCDA.lnk . (...) -- C:\GESTCDA\gestcda.exe
O4 - GS\Desktop: GESTION CARTE.exe - Raccourci.lnk . (.AJMCI - ASSOCIATION DES JEUNES MUSULMANS EN CÔTE D'.) -- D:\GESTION CARTE\exe\GESTION CARTE.exe
O4 - Global Startup: C:\Users\BEN AJMCI\Desktop\Outils de diagnostic d'imprimante HP.url . (...) -- C:\Users\BEN AJMCI\Desktop\Outils de diagnostic d'imprimante HP.url
O4 - GS\Desktop: Stylus SX110 - Raccourci.lnk - Clé orpheline
~ Global Startup: Scanned in 00mn 08s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Hyper File Server : BENAJMCI (Hyper File Server : BENAJMCI) . (.PC SOFT - manta.exe (Moteur HyperFileSQL Client/Serve.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe
O23 - Service: MantaManager (MantaManager) . (.PC SOFT - MantaManager.exe (Gestion et mise à jour du.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 9 Legitimates Scanned in 00mn 17s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job [288]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [DLL-files.com Fixer] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [DLL-files.com Fixer_UPDATES] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [RDReminder] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.00000000000000000000000000000000] [APT] [{06A1E1B1-D997-4CE0-B1DC-2F1D977C17C6}] (...) -- D:\Windev\Sentinel_LDK_Run-time_cmd_line\haspdinst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{34AAD6E4-D7B4-4CAD-B998-9A0CBF527090}] (...) -- D:\TRAVAUX CAMARA\New Folder (2)\Setup.exe (.not file.) [0]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [{351B0E42-59CE-4FA2-8024-868C2E6038FC}] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [{9BF37F88-0ECD-4797-AF80-1F94F6DDB5A2}] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.00000000000000000000000000000000] [APT] [{CB567D28-1AC4-47D4-B715-5470CA7E92B8}] (...) -- D:\AUTOCAD 2012\WinDEV 17\Sentinel_LDK_Run-time_cmd_line\haspdinst.exe (.not file.) [0]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [{DA3F232A-64B6-456E-83CD-1551B46CAAF3}] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.00000000000000000000000000000000] [APT] [{ED66AECD-2823-43AA-A7EA-8505861308F0}] (...) -- D:\Windev\Emulateur\dseo13b.exe (.not file.) [0]
[MD5.434FBC4C959132EAB540420309698F6E] [APT] [{FB4A7F8D-70A3-4756-BAF6-D5F8848C316C}] (.Dll-FIles.Com.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8922048]
[MD5.ACB856FE8856E8091F5EF0ADB6450A55] [APT] [PC Tuneup] (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [877320]
~ Scheduled Task: 23 Legitimates Scanned in 00mn 04s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 69 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe CSI CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {0F723FC1-7606-4867-866C-CE80AD292DAF}
O42 - Logiciel: Adobe Drive CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {16E16F01-2E2D-4248-A42F-76261C147B6C}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 9 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
O42 - Logiciel: Adobe Output Module - (.Adobe Systems Incorporated.) [HKLM] -- {BB4E33EC-8181-4685-96F7-8554293DEC6A}
O42 - Logiciel: Adobe Search for Help - (.Adobe Systems Incorporated.) [HKLM] -- {F0E64E2E-3A60-40D8-A55D-92F6831875DA}
O42 - Logiciel: Adobe Service Manager Extension - (.Adobe Systems Incorporated.) [HKLM] -- {4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
O42 - Logiciel: AdobeColorCommonSetCMYK - (.Adobe Systems Incorporated.) [HKLM] -- {68243FF8-83CA-466B-B2B8-9F99DA5479C4}
O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) [HKLM] -- {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
O42 - Logiciel: Comptabilité - (.Sage.) [HKLM] -- {93A837CB-5919-4BBA-B1AE-2E42F0E00794}
O42 - Logiciel: Connect - (.Adobe Systems Incorporated.) [HKLM] -- {B29AD377-CC12-490A-A480-1452337C618D}
O42 - Logiciel: KPT 6 - (...) [HKLM] -- KPT 6
O42 - Logiciel: Kaspersky Internet Security 2012 - (.Kaspersky Lab.) [HKLM] -- InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}
O42 - Logiciel: Kaspersky Internet Security 2012 - (.Kaspersky Lab.) [HKLM] -- {45E557D6-2271-4F13-8101-C620B4285AB0}
O42 - Logiciel: Logiciel de gestion des activités du CDA - (...) [HKLM] -- Logiciel de gestion des activités du CDA
O42 - Logiciel: Sentinel Runtime - (.SafeNet Inc..) [HKLM] -- {2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}
O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.) [HKLM] -- {842B4B72-9E8F-4962-B3C1-1C422A5C4434}
O42 - Logiciel: kuler - (.Adobe Systems Incorporated.) [HKLM] -- {098727E1-775A-4450-B573-3F441F1CA243}
~ Logic: 135 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AJMCI]
[HKCU\Software\Bitstream]
[HKCU\Software\I.C.NET Software GmbH]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\iOrgSoft]
[HKLM\Software\Participatory Culture Foundation]
~ Key Software: 136 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/04/2012 - 13:44:33 - [38,612] --H-D C:\Program Files\Avago-HP
O43 - CFD: 19/05/2012 - 14:22:16 - [15,145] ----D C:\Program Files\Maestria
O43 - CFD: 30/03/2013 - 11:34:07 - [0] ----D C:\Program Files\TorrentHandler
O43 - CFD: 30/05/2012 - 13:31:05 - [0,000] ----D C:\Users\BEN AJMCI\AppData\Local\Miro
O43 - CFD: 11/03/2013 - 13:17:11 - [0] ----D C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iOrgSoft
~ Program Folder: 147 Legitimates Scanned in 00mn 38s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 08/04/2013 - 10:04:37 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.55AFF5894F3AF77FFCE926AE342DEF76] - 03/04/2013 - 18:02:53 ---A- . (...) -- C:\AdwCleaner[S1].txt [8433]
O44 - LFC:[MD5.FC35ADE2512B3252F9312C6CC1F30370] - 30/03/2013 - 11:48:30 ---A- . (.Pas de propriétaire - utXmlData Dynamic Link Library.) -- C:\Windows\System32\hppatusg01.dll [110592]
O44 - LFC:[MD5.4496F9E66D7A83D8C2C9702CC2681C57] - 15/03/2013 - 12:52:10 ---A- . (.Aladdin Knowledge Systems Ltd. - Aladdin HASP Drivers Coinstaller.) -- C:\Windows\System32\aksusb4.dll [46536]
O44 - LFC:[MD5.15A02B86D1F5C2403DB2CF4384CFBFD3] - 15/03/2013 - 12:52:10 ---A- . (.Aladdin Knowledge Systems Ltd. - Aladdin Hasp HL Drivers Coinstaller.) -- C:\Windows\System32\akshsp52.dll [15816]
O44 - LFC:[MD5.5EA155A2E7633C02E80CE855E06145A7] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - AKSHASP Device Driver.) -- C:\Windows\System32\Drivers\akshasp.sys [244040]
O44 - LFC:[MD5.60048BF87AB239A4B85F445DB8796835] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Aladdin Hasp HL Drivers Coinstaller.) -- C:\Windows\System32\akshhl30.dll [43976]
O44 - LFC:[MD5.FA9B4921088981A0E44DEA8A605E58C8] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Ancillary Function Driver.) -- C:\Windows\System32\Drivers\aksfridge.sys [376200]
O44 - LFC:[MD5.B1D037B211294F172A4970BE16AA9DBB] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - SafeNet-Inc. Sentinel Class Driver.) -- C:\Windows\System32\Drivers\aksclass.sys [17992]
O44 - LFC:[MD5.218B352976A92F134CB65BEF5F582EB8] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - SafeNet-Inc. Sentinel USB Key Driver.) -- C:\Windows\System32\Drivers\aksusb.sys [295944]
O44 - LFC:[MD5.DDCCFF5E81FDE1A869D71C48BB4D763F] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel HL Device Driver.) -- C:\Windows\System32\Drivers\akshhl.sys [53192]
O44 - LFC:[MD5.311FCA105F3B0B9DF193DD81F4768295] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel Hardlock Device Driver for Windows.) -- C:\Windows\System32\Drivers\hardlock.sys [608136]
O44 - LFC:[MD5.F698C3C35199DCBE024031DB1F9E46D9] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\aksllmtp.exe [4466120]
O44 - LFC:[MD5.98D488B4769FEB5AB7D6961EB9A48CE6] - 12/03/2013 - 13:46:20 ---A- . (.Aladdin Knowledge Systems - Aladdin Hasp HL Drivers Coinstaller.) -- C:\Windows\System32\akscoinst.dll [7168]
O44 - LFC:[MD5.DBCD41D42CF6F2C472B03E079057CBD2] - 12/03/2013 - 13:46:13 ---A- . (...) -- C:\Windows\System32\haspdos.sys [383]
O44 - LFC:[MD5.2DD25F060DC9F79B5CDF33D90ED93669] - 12/03/2013 - 13:46:13 ---A- . (.Aladdin Knowledge Systems - HASP Kernel Device Driver for Windows NT.) -- C:\Windows\System32\Drivers\Haspnt.sys [47616]
O44 - LFC:[MD5.D796FB313840AEB45FCFF441D15EAC0E] - 12/03/2013 - 13:46:13 ---A- . (.Aladdin Knowledge Systems. - HASP Virtual Device Driver for Windows NT..) -- C:\Windows\System32\haspvdd.dll [6656]
O44 - LFC:[MD5.5745B8ADDD3F3921AF7FC38E8A201E31] - 12/03/2013 - 13:45:14 ---A- . (...) -- C:\Windows\System32\config.hsp [2624]
~ Files: 54 Legitimates Scanned in 01mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.622996F972246D87E1726F815F75B8CB] - 06/04/2013 - 17:10:42 ---A- - C:\Windows\Prefetch\ACROBATINFO.EXE-562B3728.pf
O45 - LFCP:[MD5.593078D1738F6A1BCFF0A5DA4AA3FBC2] - 06/04/2013 - 21:15:02 ---A- - C:\Windows\Prefetch\HPQSRMON.EXE-DC8EF5B5.pf
O45 - LFCP:[MD5.C9522A43D27C4AB0148834BD8F0009DD] - 08/04/2013 - 09:53:45 ---A- - C:\Windows\Prefetch\HPPUSG.EXE-2C9AFB13.pf
O45 - LFCP:[MD5.E926C35824502E151DD695E7642E796F] - 08/04/2013 - 09:53:59 ---A- - C:\Windows\Prefetch\HPHC_SERVICE.EXE-0C2DC775.pf
O45 - LFCP:[MD5.ED0095B9CDFA3C5DC7827E098F65E5A4] - 08/04/2013 - 11:41:54 ---A- - C:\Windows\Prefetch\ESTWM.EXE-D182D25A.pf
O45 - LFCP:[MD5.E28A69E20EF5463E197174036039B976] - 08/04/2013 - 11:44:20 ---A- - C:\Windows\Prefetch\ESCNDV.EXE-957A695B.pf
O45 - LFCP:[MD5.4D627023DAE0D963E8FFEBFDD79232EF] - 08/04/2013 - 13:28:53 ---A- - C:\Windows\Prefetch\BKST.EXE-BA2732A4.pf
O45 - LFCP:[MD5.F23652DE762C050FE8327DF3C6DE29CE] - 09/03/2013 - 10:19:24 ---A- - C:\Windows\Prefetch\HPQBAM08.EXE-5B656772.pf
O45 - LFCP:[MD5.FD4C98661E6237CC6D7E290D9A46F886] - 09/03/2013 - 10:19:26 ---A- - C:\Windows\Prefetch\HPQGPC01.EXE-92C87699.pf
O45 - LFCP:[MD5.6784495C40FAAEE361145109DC9C9209] - 09/03/2013 - 12:41:07 ---A- - C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf
O45 - LFCP:[MD5.D6AE0CC70A1B5002EF7EE191D5D67EB3] - 30/03/2013 - 11:09:13 ---A- - C:\Windows\Prefetch\MDNSRESPONDER.EXE-321C1F3D.pf
~ Prefetcher: 96 Legitimates Scanned in 00mn 03s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
~ SMSR Keys: 4 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2013 - 19:14:11 ---A- C:\Users\BEN AJMCI\Downloads\Photo(2) (1).jpg [2122]
O61 - LFC: 05/04/2013 - 19:23:35 ---A- C:\Users\BEN AJMCI\Downloads\attachments_2013_04_05.zip [8349525]
O61 - LFC: 06/04/2013 - 14:53:36 ---A- C:\Users\BEN AJMCI\Downloads\PLAN STRATEGIQUE DEFAC 2013.doc [95744]
O61 - LFC: 08/04/2013 - 09:56:46 ---A- C:\Users\BEN AJMCI\AppData\Roaming\dll-files.com\Fixer\Version 1.0\ExcludeList.rcp [6]
O61 - LFC: 08/04/2013 - 09:56:46 ---A- C:\Users\BEN AJMCI\AppData\Roaming\dll-files.com\Fixer\Version 1.0\TempHLList.rcp [6]
O61 - LFC: 08/04/2013 - 09:56:46 ---A- C:\Users\BEN AJMCI\AppData\Roaming\dll-files.com\Fixer\Version 1.0\results.rcp [6330]
O61 - LFC: 08/04/2013 - 10:03:02 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [267926]
O61 - LFC: 08/04/2013 - 13:29:31 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Local State [26892]
~ 14 Fichiers temporaires (Temporary files)
~ Files: 127 Legitimates Scanned in 01mn 47s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 82 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {84900D94-73AE-4884-ADEF-B44DEE6523BA} [DefaultScope] - (Yahoo!) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_worldcracked.blogspot.com_0.localstorage-journal
C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracker-wifi.com_0.localstorage-journal
C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_worldcracked.blogspot.com_0.localstorage-journal
C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracker-wifi.com_0.localstorage-journal
~ Files: Scanned in 02mn 08s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 33 Legitimates Scanned in 00mn 01s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.38ADD1DFB1E684A43434AFA22E30A343] [SPRF][08/04/2013] (...) -- C:\Users\BEN AJMCI\AppData\Local\Temp\dump.dat [1884160]
[MD5.02C4F6C257542FCB7C58B7164D674471] [SPRF][03/04/2013] (...) -- C:\Users\BEN AJMCI\Desktop\adwcleaner.exe [613083]
[MD5.1CD51AE9BCEAC9F0CEE159821A1817B8] [SPRF][04/04/2013] (...) -- C:\Users\BEN AJMCI\Desktop\RogueKiller.exe [816128]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.7BBA5B65F6645D9FD314DDB8D3953A95] [SPRF][19/09/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [299008]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{D1151C1F-8F07-4BB7-AEC9-8A98EB18CF7E}" | In - Public - P6 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe
O87 - FAEL: "{F8CF20DE-99A3-4C2A-9D64-406BDF215B00}" | In - Public - P17 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe
O87 - FAEL: "{8FD07F57-8610-4851-8C31-1F7B178AB3B8}" | In - Public - P6 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\hasplms.exe
O87 - FAEL: "{B0398221-827E-49D5-997C-4A7262591FBD}" | In - Public - P17 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\hasplms.exe
O87 - FAEL: "{77022A85-6DFC-471E-A65E-FE37B5E13C1B}" | In - None - P17 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\system32\hasplms.exe
O87 - FAEL: "{75E6EF69-03F2-44A1-A4D5-128CF9224BEF}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{95406FD1-A62E-4629-9F46-A5D5929E55C5}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{9E11F95D-5375-4FAC-8DC2-1E71DF73ACF8}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{9045B2EF-1F6B-421D-B444-CFB99F3EC8C7}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{AC14A6CD-67F9-4C97-8772-363A89B36B54}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{C818C657-AB66-4C91-8ED2-D102767FBAF4}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F9EA9BFE-5EAC-48A2-9E86-64EB65DFBC5E}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{1285E556-BD91-4723-888F-DC062D7F1A60}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{35C3C2EF-19C8-4F07-897C-39AB0A9C3DEF}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{8D2FA55F-FFD3-40A0-A54F-392D6C734121}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F4376C7C-7ED5-4962-AAFD-CC72394DF637}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{2515657B-A8FE-4097-9E06-CCA1300C69EA}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{2FC37DCE-0822-4C78-9D68-0A693146B6F5}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{49B873BB-2BD9-42DE-8402-833948DBB787}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{3A07CD16-85EA-42D0-9124-883992F981AD}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{4702E2F1-4EE3-4ACA-9C04-8B01D4BDA647}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{33C70302-9E90-406A-A845-24709F810854}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{C822164F-8752-49FC-99DD-8E62F84ABD2C}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{E14D736B-91B0-4648-B7FF-4D201E27F991}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{9AAF3949-1A1A-49ED-91A9-4B85E80C25F0}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{45745475-BCD6-4024-8AF6-BE0F16C7EAAB}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{3DEF2444-8F16-443F-82C4-E87D0B31F608}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{4B604429-A35F-4B60-A5A3-6802CF836435}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{8B9FA427-1BD6-4A90-910B-D8E2CD00BA3F}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F6E2DA7B-CF9B-419B-AB42-A6609B783E9D}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{EE14373C-B0EF-4352-A5E2-6A88BCC6ACA1}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{96DD7C38-4DA7-4D20-BD76-BDD58FAB2B3A}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{B6B382D6-F093-4466-8D63-436D8DFBF110}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{2E310203-7858-404B-881D-577905399C6A}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{FE468246-FA10-4AA3-B4CA-FDCD82B9612F}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{4F518DA9-6AB9-46DB-9CEF-BAB146453067}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{CB01E92C-D95E-4B8A-A4BB-B6519F83565B}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{3C5D0A81-708A-46C6-A5E5-AFD380D16C13}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{E5CA3A0B-30E7-4F65-9DF3-8005FE9DB60A}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{739E8AD9-2458-42A5-BDB7-0C5ACCBCE9CF}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{25325909-0672-4035-975D-4E4AADDBA84C}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{A9990382-3017-4E6B-B735-17F3839E0983}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{A61850D6-63EF-4349-827C-D8E5D5D19D44}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F1DBB125-3E3B-4DC8-9C3F-FB5C8F82A770}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{4FBADE64-F1E8-432C-8912-55C960A64597}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{403DA0EF-C1E5-4505-AF13-E235623D42E8}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{15AD9CF6-27F7-4686-A245-82F75121A973}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{2AC39B69-5D49-44D1-82D0-F1BD3D51993E}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F8FDA35C-6877-4702-9FA7-650D264E6B6E}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F1D80193-D880-4485-B7B3-20319461977E}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{9CBC2BA9-B22E-48E5-824F-431A270DCBB0}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{3B93FD82-004D-489A-982E-D14925E07C9D}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{F9A5779F-2D67-4593-8490-704C6D5D299F}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{ED1881F2-BFAF-4C89-9BCB-2C82FAD8AECD}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{5A25F1AE-D429-4F6F-8EC1-3C3592A8164E}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{A94CCDB4-AA9D-4533-BD35-642DAAE08EDE}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{DCC3B917-F612-44F7-895C-AD23F1F4A91C}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
O87 - FAEL: "{DFD2CCBB-4568-49B2-8725-10DDD1A73846}" | Out - Public - P6 - TRUE | .(.Dll-FIles.Com - DLL-Files Fixer.) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
~ Firewall: 238 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11367 - (03/04/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{151867D5-7359-40AF-8764-66E58D06283C}] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{8E5025C2-8EA3-430D-80B8-A14151068A6D} =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{8E5025C2-8EA3-430D-80B8-A14151068A6D} =>Toolbar.Agent
~ Additionnel: Scanned in 00mn 44s



---\\ Product Upgrade Codes (O90)
~ Update Products: 128 Legitimates Scanned in 00mn 00s



---\\ MyComputer Name Space (O92)
O92 - MNS: Dossier partagé de l'Environnement Protégé - {047DDC7E-F9C2-11DD-A093-79D855D89593}
~ MNS: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 04/06/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 30/12/2011 4889032 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 21/11/2011 78336 | (Hyper File Server : BENAJMCI) . (.PC SOFT.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe
SR - | Auto 05/12/2011 282624 | (MantaManager) . (.PC SOFT.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by BEN AJMCI at 08/04/2013 13:34:25

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys halmacpi.dll
C:\Windows\system32\drivers\iastor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x83037BAA] => \Device\Harddisk0\DR0[0x87179030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by BEN AJMCI at 08/04/2013 13:34:27

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (713 lines in 07mn 55s)(4)
0
Réponse 9 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
8 avril 2013 à 18:04
Bonjour !

Ce script va cibler certains éléments à supprimer :

¶ Ouvre ce lien, sélectionne le script en entier et copie le (Édition --> Copier)
¶ Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en tant qu'administrateur"
¶ Clique sur l'icône représentant le presse-papier (« coller le presse-papier »)
¶ Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
>>les lignes ci-dessus sont celles qui doivent apparaître dans la fenêtre de ZHPFix. Si ce n'est pas le cas, ne surtout pas cliquer sur le bouton GO. Il faut veiller à bien copier les lignes<<
¶ Clique sur le bouton « GO » pour lancer le nettoyage,
¶ Copie/colle la totalité du rapport dans ta prochaine réponse
Pour t'aider

Lire : Le danger des cracks

0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
10 avril 2013 à 14:58
Le rapport

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"AutoHide"="yes"
"Security Risk Page"="about:SecurityRisk"
"Extensions Off Page"="about:NoAdd-ons"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=93&bd=all&pf=cmdt"
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Default_Secondary_Page_URL"=hex(7):00,00,00,00
"Use_Async_DNS"="yes"
"Start Page"="about:blank"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Delete_Temp_Files_On_Exit"="yes"
"Enable_Disk_Cache"="yes"
"Enable Browser Extensions"="yes"
"Use Search Asst"="no"
"Check_Associations"="yes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds]
"406"=dword:00000200
"405"=dword:00000100
"501"=dword:00000200
"404"=dword:00000200
"500"=dword:00000200
"403"=dword:00000100
"409"=dword:00000200
"505"=dword:00000200
"408"=dword:00000200
"400"=dword:00000200
"410"=dword:00000100

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"=dword:00000001
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"infopath.exe"=dword:00000000
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"=dword:00001f40
"Skype.exe"=dword:00001f40

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"iexplore.exe"=dword:00000001
"*"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"=dword:00000001
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"SAPfewgsrv.exe"=dword:00000000
"SAPGuiIT.exe"=dword:00000000
"SAPGUI.exe"=dword:00000000
"SAPLgPad.exe"=dword:00000000
"SAPLOGON.exe"=dword:00000000
"Scale_for_R3.exe"=dword:00000000
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"PresentationHost.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
"sidebar.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@=""
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"=dword:00000001
"cs.exe"=dword:00000001
"waol.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"=dword:00000004
"Skype.exe"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"=dword:00000002
"Skype.exe"=dword:00000006

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000000
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"=dword:00000000
"iexplore.exe"=dword:00000000
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"=dword:00000001
"winword.exe"=dword:00000001
"excel.exe"=dword:00000001
"powerpnt.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"=dword:00000001
"prevhost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001
"prevhost.exe"=dword:00000001
"wmplayer.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001
"ehExtHost.exe"=dword:00000001
"clview.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate]
"1"="www.%s.com"
"3"="www.%s.net"
"2"="www.%s.org"
"4"="www.%s.edu"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"="yes"
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=93&bd=all&pf=cmdt"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Use_DlgBox_Colors"="yes"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"XMLHTTP"=dword:00000001
"NoUpdateCheck"=dword:00000001
"UseClearType"="no"
"Enable Browser Extensions"="yes"
"Play_Background_Sounds"="yes"
"Play_Animations"="yes"
"CompatibilityFlags"=dword:00000000
"IE8TourNoShow"=dword:00000001
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,64,00,00,00,64,00,00,00,f9,04,00,00,a8,02,00,\
00
"IE8RunOnceLastShown"=dword:00000001
"IE8RunOnceLastShown_TIMESTAMP"=hex:a8,4e,9d,a9,bd,2a,cd,01
"NotifyDownloadComplete"="no"
"Error Dlg Displayed On Every Error"="no"
"TabShutdownDelay"=dword:00000000
"FormSuggest PW Ask"="no"
"Use Search Asst"="no"
"Check_Associations"="no"
"DisableScriptDebuggerIE"="yes"
"IconCache"="9f7zaoo"
"IE9RunOnceLastShown"=dword:00000001
"IE9RunOnceLastShown_TIMESTAMP"=hex:95,e4,b8,01,6d,37,cd,01
"IE9TourShown"=dword:00000001
"IE9TourShownTime"=hex:63,9d,51,bf,b4,2b,cd,01
"DownloadWindowPlacement"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,10,01,00,00,d5,00,00,00,90,03,00,00,b5,\
02,00,00
"Use FormSuggest"="no"
"IE9RunOncePerInstallCompleted"=dword:00000001
"IE9RunOnceCompletionTime"=hex:b9,55,67,74,36,38,cd,01
"AutoHide"="yes"
"IEWatsonDisabled"=dword:00000001
"ApplicationTileImmersiveActivation"=dword:00000000
"AssociationActivationMode"=dword:00000002

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds\{E81B65CF-A92F-4B5A-BAF5-E139CB7D74C8}]
"Title"="Flux Microsoft\\MSN Actualités"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch]
"Version"="6.1.7600.16385"
"User Favorites Path"="file:///C:\\Users\\BEN AJMCI\\Favorites\\"
"UpgradeTime"=hex:09,9c,20,db,85,34,ce,01
"ConfiguredScopes"=dword:00000005
"LastCrawl"=hex:3c,8c,df,13,85,34,ce,01

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{151867D5-7359-40AF-8764-66E58D06283C}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{151867D5-7359-40AF-8764-66E58D06283C}\iexplore]
"Type"=dword:00000001
"Flags"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}"
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
"FaviconPath"="C:\\Users\\BEN AJMCI\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=hex:13,00,00,00,00,00,00,00,00,00,00,00,20,00,00,00,10,00,00,00,\
00,00,00,00,01,00,00,00,00,07,00,00,5e,01,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ITBarLayout"=hex:11,00,00,00,00,00,00,00,00,00,00,00,04,00,00,00,1f,00,37,00,\
00,00,00,00,01,00,00,00,00,00,00,00,a0,0f,00,00,05,00,00,00,00,00,00,00,00,\
00,00,00,02,00,00,00,01,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,\
00,00,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,32,bd,99,ef,fb,c1,d2,11,89,2f,00,90,27,1d,4f,88,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,9c,75,b7,95,7f,8c,f1,4b,b1,63,73,68,4a,93,\
32,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ITBar7Height"=dword:00000000
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:39,35,83,47,c5,d0,25,41,9f,a8,08,\
19,e2,ea,ac,93
"{8E5025C2-8EA3-430D-80B8-A14151068A6D}"=hex:c2,25,50,8e,a3,8e,0d,43,80,b8,a1,\
41,51,06,8a,6d
"{EF79F67A-6AD7-4715-A0F8-932FCA442023}"=hex:7a,f6,79,ef,d7,6a,15,47,a0,f8,93,\
2f,ca,44,20,23

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2012\\avp.exe\""
"BCSSync"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
"HPUsageTracking"="C:\\Program Files\\HP\\HP UT\\bin\\hppusg.exe \"C:\\Program Files\\HP\\HP UT\\\""
"hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"
"Acrobat Assistant 8.0"="\"D:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"IgfxTray"="C:\\Windows\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\Windows\\system32\\hkcmd.exe"
"Persistence"="C:\\Windows\\system32\\igfxpers.exe"
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,42,00,6f,00,6e,00,6a,00,6f,\
00,75,00,72,00,5c,00,6d,00,44,00,4e,00,53,00,52,00,65,00,73,00,70,00,6f,00,\
6e,00,64,00,65,00,72,00,2e,00,65,00,78,00,65,00,22,00,00,00
"DisplayName"="##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##"
"DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762##"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bonjour Service\Parameters]
"ManageLLRouting"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@sstpsvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|"
"Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|"
"SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|"
"WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|"
"WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|"
"WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|Name=@FirewallAPI.dll,-31501|Desc=@FirewallAPI.dll,-31502|EmbedCtxt=@FirewallAPI.dll,-31500|Edge=TRUE|Defer=App|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-200|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-203|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-205|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-207|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|"
"Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|"
"Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|"
"Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|"
"RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|"
"RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|"
"RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|"
"FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|"
"FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|"
"CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|"
"CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|"
"CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name
0
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
10 avril 2013 à 15:09
Bonjour,

Ce n'est pas le bon rapport ^^
Regarde sur ton bureau (ZHPFix[R1].txt)

Sinon : menu démarrer > ordinateur > disque local C: > ZHP
là tu devrais trouver le rapport.
0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
10 avril 2013 à 15:49
Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013
Fichier d'export Registre :
Run by BEN AJMCI at 09/04/2013 13:20:40
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Corbeille vidée

========== Processus mémoire ==========
SUPPRIME Memory Process: C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_worldcracked.blogspot.com_0.localstorage-journal
SUPPRIME Memory Process: C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cracker-wifi.com_0.localstorage-journal

========== Clé(s) du Registre ==========
SUPPRIME Key: HKCU\Software\SweetIM
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{151867D5-7359-40AF-8764-66E58D06283C}
SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SUPPRIME Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SUPPRIME Key: Service: Bonjour Service

========== Valeur(s) du Registre ==========
SUPPRIME URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SUPPRIME URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d}
SUPPRIME URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023}
SUPPRIME MWPS Value: EnableUIADesktopToggle
SUPPRIME MWPS Value: PromptOnSecureDesktop
SUPPRIME MWPS Value: FilterAdministratorToken
SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
ABSENT [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{8E5025C2-8EA3-430D-80B8-A14151068A6D}
SUPPRIME RunValue: HP Software Update
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :

========== Elément(s) de donnée du Registre ==========
SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
SUPPRIME R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL

========== Préférences navigateur ==========
PRESENT Chrome File: C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Default\Preferences
SUPPRIME Chrome Site: http://www.delta-search.com
SUPPRIME Chrome Site: http://www.delta-search.com

========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files\TorrentHandler
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows

========== Fichier(s) ==========
SUPPRIME File: c:\users\ben ajmci\appdata\roaming\microsoft\internet explorer\quick launch\dll-files fixer.lnk
ABSENT File: c:\program files\dll-files.com
SUPPRIME Reboot c:\users\ben ajmci\appdata\roaming\dll-files.com
SUPPRIME File: c:\users\ben ajmci\appdata\local\google\chrome\user data\default\local storage\http_worldcracked.blogspot.com_0.localstorage-journal
SUPPRIME File***: c:\users\ben ajmci\appdata\local\google\chrome\user data\default\local storage\http_www.cracker-wifi.com_0.localstorage-journal
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows

========== Tache planifiée ==========
SUPPRIME Task: {06A1E1B1-D997-4CE0-B1DC-2F1D977C17C6}
SUPPRIME Task: {34AAD6E4-D7B4-4CAD-B998-9A0CBF527090}
SUPPRIME Task: {CB567D28-1AC4-47D4-B715-5470CA7E92B8}
SUPPRIME Task: {ED66AECD-2823-43AA-A7EA-8505861308F0}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
2 : Processus mémoire
5 : Clé(s) du Registre
11 : Valeur(s) du Registre
2 : Elément(s) de donnée du Registre
3 : Dossier(s)
7 : Fichier(s)
3 : Préférences navigateur
4 : Tache planifiée
1 : Restauration Système


End of clean in 02mn 42s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 09/04/2013 13:21:21 [3697]
0
Réponse 10 / 10
loumax91 Messages postés 3182 Date d'inscription mardi 14 juin 2011 Statut Contributeur sécurité Dernière intervention 14 avril 2019 474
10 avril 2013 à 17:32
Comment va le PC ?

Fais redémarrer ton ordinateur, puis :
*Lance ZHPDiag clique sur "Options" (en haut à droite)
*Clique sur "Tous" referme la fenêtre
*Clique sur la "loupe" pour lancer l'analyse (héberge le rapport)
Pour t'aider
0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
11 avril 2013 à 14:49
Beaucoup mieux.
0
markaz Messages postés 330 Date d'inscription mercredi 18 avril 2007 Statut Membre Dernière intervention 16 septembre 2015 5
Modifié par baladur13 le 11/04/2013 à 15:08
Rapport de l'analyse:

Rapport de ZHPDiag v2013.4.2.8 par Nicolas Coolman, Update du 03/04/2013
Run by xxxxx at 11/04/2013 12:48:28
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v26.0.1410.64 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (17%) free of 30 GB

---\\ Logged in mode
~ Computer Name: xxxxx
~ User Name: xxxxx
~ All Users Names: xxxxx, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\xxxxx\AppData\Roaming\
~ %Desktop% : C:\Users\xxxxx\Desktop\
~ %Favorites% : C:\Users\xxxxx\Favorites\
~ %LocalAppData% : C:\Users\xxxxx\AppData\Local\
~ %StartMenu% : C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 30 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 129 Go of 264 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 3 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 05:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 03:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 02:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 08:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 08:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 09:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 02:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 08:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 05:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 08:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/15
~ Mes musiques (My Musics) : 1/55
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 4/343
~ Mon Bureau (My Desktop) : 10/127
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2916]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [136216] [PID.2888]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1024]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.2396]
[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe [955392] [PID.368]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.2372]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.2308]
[MD5.95FB55B85D0AFC0962443808383C5588] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6396416] [PID.2840]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.delta-search.com
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.6.5.635.) -- C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\xxxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\xxxxx\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ BHO: 6 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: GESTCDA.lnk . (...) -- C:\GESTCDA\gestcda.exe
O4 - GS\Desktop: GESTION CARTE.exe - Raccourci.lnk . (.AJMCI - ASSOCIATION DES JEUNES MUSULMANS EN CÔTE D'.) -- D:\GESTION CARTE\exe\GESTION CARTE.exe
O4 - Global Startup: C:\Users\xxxxx\Desktop\Outils de diagnostic d'imprimante HP.url . (...) -- C:\Users\xxxxx\Desktop\Outils de diagnostic d'imprimante HP.url
O4 - GS\Desktop: Stylus SX110 - Raccourci.lnk - Clé orpheline
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Hyper File Server : xxxxx (Hyper File Server : xxxxx) . (.PC SOFT - manta.exe (Moteur HyperFileSQL Client/Serve.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\Manta.exe
O23 - Service: MantaManager (MantaManager) . (.PC SOFT - MantaManager.exe (Gestion et mise à jour du.) - C:\Program Files\PC SOFT\Serveur HyperFileSQL\MantaManager.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 5 Legitimates Scanned in 00mn 05s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{351B0E42-59CE-4FA2-8024-868C2E6038FC}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9BF37F88-0ECD-4797-AF80-1F94F6DDB5A2}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DA3F232A-64B6-456E-83CD-1551B46CAAF3}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FB4A7F8D-70A3-4756-BAF6-D5F8848C316C}] (...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.) [0]
[MD5.ACB856FE8856E8091F5EF0ADB6450A55] [APT] [PC Tuneup] (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [877320]
~ Scheduled Task: 15 Legitimates Scanned in 00mn 03s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 60 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 9 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) [HKLM] -- {16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
O42 - Logiciel: Comptabilité - (.Sage.) [HKLM] -- {93A837CB-5919-4BBA-B1AE-2E42F0E00794}
O42 - Logiciel: KPT 6 - (...) [HKLM] -- KPT 6
O42 - Logiciel: Logiciel de gestion des activités du CDA - (...) [HKLM] -- Logiciel de gestion des activités du CDA
O42 - Logiciel: Sentinel Runtime - (.SafeNet Inc..) [HKLM] -- {2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}
~ Logic: 102 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AJMCI]
[HKCU\Software\Bitstream]
[HKCU\Software\I.C.NET Software GmbH]
[HKCU\Software\iOrgSoft]
[HKLM\Software\Participatory Culture Foundation]
~ Key Software: 127 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/04/2012 - 13:44:33 - [38,612] --H-D C:\Program Files\Avago-HP
O43 - CFD: 19/05/2012 - 14:22:16 - [15,145] ----D C:\Program Files\Maestria
O43 - CFD: 30/05/2012 - 13:31:05 - [0,000] ----D C:\Users\xxxxx AJMCI\AppData\Local\Miro
O43 - CFD: 11/03/2013 - 13:17:11 - [0] ----D C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iOrgSoft
~ Program Folder: 140 Legitimates Scanned in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 08/04/2013 - 10:04:37 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.55AFF5894F3AF77FFCE926AE342DEF76] - 03/04/2013 - 18:02:53 ---A- . (...) -- C:\AdwCleaner[S1].txt [8433]
O44 - LFC:[MD5.FC35ADE2512B3252F9312C6CC1F30370] - 30/03/2013 - 11:48:30 ---A- . (.Pas de propriétaire - utXmlData Dynamic Link Library.) -- C:\Windows\System32\hppatusg01.dll [110592]
O44 - LFC:[MD5.4496F9E66D7A83D8C2C9702CC2681C57] - 15/03/2013 - 12:52:10 ---A- . (.Aladdin Knowledge Systems Ltd. - Aladdin HASP Drivers Coinstaller.) -- C:\Windows\System32\aksusb4.dll [46536]
O44 - LFC:[MD5.15A02B86D1F5C2403DB2CF4384CFBFD3] - 15/03/2013 - 12:52:10 ---A- . (.Aladdin Knowledge Systems Ltd. - Aladdin Hasp HL Drivers Coinstaller.) -- C:\Windows\System32\akshsp52.dll [15816]
O44 - LFC:[MD5.5EA155A2E7633C02E80CE855E06145A7] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - AKSHASP Device Driver.) -- C:\Windows\System32\Drivers\akshasp.sys [244040]
O44 - LFC:[MD5.60048BF87AB239A4B85F445DB8796835] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Aladdin Hasp HL Drivers Coinstaller.) -- C:\Windows\System32\akshhl30.dll [43976]
O44 - LFC:[MD5.FA9B4921088981A0E44DEA8A605E58C8] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Ancillary Function Driver.) -- C:\Windows\System32\Drivers\aksfridge.sys [376200]
O44 - LFC:[MD5.B1D037B211294F172A4970BE16AA9DBB] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - SafeNet-Inc. Sentinel Class Driver.) -- C:\Windows\System32\Drivers\aksclass.sys [17992]
O44 - LFC:[MD5.218B352976A92F134CB65BEF5F582EB8] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - SafeNet-Inc. Sentinel USB Key Driver.) -- C:\Windows\System32\Drivers\aksusb.sys [295944]
O44 - LFC:[MD5.DDCCFF5E81FDE1A869D71C48BB4D763F] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel HL Device Driver.) -- C:\Windows\System32\Drivers\akshhl.sys [53192]
O44 - LFC:[MD5.311FCA105F3B0B9DF193DD81F4768295] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel Hardlock Device Driver for Windows.) -- C:\Windows\System32\Drivers\hardlock.sys [608136]
O44 - LFC:[MD5.F698C3C35199DCBE024031DB1F9E46D9] - 15/03/2013 - 12:52:10 ---A- . (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\aksllmtp.exe [4466120]
~ Files: 56 Legitimates Scanned in 00mn 04s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.ED0095B9CDFA3C5DC7827E098F65E5A4] - 08/04/2013 - 11:41:54 ---A- - C:\Windows\Prefetch\ESTWM.EXE-D182D25A.pf
O45 - LFCP:[MD5.21AF827AFC36B88B62E41B4EC03E1E9E] - 10/04/2013 - 11:39:48 ---A- - C:\Windows\Prefetch\ACROBATINFO.EXE-562B3728.pf
O45 - LFCP:[MD5.0C84F51650F57B9BD58CA645ECEBCF77] - 10/04/2013 - 13:22:00 ---A- - C:\Windows\Prefetch\KLWTBLFS.EXE-97D9C8DA.pf
O45 - LFCP:[MD5.7B262E848B0FC8AD6F60983994ADAB7C] - 10/04/2013 - 17:11:15 ---A- - C:\Windows\Prefetch\ESCNDV.EXE-957A695B.pf
O45 - LFCP:[MD5.3AD0E7A19D3F2CFD26132BB66CAA1E47] - 11/04/2013 - 10:01:57 ---A- - C:\Windows\Prefetch\HPHC_SERVICE.EXE-0C2DC775.pf
O45 - LFCP:[MD5.C7399E42687051AFA527E5BADE587131] - 11/04/2013 - 10:05:34 ---A- - C:\Windows\Prefetch\HPPUSG.EXE-2C9AFB13.pf
O45 - LFCP:[MD5.D3C662DC76CD4B00C524DD7687116017] - 11/04/2013 - 10:05:34 ---A- - C:\Windows\Prefetch\HPQSRMON.EXE-DC8EF5B5.pf
O45 - LFCP:[MD5.13DEFC09C06CB27DABB3823273E67E14] - 11/04/2013 - 12:48:09 ---A- - C:\Windows\Prefetch\BKST.EXE-BA2732A4.pf
O45 - LFCP:[MD5.D6AE0CC70A1B5002EF7EE191D5D67EB3] - 30/03/2013 - 11:09:13 ---A- - C:\Windows\Prefetch\MDNSRESPONDER.EXE-321C1F3D.pf
~ Prefetcher: 95 Legitimates Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
~ SMSR Keys: 4 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
~ MWPS: 13 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 01:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 08/04/2013 - 14:41:06 ---A- C:\Users\xxxxx\Downloads\Pièces jointes_201348 (1).zip [7045518]
O61 - LFC: 08/04/2013 - 14:44:08 ---A- C:\Users\xxxxx\Downloads\Pièces jointes_201348.zip [5659593]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Extensions\external_extensions.json [99]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\am.pak [349961]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ar.pak [337305]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\bg.pak [423081]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\bn.pak [530119]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ca.pak [254781]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\cs.pak [255880]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\da.pak [231371]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\de.pak [215841]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\el.pak [460311]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\en-GB.pak [213223]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\en-US.pak [213312]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\es-419.pak [255436]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\es.pak [261427]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\et.pak [223084]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fa.pak [358950]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fi.pak [239424]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fil.pak [259772]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\d3dcompiler_43.dll [2106216]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxxI\AppData\Local\Google\Chrome\Application\26.0.1410.64\d3dcompiler_46.dll [3231688]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\nacl_irt_x86_32.nexe [5769211]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\nacl_irt_x86_64.nexe [6084606]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\resources.pak [5277359]
O61 - LFC: 09/04/2013 - 08:07:56 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\xinput1_3.dll [81768]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fr.pak [269376]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\gu.pak [503859]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\xxxxx\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\he.pak [288692]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hi.pak [521541]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hr.pak [238990]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hu.pak [266529]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\id.pak [229570]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\it.pak [249239]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ja.pak [305586]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\kn.pak [581244]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ko.pak [257703]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\lt.pak [250812]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\lv.pak [253694]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ml.pak [676093]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\mr.pak [511028]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ms.pak [186942]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\nb.pak [231523]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\nl.pak [247444]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pl.pak [252887]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pt-BR.pak [245673]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pt-PT.pak [251765]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ro.pak [262809]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ru.pak [402722]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sk.pak [265719]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sl.pak [234163]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sr.pak [389439]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sv.pak [232805]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sw.pak [211349]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ta.pak [605537]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\te.pak [562736]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\th.pak [521866]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\tr.pak [252583]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\uk.pak [398617]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\vi.pak [292279]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\zh-CN.pak [207054]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\zh-TW.pak [208236]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\manifest.json [2054]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\VisualElements\logo.png [5228]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\VisualElements\smalllogo.png [11251]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\VisualElements\splash-620x300.png [12428]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_100_percent.pak [882175]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_touch_100_percent.pak [894948]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\docs.crx [4578]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\drive.crx [25561]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\external_extensions.json [982]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\gmail.crx [24040]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\search.crx [26392]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\default_apps\youtube.crx [23668]
O61 - LFC: 09/04/2013 - 08:07:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\secondarytile.png [2455]
O61 - LFC: 09/04/2013 - 08:56:08 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome.dll [44521424]
O61 - LFC: 09/04/2013 - 08:56:09 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.dll [57296]
O61 - LFC: 09/04/2013 - 08:56:10 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_frame_helper.exe [82896]
O61 - LFC: 09/04/2013 - 08:56:11 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\chrome_launcher.exe [87504]
O61 - LFC: 09/04/2013 - 08:56:12 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\delegate_execute.exe [893904]
O61 - LFC: 09/04/2013 - 08:56:13 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll [1606096]
O61 - LFC: 09/04/2013 - 08:56:14 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\icudt.dll [9962960]
O61 - LFC: 09/04/2013 - 08:56:14 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll [124368]
O61 - LFC: 09/04/2013 - 08:56:15 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll [598480]
O61 - LFC: 09/04/2013 - 08:56:16 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\am.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:17 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ar.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:18 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\bg.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:19 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\bn.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:20 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ca.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:21 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\cs.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:21 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\da.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:22 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\de.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:23 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\el.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:24 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\en-GB.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:25 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\en-US.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:26 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\es-419.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:27 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\es.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:27 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\et.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:28 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fa.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:29 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fi.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:30 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fil.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:31 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\fr.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:32 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\gu.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:33 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\he.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:34 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hi.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:35 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hr.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:35 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\hu.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:36 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\id.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:37 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\it.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:38 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ja.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:39 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\kn.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:40 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ko.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:41 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\lt.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:41 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\lv.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:43 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ml.dll [9680]
O61 - LFC: 09/04/2013 - 08:56:43 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\mr.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:44 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ms.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:45 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\nb.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:46 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\nl.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:47 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pl.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:48 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pt-BR.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:49 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\pt-PT.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:49 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ro.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:50 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ru.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:51 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sk.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:52 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sl.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:53 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sr.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:54 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sv.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:55 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\sw.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:55 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\ta.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:56 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\te.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:57 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\th.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:58 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\tr.dll [9168]
O61 - LFC: 09/04/2013 - 08:56:59 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\uk.dll [9168]
O61 - LFC: 09/04/2013 - 08:57:00 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\vi.dll [9168]
O61 - LFC: 09/04/2013 - 08:57:01 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\zh-CN.dll [9168]
O61 - LFC: 09/04/2013 - 08:57:01 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Locales\zh-TW.dll [9168]
O61 - LFC: 09/04/2013 - 08:57:02 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\metro_driver.dll [864720]
O61 - LFC: 09/04/2013 - 08:57:03 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\nacl64.exe [1030608]
O61 - LFC: 09/04/2013 - 08:57:04 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\npchrome_frame.dll [1915344]
O61 - LFC: 09/04/2013 - 08:57:05 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll [4050896]
O61 - LFC: 09/04/2013 - 08:57:06 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll [13130704]
O61 - LFC: 09/04/2013 - 08:57:07 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll [390096]
O61 - LFC: 09/04/2013 - 08:57:09 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe [1312720]
O61 - LFC: 09/04/2013 - 11:42:51 ---A- C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Word\Fourniture%20-PRIX%20Pdt%20DIAW302912231570869534\Fourniture%20-PRIX%20Pdt%20DIAW.doc.lnk [851]
O61 - LFC: 09/04/2013 - 11:42:51 R--A- C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Word\Fourniture%20-PRIX%20Pdt%20DIAW302912231570869534\Fourniture%20-PRIX%20Pdt%20DIAW((Unsaved-302912231570706992)).asd [28160]
O61 - LFC: 09/04/2013 - 16:00:18 ---A- C:\Users\BEN AJMCI\Downloads\Douadé logo First [Converti].pdf [122943]
O61 - LFC: 09/04/2013 - 16:30:00 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\26.0.1410.64\26.0.1410.64_26.0.1410.43_chrome_updater.exe [5677408]
O61 - LFC: 09/04/2013 - 20:14:07 ---A- C:\Users\BEN AJMCI\Downloads\Douadé logo Best [Converti].pdf [162799]
O61 - LFC: 09/04/2013 - 20:15:21 ---A- C:\Users\BEN AJMCI\Downloads\Douadé logo First [Converti] (1).pdf [122943]
O61 - LFC: 09/04/2013 - 20:22:45 ---A- C:\Users\BEN AJMCI\Downloads\Douahou Dé CVR logo..pdf [567371]
O61 - LFC: 09/04/2013 - 22:44:12 ---A- C:\Users\BEN AJMCI\Downloads\1-RAPPORT DE MISSION DE L'AG DE GBEKE.doc [121344]
O61 - LFC: 09/04/2013 - 22:44:18 ---A- C:\Users\BEN AJMCI\Downloads\1-RAPPORT DE MISSION DE L'AG DE GBEKE (1).doc [121344]
O61 - LFC: 10/04/2013 - 10:35:18 ---A- C:\Users\BEN AJMCI\Downloads\sans_nom (1).txt [125]
O61 - LFC: 10/04/2013 - 12:13:29 ---A- C:\Users\BEN AJMCI\Downloads\Discours président.doc [42496]
O61 - LFC: 10/04/2013 - 12:14:04 ---A- C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Word\ListGal.dat [13429]
O61 - LFC: 10/04/2013 - 12:16:12 ---A- C:\Users\BEN AJMCI\Downloads\Discours président corrigé.doc [91136]
O61 - LFC: 10/04/2013 - 12:28:57 ---A- C:\Users\BEN AJMCI\AppData\Roaming\Sage\Comptabilité\MAESTRIA.PCO [439]
O61 - LFC: 10/04/2013 - 12:28:57 ---A- C:\Users\BEN AJMCI\Documents\Sage\Comptabilité\MAESTRIA.RMA [542]
O61 - LFC: 10/04/2013 - 13:14:41 ---A- C:\Users\BEN AJMCI\AppData\Local\Resmon.ResmonCfg [7626]
O61 - LFC: 10/04/2013 - 17:20:36 ---A- C:\Users\BEN AJMCI\AppData\Roaming\EPSON\ESCNDV\ES0099\FULL.bmp [1003494]
O61 - LFC: 10/04/2013 - 19:23:00 ---A- C:\Users\BEN AJMCI\Downloads\Photo(2).jpg [4325939]
O61 - LFC: 10/04/2013 - 19:23:16 ---A- C:\Users\BEN AJMCI\Downloads\Photo(2) (2).jpg [4325939]
O61 - LFC: 10/04/2013 - 19:27:10 ---A- C:\Users\BEN AJMCI\AppData\Roaming\Microsoft\Word\Enregistrement automatique de3-RAPPORT DE MISSION DE L'AG DE L'AGNEBY-TIASSA.asd [49664]
O61 - LFC: 10/04/2013 - 19:27:14 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Installer\setup.exe [1642448]
O61 - LFC: 10/04/2013 - 19:27:53 ---A- C:\Users\BEN AJMCI\Downloads\Message transféré - Tr - Début de la synthèse Fiche 1 (3) [0]*
O61 - LFC: 10/04/2013 - 19:29:02 R--A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\26.0.1410.64\Installer\chrome.7z [122865342]
O61 - LFC: 10/04/2013 - 19:29:07 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\VisualElementsManifest.xml [396]
O61 - LFC: 10/04/2013 - 19:29:58 ---A- C:\Users\BEN AJMCI\Downloads\Message transféré - Tr - Début de la synthèse Fiche 1 (4) [0]*
O61 - LFC: 10/04/2013 - 19:30:40 ---A- C:\Users\BEN AJMCI\Downloads\Message transféré - Tr - Début de la synthèse Fiche 1 (5) [0]*
O61 - LFC: 10/04/2013 - 19:33:58 ---A- C:\Users\BEN AJMCI\Downloads\Photo (1).jpg [4030376]
O61 - LFC: 10/04/2013 - 19:34:00 ---A- C:\Users\BEN AJMCI\Downloads\Photo.jpg [4030376]
O61 - LFC: 11/04/2013 - 10:11:56 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269393]
O61 - LFC: 11/04/2013 - 12:49:08 ---A- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\User Data\Local State [26910]
~ 23 Fichiers temporaires (Temporary files)
~ Files: 359 Legitimates Scanned in 00mn 06s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 81 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <jsfile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BEN AJMCI\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {84900D94-73AE-4884-ADEF-B44DEE6523BA} [DefaultScope] - (Yahoo!) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\ZHP\Quarantine\http_worldcracked.blogspot.com_0.localstorage-journal.VIR
C:\ZHP\Quarantine\http_www.cracker-wifi.com_0.localstorage-journal.VIR
C:\ZHP\Quarantine\http_worldcracked.blogspot.com_0.localstorage-journal.VIR
C:\ZHP\Quarantine\http_www.cracker-wifi.com_0.localstorage-journal.VIR
~ Files: Scanned in 01mn 47s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 33 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.2A760BC38EAD288C433D74045297827C] [SPRF][07/04/2013] (.Kaspersky Lab - Programme d'installation de Kaspersky Internet Security 2013 (13.0.1.4190abcde.${ARG_BUILD_IDENTIFICATION}).) -- C:\Users\BEN AJMCI\Desktop\kis13.0.1.4190fr-fr_4325.exe [172184872]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.7BBA5B65F6645D9FD314DDB8D3953A95] [SPRF][19/09/2003] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [299008]
~ Files: Scanned in 00mn 02s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{D1151C1F-8F07-4BB7-AEC9-8A98EB18CF7E}" | In - Public - P6 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe
O87 - FAEL: "{F8CF20DE-99A3-4C2A-9D64-406BDF215B00}" | In - Public - P17 - TRUE | .(.Software 2000 Limited - SMLMProxy Module.) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.exe
O87 - FAEL: "{8FD07F57-8610-4851-8C31-1F7B178AB3B8}" | In - Public - P6 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\hasplms.exe
O87 - FAEL: "{B0398221-827E-49D5-997C-4A7262591FBD}" | In - Public - P17 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\System32\hasplms.exe
O87 - FAEL: "{77022A85-6DFC-471E-A65E-FE37B5E13C1B}" | In - None - P17 - TRUE | .(.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\system32\hasplms.exe
O87 - FAEL: "{75E6EF69-03F2-44A1-A4D5-128CF9224BEF}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{95406FD1-A62E-4629-9F46-A5D5929E55C5}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{9E11F95D-5375-4FAC-8DC2-1E71DF73ACF8}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{9045B2EF-1F6B-421D-B444-CFB99F3EC8C7}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{AC14A6CD-67F9-4C97-8772-363A89B36B54}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{C818C657-AB66-4C91-8ED2-D102767FBAF4}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{F9EA9BFE-5EAC-48A2-9E86-64EB65DFBC5E}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{1285E556-BD91-4723-888F-DC062D7F1A60}" |Out - Public - P6 - TRUE | .(...) -- C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe (.not file.)
O87 - FAEL: "{35C3C2EF-19C8
0