Windows démarrage lent
Fermé
abdouchefr
Messages postés
161
Date d'inscription
samedi 2 février 2013
Statut
Membre
Dernière intervention
9 février 2015
-
27 sept. 2014 à 22:22
Utilisateur anonyme - 27 sept. 2014 à 23:39
Utilisateur anonyme - 27 sept. 2014 à 23:39
Bonjour
Lors du démarrage du système celui-ci est long et les pages web également.
Voici un diagnostique ZHPDiag
Merci d'avance pour votre aide
~ Rapport de ZHPDiag v2014.9.24.137 - Nicolas Coolman (24/09/2014)
~ Lancé par Abdesalem Derdar (27/09/2014 22:09:13)
~ Adresse du Site Web https://nicolascoolman.eu
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 32.0.3 (Defaut)
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Logiciels de protection du système
AVG 2014 v14.0.4765
Malwarebytes Anti-Malware version 2.0.2.1012
ZoneAlarm Firewall v11.0.000.054
ZoneAlarm Free Firewall v11.0.000.504
ZoneAlarm Security v11.0.000.054
---\\ Logiciels d'optimisation du système
CCleaner v4.17
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI
Java 7 Update 67
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (13% free)
System Restore: Activé (Enable)
System drive C: has 85 GB (72%) free of 118 GB
---\\ Mode de connexion au système
~ Computer Name: YOUR-10A2E35C12
~ User Name: Abdesalem Derdar
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, Abdesalem Derdar,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Abdesalem Derdar\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Abdesalem Derdar\Application Data\
~ %Desktop% : C:\Documents and Settings\Abdesalem Derdar\Bureau\
~ %Favorites% : C:\Documents and Settings\Abdesalem Derdar\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 118 Go)
D: Hard drive, Flash drive, Thumb drive (Free 25 Go of 25 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/11
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/594
~ Mon Bureau (My Desktop) : 4/19
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lancés
[MD5.2313A18382B038AAF6EB5DD750CC65E5] - (.Check Point Software Technologies LTD - TrueVector Service.) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888] [PID.1628]
[MD5.57FE873B8246DEF1372503CBC57A7499] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320] [PID.256]
[MD5.B6E2D865C5936A4FEE68F11E97DF6B82] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000] [PID.1704]
[MD5.D7CBEEA4500BFDC63E99B06A1C512BE8] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1716]
[MD5.BF918C9473D64BBD53C22C47045883F5] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1984]
[MD5.A96F636AFBDE939E8ABD601F9801B031] - (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\WINDOWS\System32\StkCSrv.exe [31248] [PID.1660]
[MD5.D9EB1EDD8EA23BFAC9E4B668E4B69157] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838160] [PID.2084]
[MD5.446254DD2A9C829A6AF02B9D8B11F047] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [657936] [PID.2140]
[MD5.80349CB09DDC2F99E16D0F8919E2DCA3] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [349528] [PID.2528]
[MD5.9F9D928F2004559247E8DEA4D1361D9B] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984] [PID.2968]
[MD5.3C934C055C54CBBD5A1C340D72B657CC] - (.Pas de propriétaire - Torpedo.) -- C:\Program Files\Information\f048fae2-c40d-42e5-97cb-894298260586.exe [32152] [PID.1188]
[MD5.3010ACD81B592EB8D6C5534A9E7E5257] - (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Program Files\Information\72280b54-7c16-478c-b609-e4c89cfe0712.exe [369560] [PID.3372] =>PUP.CrossRider
[MD5.57B463FB782C46D30E680ACF8983CFD3] - (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [659456] [PID.1572]
[MD5.FFD1C110E23B515EE0EFE15D9993EC45] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480] [PID.352]
[MD5.91539F4F58BB4B1E3BF24604656CE7D3] - (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [3153408] [PID.980]
[MD5.01921762F0525B17057ECEAD1ADFC22D] - (.SAMSUNG Electronics - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [679936] [PID.3356]
[MD5.3B209AAB427023013F982E125B72DB41] - (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\system32\igfxext.exe [170520] [PID.3444]
[MD5.D49ED5FF272A46FA38361028835D09FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.1152]
[MD5.116F2BCCAC99E445C2FC4557B6B47927] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.3520]
[MD5.9208018B94294F39E8FF504A182A102E] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.3668]
[MD5.50E187E0EC23EF6C46E68109FB75D31B] - (.SAMSUNG Electronics Co., Ltd. - MagicKBD V5 Launcher.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe [372736] [PID.3744]
[MD5.3048C513A620837E94F527435012E25B] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe [299008] [PID.3832]
[MD5.361B0893A5C6741F347568A3232D2822] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5188112] [PID.204]
[MD5.0D67A518BE3BC74C63423AC5595C7251] - (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832] [PID.3956]
[MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [256896] [PID.3136]
[MD5.3886EC1A39667F30E5A6797E2DD54062] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [603488] [PID.160]
[MD5.411F9EEF72CACD4E76431B282099A3A6] - (.MyOSCompany - Pas de description.) -- C:\Program Files\PCTRunner\MyOSProtect.exe [1317096] [PID.4024] =>PUP.WebProtect
[MD5.8FCDD80575921F180E75BC7CF4310140] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [1451384] [PID.0]
[MD5.96B182BCB95057D4C7B8E25811BF6D2A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [22041192] [PID.5868]
[MD5.FB104D17018B4CA9F0C1A9BED02D15FC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4276]
[MD5.70E72E508D9F8CEA9D4D11B09204526F] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5904]
[MD5.4B7694BAB2F17541DB9152F81BF09225] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8108032] [PID.5036]
~ Processes Running: Scanned in 00mn 13s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 01s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [EDS] . (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] . (.SAMSUNG Electronics - Loader of Easy Display Manager - Display Co.) -- C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [SUPBackground] . (...) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [BatteryManager] . (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] . (.Pas de propriétaire - PreMKBD before Magic Keyboard Program.) -- C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [ZoneAlarm] . (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ISW] . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3659336295-3222183615-1794127435-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-1.job [2764] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-11.job [4490]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-2.job [2104] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-3.job [3808] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-4.job [3808] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-5.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-1.job [1382] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-3.job [3458] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-4.job [2230] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\72280b54-7c16-478c-b609-e4c89cfe0712.job [1456]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-1.job [1456] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-4.job [2264] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\f048fae2-c40d-42e5-97cb-894298260586.job [622]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job [956]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job [960]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\KLQBYWO.job [1764]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [238]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job [922]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job [926]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\YGJ.job [1412]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (pcwatch) . (...) - C:\WINDOWS\system32\Drivers\pcwatch.sys =>PUP.WebProtect
~ Drivers: 81 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced File Encryptor - (.Zemerick Software, Inc..) [HKLM] -- {3F1828A5-C1EA-43DC-B2AC-2E1275805D51}_is1
O42 - Logiciel: Magic Keyboard - (...) [HKLM] -- {BD723E53-A42C-4702-AA04-1D74A0311590}
O42 - Logiciel: Play Camera - (.Nom de votre société.) [HKLM] -- InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}
~ Logic: 24 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\KLQBYWO]
[HKCU\Software\PCTRunner] =>PUP.WebProtect
[HKCU\Software\YGJ]
[HKLM\Software\AFE]
[HKLM\Software\PCTRunner] =>PUP.WebProtect
[HKLM\Software\WLAN]
[HKLM\Software\fst]
~ Key Software: 244 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2013 - 23:58:27 - [] ----D C:\Program Files\afe
O43 - CFD: 21/09/2014 - 21:36:04 - [] ----D C:\Program Files\PCTRunner =>PUP.WebProtect
O43 - CFD: 21/05/2013 - 20:00:53 - [] ----D C:\Documents and Settings\All Users\Application Data\IM
O43 - CFD: 21/05/2013 - 19:56:28 - [] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail
O43 - CFD: 27/08/2009 - 17:22:48 - [] ----D C:\Documents and Settings\All Users\Application Data\WLAN
O43 - CFD: 21/09/2014 - 21:16:55 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\com
O43 - CFD: 21/05/2013 - 20:03:01 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\IM
O43 - CFD: 29/06/2013 - 23:58:29 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\Programmes\Advanced File Encryptor
~ Program Folder: 156 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F2E5A0CC408405C595A9CDBF854A38E1] - 21/09/2014 - 19:30:23 ---A- . (.MyOSCompany - Pas de description.) -- C:\WINDOWS\system32\MyOSProtect.dll [304776]
O44 - LFC:[MD5.F5564844269854D7CE70711F3B23A86C] - 22/09/2014 - 17:04:39 ---A- . (...) -- C:\WINDOWS\system32\MyOSProtect.ini [4144]
O44 - LFC:[MD5.2D2A3F75D91731FCAEFD5322BA51C9DD] - 22/09/2014 - 17:04:39 ---A- . (...) -- C:\WINDOWS\system32\MyOSProtectOff.ini [2072]
O44 - LFC:[MD5.20E3EFCC32F5D3F02149BADA50E43E0E] - 27/09/2014 - 20:06:16 ---A- . (...) -- C:\WINDOWS\wiaservc.log [0]
O44 - LFC:[MD5.D9F319DA56AE33BDDFADFDA3F06EBB8C] - 27/09/2014 - 20:06:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 14 Legitimates Filtered in 00mn 13s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\pcwatch.sys . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\pcwatch.sys . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect
~ CSB: 23 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bee5467a-96d3-11de-9fc8-001377b526a5}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AVG-Secure-Search-Update_0913b [Key] . (...) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys [19840] =>PUP.WebProtect
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:04/08/2009 - 17:40:38 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\WINDOWS\system32\Drivers\StkCMini.sys [1448080]
O58 - SDL:16/01/2008 - 18:28:32 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\WINDOWS\system32\Drivers\StkCPipe.sys [12940048]
O58 - SDL:03/05/2009 - 14:04:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StkCSF.sys [197648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:27/10/2005 - 05:18:05 ---A- . (...) -- C:\WINDOWS\system32\MEMIO.SYS [4300]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 60 Legitimates Filtered in 00mn 12s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/10/2005 - C:\WINDOWS\system32\MEMIO.sys (DOSMEMIO) .(...) - LEGACY_DOSMEMIO
O64 - Services: CurCS - 01/09/2014 - C:\Program Files\PCTRunner\MyOSProtect.exe (MyOSProtect) .(.MyOSCompany - Pas de description.) - LEGACY_MYOSPROTECT =>PUP.WebProtect
O64 - Services: CurCS - 03/05/2009 - C:\WINDOWS\system32\StkCSrv.exe (StkSSrv) .(.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - LEGACY_STKSSRV
~ Legacy: 140 Legitimates Filtered in 00mn 01s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0B23F89D-F1A9-4F6C-1F6A-1B5E860BACAC} - (AVG Secure Search) - https://isearch.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {C7211E1C-F627-42EC-8140-6A26038A8798} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8F5BF36A878E36261C11C5B55B23BA34] [SPRF][21/09/2014] (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\KLQBYWO.exe [1965464] =>PUP.CrossRider
[MD5.80F8D7A88B2751869B14AE7E4EBB1C2B] [SPRF][21/09/2014] (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\YGJ.exe [1518488] =>PUP.CrossRider
~ Files: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8C5A8864813F7974AB87F7A80B2D5884] [WIS][21/02/2013] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\2da0dd.msi [538624] =>Toolbar.DeltaSearch
[MD5.8AE9BF86B2FBA914152AEDBA0C41EACA] [WIS][27/02/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\6b09a.msi [1772032] =>Adware.IMBooster
[MD5.787C2F06A3E7A86ED97A0940583ABB6A] [WIS][27/02/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\6b0a0.msi [272896] =>Adware.IMBooster
[MD5.DE5BC93E9B35171F2FA1117ABDE5D61F] [WIS][21/09/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\8180a0.msi [512512] =>Adware.Boxore
~ WIS: 4 Legitimates Filtered in 00mn 10s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 21/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 25/08/2014 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 25/08/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 23/03/2009 349528 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 22/11/2012 497320 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SR - | Auto 17/08/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Demand 01/09/2014 1317096 | (MyOSProtect) . (.MyOSCompany.) - C:\Program Files\PCTRunner\MyOSProtect.exe =>PUP.WebProtect
SR - | Auto 03/05/2009 31248 | (StkSSrv) . (.Syntek America Inc..) - C:\WINDOWS\system32\StkCSrv.exe
SR - | Auto 27/03/2013 2447888 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\yk51x86.dll (yksvc) . (.Marvell.) - C:\WINDOWS\system32\svchost.exe
~ Services: Scanned in 00mn 32s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (24/09/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 20
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913b] =>Toolbar.AVGSearch^
[HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
C:\Program Files\PCTRunner =>PUP.WebProtect^
C:\Documents and Settings\All Users\Application Data\Software =>Adware.Boxore
C:\Program Files\Information\72280b54-7c16-478c-b609-e4c89cfe0712.exe =>PUP.CrossRider^
C:\Program Files\PCTRunner\MyOSProtect.exe =>PUP.WebProtect^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-2.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-3.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-5.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-3.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-4.job =>PUP.CrossRider^
[HKCU\Software\PCTRunner] =>PUP.WebProtect^
[HKLM\Software\PCTRunner] =>PUP.WebProtect^
C:\Documents and Settings\Abdesalem Derdar\Application Data\KLQBYWO.exe =>PUP.CrossRider^
C:\Documents and Settings\Abdesalem Derdar\Application Data\YGJ.exe =>PUP.CrossRider^
C:\Windows\Installer\2da0dd.msi =>Toolbar.DeltaSearch^
C:\Windows\Installer\6b09a.msi =>Adware.IMBooster^
C:\Windows\Installer\6b0a0.msi =>Adware.IMBooster^
C:\Windows\Installer\8180a0.msi =>Adware.Boxore^
~ Additionnel Scan: 227660 Items scanned in 02mn 27s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Internet Explorer Toolbars (O3)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Image File Execution Options (IFEO) (O50)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>PUP.CrossRider
https://nicolascoolman.eu =>Toolbar.DeltaSearch
https://nicolascoolman.eu =>Adware.IMBooster
https://nicolascoolman.eu =>Adware.Boxore
~ MSI: 4 link(s) detected in 00mn 00s
~ 821 Legitimates filtered by white list
End of the scan (516 lines in 05mn 33s)(0)
Lors du démarrage du système celui-ci est long et les pages web également.
Voici un diagnostique ZHPDiag
Merci d'avance pour votre aide
~ Rapport de ZHPDiag v2014.9.24.137 - Nicolas Coolman (24/09/2014)
~ Lancé par Abdesalem Derdar (27/09/2014 22:09:13)
~ Adresse du Site Web https://nicolascoolman.eu
~ Adresse du Forum https://nicolascoolman.eu
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 32.0.3 (Defaut)
GCIE: Google Chrome
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Logiciels de protection du système
AVG 2014 v14.0.4765
Malwarebytes Anti-Malware version 2.0.2.1012
ZoneAlarm Firewall v11.0.000.054
ZoneAlarm Free Firewall v11.0.000.504
ZoneAlarm Security v11.0.000.054
---\\ Logiciels d'optimisation du système
CCleaner v4.17
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader XI
Java 7 Update 67
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (13% free)
System Restore: Activé (Enable)
System drive C: has 85 GB (72%) free of 118 GB
---\\ Mode de connexion au système
~ Computer Name: YOUR-10A2E35C12
~ User Name: Abdesalem Derdar
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, Abdesalem Derdar,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Abdesalem Derdar\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Abdesalem Derdar\Application Data\
~ %Desktop% : C:\Documents and Settings\Abdesalem Derdar\Bureau\
~ %Favorites% : C:\Documents and Settings\Abdesalem Derdar\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 85 Go of 118 Go)
D: Hard drive, Flash drive, Thumb drive (Free 25 Go of 25 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/03/2014 - 18:58:52.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/11
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/594
~ Mon Bureau (My Desktop) : 4/19
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 04s
---\\ Processus lancés
[MD5.2313A18382B038AAF6EB5DD750CC65E5] - (.Check Point Software Technologies LTD - TrueVector Service.) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888] [PID.1628]
[MD5.57FE873B8246DEF1372503CBC57A7499] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320] [PID.256]
[MD5.B6E2D865C5936A4FEE68F11E97DF6B82] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000] [PID.1704]
[MD5.D7CBEEA4500BFDC63E99B06A1C512BE8] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328] [PID.1716]
[MD5.BF918C9473D64BBD53C22C47045883F5] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1984]
[MD5.A96F636AFBDE939E8ABD601F9801B031] - (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\WINDOWS\System32\StkCSrv.exe [31248] [PID.1660]
[MD5.D9EB1EDD8EA23BFAC9E4B668E4B69157] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [838160] [PID.2084]
[MD5.446254DD2A9C829A6AF02B9D8B11F047] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [657936] [PID.2140]
[MD5.80349CB09DDC2F99E16D0F8919E2DCA3] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [349528] [PID.2528]
[MD5.9F9D928F2004559247E8DEA4D1361D9B] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984] [PID.2968]
[MD5.3C934C055C54CBBD5A1C340D72B657CC] - (.Pas de propriétaire - Torpedo.) -- C:\Program Files\Information\f048fae2-c40d-42e5-97cb-894298260586.exe [32152] [PID.1188]
[MD5.3010ACD81B592EB8D6C5534A9E7E5257] - (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Program Files\Information\72280b54-7c16-478c-b609-e4c89cfe0712.exe [369560] [PID.3372] =>PUP.CrossRider
[MD5.57B463FB782C46D30E680ACF8983CFD3] - (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [659456] [PID.1572]
[MD5.FFD1C110E23B515EE0EFE15D9993EC45] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480] [PID.352]
[MD5.91539F4F58BB4B1E3BF24604656CE7D3] - (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [3153408] [PID.980]
[MD5.01921762F0525B17057ECEAD1ADFC22D] - (.SAMSUNG Electronics - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [679936] [PID.3356]
[MD5.3B209AAB427023013F982E125B72DB41] - (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\system32\igfxext.exe [170520] [PID.3444]
[MD5.D49ED5FF272A46FA38361028835D09FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.1152]
[MD5.116F2BCCAC99E445C2FC4557B6B47927] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.3520]
[MD5.9208018B94294F39E8FF504A182A102E] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.3668]
[MD5.50E187E0EC23EF6C46E68109FB75D31B] - (.SAMSUNG Electronics Co., Ltd. - MagicKBD V5 Launcher.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe [372736] [PID.3744]
[MD5.3048C513A620837E94F527435012E25B] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe [299008] [PID.3832]
[MD5.361B0893A5C6741F347568A3232D2822] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5188112] [PID.204]
[MD5.0D67A518BE3BC74C63423AC5595C7251] - (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832] [PID.3956]
[MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [256896] [PID.3136]
[MD5.3886EC1A39667F30E5A6797E2DD54062] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [603488] [PID.160]
[MD5.411F9EEF72CACD4E76431B282099A3A6] - (.MyOSCompany - Pas de description.) -- C:\Program Files\PCTRunner\MyOSProtect.exe [1317096] [PID.4024] =>PUP.WebProtect
[MD5.8FCDD80575921F180E75BC7CF4310140] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [1451384] [PID.0]
[MD5.96B182BCB95057D4C7B8E25811BF6D2A] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [22041192] [PID.5868]
[MD5.FB104D17018B4CA9F0C1A9BED02D15FC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4276]
[MD5.70E72E508D9F8CEA9D4D11B09204526F] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5904]
[MD5.4B7694BAB2F17541DB9152F81BF09225] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8108032] [PID.5036]
~ Processes Running: Scanned in 00mn 13s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File: Scanned in 00mn 01s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [EDS] . (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] . (.SAMSUNG Electronics - Loader of Easy Display Manager - Display Co.) -- C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [SUPBackground] . (...) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [BatteryManager] . (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] . (.Pas de propriétaire - PreMKBD before Magic Keyboard Program.) -- C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKLM\..\Run: [ZoneAlarm] . (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [ISW] . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3659336295-3222183615-1794127435-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-1.job [2764] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-11.job [4490]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-2.job [2104] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-3.job [3808] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-4.job [3808] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-5.job [2440] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-1.job [1382] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-3.job [3458] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-4.job [2230] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\72280b54-7c16-478c-b609-e4c89cfe0712.job [1456]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-1.job [1456] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-4.job [2264] =>PUP.CrossRider
O39 - APT: - (..) -- C:\WINDOWS\Tasks\f048fae2-c40d-42e5-97cb-894298260586.job [622]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job [956]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job [960]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\KLQBYWO.job [1764]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [238]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job [922]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job [926]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\YGJ.job [1412]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (pcwatch) . (...) - C:\WINDOWS\system32\Drivers\pcwatch.sys =>PUP.WebProtect
~ Drivers: 81 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced File Encryptor - (.Zemerick Software, Inc..) [HKLM] -- {3F1828A5-C1EA-43DC-B2AC-2E1275805D51}_is1
O42 - Logiciel: Magic Keyboard - (...) [HKLM] -- {BD723E53-A42C-4702-AA04-1D74A0311590}
O42 - Logiciel: Play Camera - (.Nom de votre société.) [HKLM] -- InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}
~ Logic: 24 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\KLQBYWO]
[HKCU\Software\PCTRunner] =>PUP.WebProtect
[HKCU\Software\YGJ]
[HKLM\Software\AFE]
[HKLM\Software\PCTRunner] =>PUP.WebProtect
[HKLM\Software\WLAN]
[HKLM\Software\fst]
~ Key Software: 244 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2013 - 23:58:27 - [] ----D C:\Program Files\afe
O43 - CFD: 21/09/2014 - 21:36:04 - [] ----D C:\Program Files\PCTRunner =>PUP.WebProtect
O43 - CFD: 21/05/2013 - 20:00:53 - [] ----D C:\Documents and Settings\All Users\Application Data\IM
O43 - CFD: 21/05/2013 - 19:56:28 - [] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail
O43 - CFD: 27/08/2009 - 17:22:48 - [] ----D C:\Documents and Settings\All Users\Application Data\WLAN
O43 - CFD: 21/09/2014 - 21:16:55 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\com
O43 - CFD: 21/05/2013 - 20:03:01 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\IM
O43 - CFD: 29/06/2013 - 23:58:29 - [] ----D C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\Programmes\Advanced File Encryptor
~ Program Folder: 156 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F2E5A0CC408405C595A9CDBF854A38E1] - 21/09/2014 - 19:30:23 ---A- . (.MyOSCompany - Pas de description.) -- C:\WINDOWS\system32\MyOSProtect.dll [304776]
O44 - LFC:[MD5.F5564844269854D7CE70711F3B23A86C] - 22/09/2014 - 17:04:39 ---A- . (...) -- C:\WINDOWS\system32\MyOSProtect.ini [4144]
O44 - LFC:[MD5.2D2A3F75D91731FCAEFD5322BA51C9DD] - 22/09/2014 - 17:04:39 ---A- . (...) -- C:\WINDOWS\system32\MyOSProtectOff.ini [2072]
O44 - LFC:[MD5.20E3EFCC32F5D3F02149BADA50E43E0E] - 27/09/2014 - 20:06:16 ---A- . (...) -- C:\WINDOWS\wiaservc.log [0]
O44 - LFC:[MD5.D9F319DA56AE33BDDFADFDA3F06EBB8C] - 27/09/2014 - 20:06:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 14 Legitimates Filtered in 00mn 13s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\pcwatch.sys . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\pcwatch.sys . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys (.not file.) =>PUP.WebProtect
~ CSB: 23 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bee5467a-96d3-11de-9fc8-001377b526a5}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\AVG-Secure-Search-Update_0913b [Key] . (...) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pcwatch.sys [19840] =>PUP.WebProtect
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:04/08/2009 - 17:40:38 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\WINDOWS\system32\Drivers\StkCMini.sys [1448080]
O58 - SDL:16/01/2008 - 18:28:32 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\WINDOWS\system32\Drivers\StkCPipe.sys [12940048]
O58 - SDL:03/05/2009 - 14:04:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StkCSF.sys [197648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:27/10/2005 - 05:18:05 ---A- . (...) -- C:\WINDOWS\system32\MEMIO.SYS [4300]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 60 Legitimates Filtered in 00mn 12s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/10/2005 - C:\WINDOWS\system32\MEMIO.sys (DOSMEMIO) .(...) - LEGACY_DOSMEMIO
O64 - Services: CurCS - 01/09/2014 - C:\Program Files\PCTRunner\MyOSProtect.exe (MyOSProtect) .(.MyOSCompany - Pas de description.) - LEGACY_MYOSPROTECT =>PUP.WebProtect
O64 - Services: CurCS - 03/05/2009 - C:\WINDOWS\system32\StkCSrv.exe (StkSSrv) .(.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - LEGACY_STKSSRV
~ Legacy: 140 Legitimates Filtered in 00mn 01s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0B23F89D-F1A9-4F6C-1F6A-1B5E860BACAC} - (AVG Secure Search) - https://isearch.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {C7211E1C-F627-42EC-8140-6A26038A8798} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.8F5BF36A878E36261C11C5B55B23BA34] [SPRF][21/09/2014] (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\KLQBYWO.exe [1965464] =>PUP.CrossRider
[MD5.80F8D7A88B2751869B14AE7E4EBB1C2B] [SPRF][21/09/2014] (.HighQVPV21.09 - HQVP1.9V21.09 exe.) -- C:\Documents and Settings\Abdesalem Derdar\Application Data\YGJ.exe [1518488] =>PUP.CrossRider
~ Files: 2 Legitimates Filtered in 00mn 01s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8C5A8864813F7974AB87F7A80B2D5884] [WIS][21/02/2013] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\2da0dd.msi [538624] =>Toolbar.DeltaSearch
[MD5.8AE9BF86B2FBA914152AEDBA0C41EACA] [WIS][27/02/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\6b09a.msi [1772032] =>Adware.IMBooster
[MD5.787C2F06A3E7A86ED97A0940583ABB6A] [WIS][27/02/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\6b0a0.msi [272896] =>Adware.IMBooster
[MD5.DE5BC93E9B35171F2FA1117ABDE5D61F] [WIS][21/09/2014] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\8180a0.msi [512512] =>Adware.Boxore
~ WIS: 4 Legitimates Filtered in 00mn 10s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 25/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 21/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 25/08/2014 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 25/08/2014 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Auto 23/03/2009 349528 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 22/11/2012 497320 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SR - | Auto 17/08/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Demand 01/09/2014 1317096 | (MyOSProtect) . (.MyOSCompany.) - C:\Program Files\PCTRunner\MyOSProtect.exe =>PUP.WebProtect
SR - | Auto 03/05/2009 31248 | (StkSSrv) . (.Syntek America Inc..) - C:\WINDOWS\system32\StkCSrv.exe
SR - | Auto 27/03/2013 2447888 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\yk51x86.dll (yksvc) . (.Marvell.) - C:\WINDOWS\system32\svchost.exe
~ Services: Scanned in 00mn 32s
---\\ Scan Additionnel (O88)
Database Version : 13026 - (24/09/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 20
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AVG-Secure-Search-Update_0913b] =>Toolbar.AVGSearch^
[HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
C:\Program Files\PCTRunner =>PUP.WebProtect^
C:\Documents and Settings\All Users\Application Data\Software =>Adware.Boxore
C:\Program Files\Information\72280b54-7c16-478c-b609-e4c89cfe0712.exe =>PUP.CrossRider^
C:\Program Files\PCTRunner\MyOSProtect.exe =>PUP.WebProtect^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-2.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-3.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\494b598c-6d03-4649-a082-6b46f5812c40-5.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-3.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\62a01ee3-a9a4-4424-89fa-d461b315a360-4.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-1.job =>PUP.CrossRider^
C:\WINDOWS\Tasks\ecd21c27-0b1d-4666-bd85-dc7126ad3c01-4.job =>PUP.CrossRider^
[HKCU\Software\PCTRunner] =>PUP.WebProtect^
[HKLM\Software\PCTRunner] =>PUP.WebProtect^
C:\Documents and Settings\Abdesalem Derdar\Application Data\KLQBYWO.exe =>PUP.CrossRider^
C:\Documents and Settings\Abdesalem Derdar\Application Data\YGJ.exe =>PUP.CrossRider^
C:\Windows\Installer\2da0dd.msi =>Toolbar.DeltaSearch^
C:\Windows\Installer\6b09a.msi =>Adware.IMBooster^
C:\Windows\Installer\6b0a0.msi =>Adware.IMBooster^
C:\Windows\Installer\8180a0.msi =>Adware.Boxore^
~ Additionnel Scan: 227660 Items scanned in 02mn 27s
---\\ Informations complémentaires sur les modules
~ https://nicolascoolman.eu =>.Internet Explorer, Proxy Management (R5)
~ https://nicolascoolman.eu =>.Internet Explorer Toolbars (O3)
~ https://nicolascoolman.eu =>.Applications lancées au démarrage du système (O4)
~ https://nicolascoolman.eu =>.Image File Execution Options (IFEO) (O50)
~ https://nicolascoolman.eu =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Récapitulatif des détections trouvées sur votre station
https://nicolascoolman.eu =>PUP.CrossRider
https://nicolascoolman.eu =>Toolbar.DeltaSearch
https://nicolascoolman.eu =>Adware.IMBooster
https://nicolascoolman.eu =>Adware.Boxore
~ MSI: 4 link(s) detected in 00mn 00s
~ 821 Legitimates filtered by white list
End of the scan (516 lines in 05mn 33s)(0)
A voir également:
- Windows démarrage lent
- Pc lent au démarrage - Guide
- Programme demarrage windows 10 - Guide
- Problème démarrage windows 10 - Guide
- Forcer demarrage pc - Guide
- Accelerer demarrage windows 10 - Guide
3 réponses
Utilisateur anonyme
27 sept. 2014 à 22:23
27 sept. 2014 à 22:23
Bonsoir
Il faut changer de système d'exploitation pour utiliser Internet
@+
Il faut changer de système d'exploitation pour utiliser Internet
@+
abdouchefr
Messages postés
161
Date d'inscription
samedi 2 février 2013
Statut
Membre
Dernière intervention
9 février 2015
27 sept. 2014 à 23:34
27 sept. 2014 à 23:34
changer de système désolé je ne suis pas un pro
y a -t-il un mode opératoire?
merci
y a -t-il un mode opératoire?
merci
Utilisateur anonyme
27 sept. 2014 à 23:39
27 sept. 2014 à 23:39
Re
XP n'est plus maintenu à jour.
Tu paies pour un autre OS Windows ou tu passes à une solution libre >>>Linux
XP n'est plus maintenu à jour.
Tu paies pour un autre OS Windows ou tu passes à une solution libre >>>Linux
