Rapport de ZHPDiag v2013.4.7.45 par Nicolas Coolman, Update du 07/04/2013
Run by allain at 08/04/2013 08:51:14
State : Version à jour.
High Elevated Privileges : OK
UAC : 


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)
GCIE: Google Chrome

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 37 GB (16%) free of 228 GB

---\\ Logged in mode
~ Computer Name: PC-DE-ALLAIN
~ User Name: allain
~ All Users Names: UpdatusUser, IUSR_NMPR, allain, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\allain\AppData\Roaming\
~ %Desktop% : C:\Users\allain\Desktop\
~ %Favorites% : C:\Users\allain\Favorites\
~ %LocalAppData% : C:\Users\allain\AppData\Local\
~ %StartMenu% : C:\Users\allain\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 37 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 23:27:38.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.18/01/2008 - 23:33:38.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 04:30:21.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 23:28:14.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 21:28:04.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.18/01/2008 - 21:49:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 21:56:30.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 23:32:50.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 21:56:36.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1335
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/12
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 3/159
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 0/24
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D610CDEDF1F702EB0A86B0FBD9BB49E5] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe   [1820520] [PID.1892]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe   [1008184] [PID.1932]
[MD5.85B8925F1A477DF7AEC93CABBEB04F1F] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe   [65536] [PID.820]
[MD5.2589FFE360BED8F824CBC6171CB5B874] - (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe   [2793304] [PID.2656]
[MD5.98C9D8B03A6DEC5975A0E19EE2685CF5] - (.ScanSoft, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe   [69632] [PID.2660]
[MD5.511D37D2B50D22335BFE6CA9A5B14ADD] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe   [2508104] [PID.2260]
[MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe   [49208] [PID.2300]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4767304] [PID.2676]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [252848] [PID.1820]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe   [125952] [PID.3516]
[MD5.F6573840989C4E8ED2EBF8B0644CF500] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe   [959880] [PID.1464]
[MD5.0FF101F5C767393195602237E211B311] - (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe   [6123032] [PID.2344]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   [39408] [PID.2168]
[MD5.5EA80B00E1F5931641E8B95A23B7342D] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe   [278528] [PID.3548]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe   [37376] [PID.3612]
[MD5.98D472ECFBC0E8ED25A0483E765F42B6] - (...) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe   [560472] [PID.5528]
[MD5.C81BE1B951C36E97D3DA90DA745DA5F7] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe   [61440] [PID.2672]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [917400] [PID.5280]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe   [17304] [PID.4388]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe   [1822424] [PID.5292]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe   [69120] [PID.4528]
[MD5.605664E657464F558F51C84A0F93029F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [6558208] [PID.2488]
[MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe   [645992] [PID.1028]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe   [154136] [PID.1192]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe   [3408896] [PID.1324]
[MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe   [864616] [PID.1676]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [45248] [PID.1896]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe   [213384] [PID.2472]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.2700]
[MD5.A0B584C33F55545D56F9E71FB4E203AC] - (.Pas de propriétaire - DQLWinSe Application.) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe   [208896] [PID.2860]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe   [61440] [PID.3020]
[MD5.0E30752CC6F579FF7C09437D375ACDA3] - (.SFR - SFR.DashBoard.Service.) -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe   [24496] [PID.3136]
[MD5.AD1870C8E5D6DD340C829E6074BF3C3F] - (.Microsoft Corporation - Service de planification Windows Media Cent.) -- C:\Windows\ehome\ehsched.exe   [131072] [PID.3716]
[MD5.9BE3744D295A7701EB425332014F0797] - (.Microsoft Corporation - Service de réception Windows Media Center.) -- C:\Windows\ehome\ehRecvr.exe   [292352] [PID.4712]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\allain\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 ()
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.2 (Activé)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.5 (Activé)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [jfmjfhklogoienhpfnppmbcbjfjnkonk] RealPlayer HTML5Video Downloader Extension v.1.5 (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\allain\AppData\Roaming\Mozilla\Firefox\Profiles\jv2bqvhi.default\prefs.js
M3 - MFPP: Plugins - [allain] -- C:\Program Files\Mozilla FireFox\searchplugins\Web Search.xml
M2 - MFEP: prefs.js [allain - jv2bqvhi.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [allain - jv2bqvhi.default\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}] [] BitComet ????? v1.31 (.BitComet.)
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll
P2 - FPN: [HKLM] [@virtools.com/3DviaPlayer] - (.Dassault Systèmes - 3DVIA player(5.0.0.12).  For more information, visit the <a href="http.) -- C:\Program Files\Virtools\3D Life Player\npvirtools.dll
~ Firefox Browser: 29 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com
R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
~ IE Browser:  Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 15221



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} . (.Pas de propriétaire - Easy-WebPrint EWPBrowseLoader Module.) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
~ BHO: 10 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy-WebPrint - [HKLM]{327C2873-E90D-4c37-AA9D-10AC9BABA46C} . (.Pas de propriétaire - Easy-WebPrint.) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe 
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe 
O4 - HKLM\..\Run: [KBD] . (...) -- C:\HP\KBD\KbdStub.exe 
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe 
O4 - HKLM\..\Run: [CCUTRAYICON] Clé orpheline 
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 
O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe 
O4 - HKLM\..\Run: [OpwareSE4] . (.ScanSoft, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe 
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe 
O4 - HKCU\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter]  oobefldr.dll 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files\Neuf\Kit\9props.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKUS\S-1-5-21-3100942562-1174154654-1692508800-1001\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: Geoportail.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe http://www.geoportail.fr"
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.)  -- C:\Program Files\Windows Mail\WinMail.exe 
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\QuickLaunch: adwcleaner - Raccourci.lnk . (...)  -- C:\Users\allain\Downloads\adwcleaner.exe
O4 - GS\QuickLaunch: e-Carte Bleue LCL.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.)  -- C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe 
O4 - GS\QuickLaunch: Gestionnaire de Connexion.lnk . (.SFR - Gestionnaire de connexion.)  -- C:\Program Files\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe 
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.)  -- C:\WINDOWS\System32\SnippingTool.exe 
O4 - Global Startup: C:\Users\allain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Hotmail.URL . (...)  -- C:\Users\allain\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Hotmail.URL
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop: allain - Raccourci.lnk . (...)  -- C:\Users\allain\dwhelper\Documents\allain 
O4 - GS\Desktop: dwhelper - Raccourci.lnk . (...)  -- C:\Users\allain\dwhelper 
O4 - GS\Desktop: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - Global Startup: C:\Users\allain\Desktop\lcl.url . (.Microsoft Corporation - Internet Explorer.)  -- C:\Users\allain\Desktop\lcl.url
O4 - GS\Desktop: PC Inspector File Recovery.lnk . (...)  -- C:\Program Files\Convar\PC Inspector File Recovery\Filerecovery.exe
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplusactive.com
~ IE Zone Confiance:  Scanned in 00mn 03s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{18F08A79-7A08-4956-A04C-2A71AA129724}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{18F08A79-7A08-4956-A04C-2A71AA129724}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: DQLWinService (DQLWinService) . (.Pas de propriétaire - DQLWinSe Application.) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) . (.Intel(R) Corporation - Intel(R) Factory Mode Service.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service:  (SFR.DashBoard.Service) . (.SFR - SFR.DashBoard.Service.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
~ Services: 10 Legitimates Scanned in 00mn 06s



---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Hoolapp For Android] (...) -- C:\Users\allain\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Hoolapp Init] (...) -- C:\Users\allain\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.)   [0]  =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{530B6C28-3A9C-4883-8F81-D00E14925358}] (...) -- C:\Users\allain\Downloads\LopSD.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{60B97DB1-8858-45B7-87B3-E2C921012F15}] (...) -- C:\Users\allain\Documents\davory\setup.exe (.not file.)   [0]
[MD5.7B1DE0647CED400FAB968A051742D11E] [APT] [{F7FC535A-6A6C-4748-B82C-705644B03364}] (.InstallShield Software Corporation.) -- C:\Windows\system32\ISUSPM.cpl   [73728]
~ Scheduled Task: 20 Legitimates Scanned in 00mn 02s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 40 Legitimates Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.6) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: BitComet 1.31 - (.CometNetwork.) [HKLM] -- BitComet
O42 - Logiciel: Easy-WebPrint - (...) [HKLM] -- Easy-WebPrint
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Security Task Manager 1.8g - (.Neuber Software.) [HKLM] -- Security Task Manager
O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 86 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amazon]
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
[HKCU\Software\BitComet]
[HKCU\Software\Email Adept, Ltd.]
[HKCU\Software\Hoolapp]
[HKCU\Software\IncrediMail]
[HKCU\Software\Neuber GbR]
[HKCU\Software\SoftLogica]
[HKLM\Software\Amazon]
~ Key Software: 180 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/10/2012 - 19:31:00 - [24,712] ----D C:\Program Files\BitComet
O43 - CFD: 05/04/2013 - 19:00:23 - [2,798] ----D C:\Program Files\Security Task Manager
O43 - CFD: 07/02/2010 - 23:21:30 - [0] ----D C:\Program Files\SoftLogica
O43 - CFD: 17/04/2012 - 20:29:41 - [0,884] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 05/04/2013 - 14:20:16 - [7,088] ----D C:\Users\allain\AppData\Roaming\BitComet
O43 - CFD: 19/02/2013 - 11:06:41 - [0] ----D C:\Users\allain\AppData\Roaming\HoolappForAndroid
O43 - CFD: 18/05/2012 - 15:17:12 - [69,850] ----D C:\Users\allain\AppData\Local\Amazon
O43 - CFD: 06/02/2010 - 15:50:34 - [0,000] ----D C:\Users\allain\AppData\Local\Cimaware
O43 - CFD: 27/09/2012 - 20:03:20 - [14,139] ----D C:\Users\allain\AppData\Local\DIGINEXT
~ 18 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 215 Legitimates Scanned in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/04/2013 - 07:28:33 ---A- . (...) -- C:\WINDOWS\System32\Drivers\lvuvc.hs   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/04/2013 - 18:24:41 ---A- . (...) -- C:\END   [0]
O44 - LFC:[MD5.3BE0F758B270DADDA548387866A64DAD] - 02/04/2013 - 21:27:45 ---A- . (...) -- C:\WINDOWS\System32\CanalPlayer.log   [244]
O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 21/03/2013 - 14:28:06 ---A- . (...) -- C:\WINDOWS\System32\InstallUtil.InstallLog   [830]
~ Files: 51 Legitimates Scanned in 00mn 11s



---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 5 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 15 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.3FBDAFF6F32DC37A9AC205F01F26DD8A] - 19/09/2006 - 17:57:00 ---A- . (.ASUSTek - 3xHybrid.) -- C:\WINDOWS\System32\Drivers\3xHybrid.sys   [2807936]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS   [9029]
~ Drivers:  Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: Lop SD - (.AngelDark & Eric71.)
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 06/03/2013 - Pas de propriétaire (aswRvrt)  .(...) - LEGACY_ASWRVRT
O64 - Services: CurCS - 06/03/2013 - Pas de propriétaire (aswVmm)  .(...) - LEGACY_ASWVMM
~ Legacy: 76 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [allain - jv2bqvhi.default] user_pref("extensions.crossrider.bic", "136e54d7a52daba8ee0289d52bc61a36");  =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {5DAD48A9-73EC-457D-B555-2ED2DE69EB35} - (Yahoo! France) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {C297DEE1-1D0F-41A1-AA31-4252FD2CED1C} - (Ask Search) - http://websearch.ask.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.194BB10C493F4EBF8FF7BB3A85BB7A55] [SPRF][24/02/2011] (...) -- C:\ProgramData\nvModes.dat   [31966]
[MD5.1196A6F3506BC51A2038293A8EA66E14] [SPRF][17/04/2012] (...) -- C:\Users\allain\AppData\Local\d3d9caps.dat   [680]
[MD5.CF7AA8B791B02630B39E78B9F0F61AA3] [SPRF][28/04/2011] (...) -- C:\Users\allain\AppData\Roaming\wklnhst.dat   [46]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll   [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe   [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll   [401408]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{9405F102-E45C-46DB-8430-2C0986CF14F4}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{4F5E4A73-49C3-4EA6-BD66-77C55F767185}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe
O87 - FAEL: "{5F01FDEA-6B1E-444B-B9D4-16618E76FACD}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{F892E0D8-80A4-4C30-978C-A45FEAC655B5}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O87 - FAEL: "{E4C9DA0C-295B-4E4B-8170-5CF32F556330}" | In - Public - P6 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "{4E8FC59E-829F-4627-B034-D1F96F8A9D58}" | In - Public - P17 - TRUE | .(.Intel(R) Corporation - Intel® Remoting Service.) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O87 - FAEL: "{413A46FB-AD8B-4A34-AFA7-D58DC5797CBF}" | In - Private - P6 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe
O87 - FAEL: "{24B4BCFE-B40D-4F4E-85F7-C498895B7C4B}" | In - Private - P17 - TRUE | .(.www.BitComet.com - BitComet - a BitTorrent Client.) -- C:\Program Files\BitComet\BitComet.exe
~ Firewall: 218 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11492 - (07/04/2013)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]   =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_FR Toolbar]   =>Toolbar.Conduit
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib]   =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]   =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
C:\Users\allain\AppData\LocalLow\uTorrentBar_FR   =>Toolbar.Conduit
~ Additionnel:  Scanned in 00mn 21s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "10A20A7EA57C09441A86C57A903A8D26" . (.MainConcept for Software Encoder.) -- c:\Windows\Installer\{E7A02A01-C75A-4490-A168-5CA709A3D862}\ARPPRODUCTICON.exe
~ Update Products: 60 Legitimates Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 11/09/2006 188416 |  (AlertService) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
SR - | Auto 06/03/2013 45248 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 28/12/2010 1296728 |  (BITCOMET_HELPER_SERVICE) . (.www.BitComet.com.) - C:\Program Files\BitComet\tools\BitCometService.exe
SR - | Auto  208896 |  (DQLWinService) . (...) - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
SS - | Auto 06/02/2010 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 06/02/2010 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/02/2011 182768 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 10/05/2006 29696 |  (IntelDHSvcConf) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
SS - | Demand 11/09/2006 75264 |  (ISSM) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
SR - | Auto 19/10/2006 61440 |  (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 07/10/2009 154136 |  (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SS - | Demand  26624 |  (M1 Server) . (...) - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
SS - | Demand 11/09/2006 167936 |  (MCLServiceATL) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
SS - | Demand 08/03/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 02/10/2012 645992 |  (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 10/10/2012 1258856 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 11/09/2006 544256 |  (Remote UI Service) . (.Intel(R) Corporation.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
SR - | Auto 23/11/2011 24496 |  (SFR.DashBoard.Service) . (.SFR.) - C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
SR - | Auto 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 18/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services:  Scanned in 00mn 00s



~ 1023 Legitimates filtered by white list
End of the scan (605 lines in 01mn 23s)(0)