~ Rapport de ZHPDiag v2013.9.23.44 - Nicolas Coolman (23/09/2013) ~ Lancé par Boedec (24/09/2013 15:37:54) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 23.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Kaspersky Internet Security 2013 v13.0.1.4190 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ Logiciels d'optimisation du système CCleaner v4.05 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 10 Stepping 0, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (56% free) System Restore: Activé (Enable) System drive C: has 22 GB (29%) free of 75 GB ---\\ Mode de connexion au système ~ Computer Name: MAISON ~ User Name: Boedec ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Boedec, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Boedec\Application Data\ ~ %Desktop% : C:\Documents and Settings\Boedec\Bureau\ ~ %Favorites% : C:\Documents and Settings\Boedec\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Boedec\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Boedec\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 75 Go) D: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: CD-ROM drive (Not Inserted) I: CD-ROM drive (Not Inserted) J: Floppy drive, Flash card reader, USB Key (Not Inserted) K: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 30 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/3659 ~ Mes musiques (My Musics) : 8/207 ~ Mes Videos (My Videos) : 3/7 ~ Mes Favoris (My Favorites) : 1/288 ~ Mes Documents (My Documents) : 3/5296 ~ Mon Bureau (My Desktop) : 1/18 ~ Menu demarrer (Programs) : 2/89 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376] [PID.220] [MD5.25A3B42033D056718A7BF29C2367EBDA] - (.F-Secure - Terra Giga Drive.) -- C:\Program Files\Orange\mes contenus - mon disque\mounter.exe [75648] [PID.656] [MD5.626CF4DB8FF93DF819A6FF479F8086C4] - (.Pas de propriétaire - Printer Communication System.) -- C:\WINDOWS\system32\lxdecoms.exe [598960] [PID.1184] [MD5.18A2E16BCB1D76DA0A7AE666FB755D35] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe [389016] [PID.3980] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [276376] [PID.1088] [MD5.D63791AEA2D98C5B3A2881A230613B8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8006144] [PID.4036] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Boedec\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://dts.search-results.com =>PUP.SearchResults G0 - GCSP: Preference [User Data\Default][HomePage] http://www.jeanmarcmorandini.com G0 - GCSP: Preference [User Data\Default] http://www.searchnu.com =>Adware.Bandoo ~ Google Browser: 3 Legitimates Filtered in 00mn 13s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\prefs.js C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\user.js M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\application-portable-papoo.xml M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\avg-secure-search.xml M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\dictionarist.xml M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\ecofree---france.xml M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\google-pl.xml M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\Search_Results.xml =>PUP.SearchResults M3 - MFPP: Plugins - [Boedec] -- C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\sweetim.xml =>PUP.SweetIM M3 - MFPP: Plugins - [Boedec] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml M3 - MFPP: Plugins - [Boedec] -- C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults M2 - MFEP: prefs.js [Boedec - 10zfds1v.default\{03B08592-E5B4-45ff-A0BE-C1D975458688}] [] Toolbar Buttons v1.0 (..) P2 - FPN: [HKLM] [@pandasoftware.com/nanoscan] - (...) -- (.not file.) ~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 12 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 19 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: MSN Messenger 7.5.lnk . (...) -- C:\WINDOWS\Installer\{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}\MsblIco.exe (.not file.) O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (...) -- C:\Program Files\Messenger\msmsgs.exe (.not file.) O4 - GS\Program [Boedec]: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\Boedec\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe ~ Global Startup: 19 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MI3AA1~1\INetRepl.dll O9 - Extra button: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline O9 - Extra button: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Clé orpheline O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ((no name)) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} ((no name)) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1E022AF0-6139-4F89-8938-9F8593B2FC76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E022AF0-6139-4F89-8938-9F8593B2FC76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{1E022AF0-6139-4F89-8938-9F8593B2FC76}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: lxde_device (lxde_device) . (.Pas de propriétaire - Printer Communication System.) - C:\WINDOWS\system32\lxdecoms.exe ~ Services: 4 Legitimates Filtered in 00mn 09s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Boedec\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Boedec\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck ) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: UsbBoost - (...) [HKLM] -- UsbBoost ~ Logic: 81 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Iminent] =>Adware.IMBooster [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>Adware.InstallCore [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\TorrentAid] [HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo [HKCU\Software\babidyxp] [HKCU\Software\iLivid] =>Adware.Bandoo [HKCU\Software\?? ?? ???? ????? ??? ?? ????] [HKLM\Software\Datamngr] =>PUP.Datamngr [HKLM\Software\Iminent] =>Adware.IMBooster [HKLM\Software\IncrediMail] [HKLM\Software\Mégathèque] [HKLM\Software\S3Inc] [HKLM\Software\Sauleo3] [HKLM\Software\SpeedTouch] [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\iLividSRTB] =>Adware.Bandoo ~ Key Software: 264 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/10/2010 - 11:31:43 - [0] ----D C:\Program Files\APC O43 - CFD: 09/04/2005 - 10:40:10 - [0,000] ----D C:\Program Files\CodedColor O43 - CFD: 10/11/2008 - 20:20:31 - [1,973] ----D C:\Program Files\EuroThink O43 - CFD: 16/01/2005 - 21:06:10 - [69,966] ----D C:\Program Files\FloorPlan 8.2 Setup O43 - CFD: 11/10/2007 - 22:09:38 - [0,492] ----D C:\Program Files\Ghost Navigator2_8_2 O43 - CFD: 03/12/2012 - 19:26:56 - [0,829] ----D C:\Program Files\Iminent =>Adware.IMBooster O43 - CFD: 13/01/2006 - 21:33:32 - [393,746] ----D C:\Program Files\Microïds O43 - CFD: 28/02/2006 - 20:03:47 - [0,049] ----D C:\Program Files\PLR O43 - CFD: 02/02/2008 - 21:47:36 - [0,002] ----D C:\Program Files\S3Inc O43 - CFD: 03/12/2012 - 19:27:06 - [2,251] ----D C:\Program Files\SweetIM =>PUP.SweetIM O43 - CFD: 29/04/2007 - 17:44:06 - [2,801] ----D C:\Program Files\Time Date O43 - CFD: 16/09/2011 - 18:45:45 - [0,008] ----D C:\Program Files\Ultra MP3 CD Burner O43 - CFD: 08/07/2010 - 21:00:12 - [6,923] ----D C:\Program Files\UsbBoost O43 - CFD: 09/03/2008 - 11:18:07 - [0,000] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\IM O43 - CFD: 11/04/2009 - 11:14:33 - [0,730] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\LxThumbs O43 - CFD: 31/01/2013 - 22:17:03 - [0,065] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM =>PUP.SweetIM O43 - CFD: 25/02/2010 - 20:59:55 - [0] ----D C:\Documents and Settings\All Users.WINDOWS\Application Data\xml_param O43 - CFD: 19/09/2012 - 21:51:18 - [0] -SH-D C:\Documents and Settings\All Users.WINDOWS\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} O43 - CFD: 19/09/2012 - 21:51:18 - [0] -SH-D C:\Documents and Settings\All Users.WINDOWS\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} O43 - CFD: 05/09/2013 - 17:35:20 - [30,383] -SH-D C:\Documents and Settings\All Users.WINDOWS\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 27/06/2008 - 20:14:53 - [0,000] ----D C:\Documents and Settings\Boedec\Application Data\LuckyTender O43 - CFD: 28/01/2012 - 20:42:56 - [3,598] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\Films O43 - CFD: 06/04/2008 - 00:20:53 - [11,732] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\IM O43 - CFD: 30/05/2009 - 06:40:42 - [0,001] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\Kakomira O43 - CFD: 17/02/2009 - 09:33:35 - [20,724] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\{20EDE18A-0F17-41D8-A8B7-552990B1E2E0} O43 - CFD: 17/02/2009 - 09:26:54 - [20,723] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\{984264BC-76C5-4185-9D49-846AA56E007E} O43 - CFD: 26/06/2009 - 18:31:28 - [20,915] ----D C:\Documents and Settings\Boedec\Local Settings\Application Data\{EF480C9A-060F-452A-AF3E-43598209C365} ~ Program Folder: 311 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C8CB90E735C0541D7BF2ABCA6076D752] - 24/09/2013 - 14:37:57 ---A- . (...) -- C:\Documents [120] O44 - LFC:[MD5.7A89D940E7F26506B9723350E0318D7F] - 24/09/2013 - 13:23:21 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.3822C1034BDACD49AA77D3CD3FC88BD9] - 24/09/2013 - 13:23:10 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.2BF5C56D90DD7862561756C9CBE2DBE9] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\comsetup.log [2061] O44 - LFC:[MD5.14ECC0F531BF0E729BC239C889D5C765] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\iis6.log [959] O44 - LFC:[MD5.51A836FFAA2A9DE5BB08DF65EDE18299] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.83E647CC718A95F3D7125414BD5ADE1E] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [1247] O44 - LFC:[MD5.80A802866C76155CB24BF1B36C1EBE07] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\ocmsn.log [342] O44 - LFC:[MD5.C424DAEE37079712A2FD70CC835B401A] - 20/09/2013 - 15:33:28 ---A- . (...) -- C:\WINDOWS\tsoc.log [2359] O44 - LFC:[MD5.94CB75420927C946B1B4E69F0AD8DB82] - 20/09/2013 - 15:33:21 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [6182] O44 - LFC:[MD5.0CA7DE5CBC5ADFB57FA5094445B6A061] - 20/09/2013 - 15:33:21 ---A- . (...) -- C:\WINDOWS\msgsocm.log [303] O44 - LFC:[MD5.9A33C2323705B4B88761514DC88C1BE0] - 20/09/2013 - 15:33:21 ---A- . (...) -- C:\WINDOWS\ocgen.log [2956] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 16/09/2013 - 05:50:39 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.2454F1455E4E402B1461E820847EFD8A] - 16/09/2013 - 05:50:39 ---A- . (...) -- C:\WINDOWS\win.ini [771] ~ Files: 34 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\lxdecoms.exe" [Enabled] .(..) -- C:\WINDOWS\system32\lxdecoms.exe O47 - AAKE:Key Export SP - "C:\Program Files\Lexmark 4800 Series\lxdemon.exe" [Enabled] .(..) -- C:\Program Files\Lexmark 4800 Series\lxdemon.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\lxdecfg.exe" [Enabled] .(..) -- C:\WINDOWS\system32\lxdecfg.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe" [Enabled] .(..) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdepswx.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe" [Enabled] .(..) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdejswx.exe O47 - AAKE:Key Export SP - "H:\Setup\HipServSetup.exe" [Enabled] .(...) -- H:\Setup\HipServSetup.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Lexmark 4800 Series\frun.exe" [Enabled] .(..) -- C:\Program Files\Lexmark 4800 Series\frun.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe ~ Keys Export: 34 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - backitup.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - bttray.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - cdspeed.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - coverdes.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - drivespeed.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - fixitcenter.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - googleearth.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - imagedrive.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - infotool.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - javaws.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - mytomtomsa.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - nero.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - neroburnrights.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - nerohome.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - neromediahome.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - neroscoutoptions.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - nerostartsmart.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - nerovision.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - orangesc.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - photosnap.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - photosnapviewer.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - presentationhost.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - recode.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - setup.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - setupneromobile.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - setupx.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - showtime.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - skype.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - soundtrax.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - tomtomhome.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - unins000.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - uninstall mytomtom3.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - uninstall tomtom home.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - waveedit.exe - "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe" O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{1117c9ac-4acb-11de-ab27-00115b1cb427}\AutoRun\command. (...) -- C:\WINDOWS\system32\cmd \C launch.bat (.not file.) O51 - MPSK:{ba79e6c7-7789-11de-a020-00115b1cb427}\AutoRun\command. (...) -- C:\WINDOWS\system32\cmd \C launch.bat (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.A9355A51698F6901B362EF738B15631D] - 23/09/2003 - 02:03:00 ---A- . (.Sensaura Ltd - Sensaura WDM 3D Audio Driver.) -- C:\WINDOWS\system32\Drivers\ALCXSENS.SYS [404736] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 29/05/2007 - C:\WINDOWS\system32\lxdecoms.exe (lxde_device) .(.Pas de propriétaire - Printer Communication System.) - LEGACY_LXDE_DEVICE ~ Legacy: 179 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Boedec\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Boedec - 10zfds1v.default] user_pref("browser.search.order.1", "Search Results"); O69 - SBI: prefs.js [Boedec - 10zfds1v.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6582734F-6EB4-4725-BB30-EC00F940ADA2} - (Yahoo! Search) - http://fr.search.yahoo.com =>Toolbar.Yahoo O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [DefaultScope] - (Search Results) - http://dts.search-results.com =>PUP.SearchResults O69 - SBI: SearchScopes [HKCU] {D9EDC3B6-FEB4-49AC-AC0A-E04F14CE31C5} - (ecofree.org - France) - http://www.ecofree.orgcenter%3BBGC%3A000000%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3AB3B3B3%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BLH%3A24%3BLW%3A100%3BFORID%3A11&opens=opens&hl=fr&Language=FR O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][23/01/2012] (...) -- C:\Documents and Settings\Boedec\Application Data\inst.exe [87608] [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][23/01/2012] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Documents and Settings\Boedec\Application Data\pcouffin.sys [47360] [MD5.3BD291478DC706A0CB0D0E65B8139DB9] [SPRF][22/09/2013] (...) -- C:\Documents and Settings\Boedec\Bureau\bitdefender-internet-security_2014_fr_14296.exe [7174472] [MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\WINDOWS\Downloaded Program Files\bdcore.dll [32] [MD5.2B1C4C87EB20ADDBA59DCA975E28DFFB] [SPRF][05/01/2009] (...) -- C:\WINDOWS\Downloaded Program Files\ipsupd.dll [741376] [MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\WINDOWS\Downloaded Program Files\libfn.dll [32] ~ Files: 14 Legitimates Filtered in 00mn 08s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "B8713814E4D47A84297554B49AA067E0" . (.SweetPacks Toolbar for Internet Explorer 4.6.) -- C:\WINDOWS\Installer\{4183178B-4D4E-48A7-9257-454BA90A760E}\ARPPRODUCTICON.exe =>PUP.SweetIM ~ Update Products: 83 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Mobile Device - {49BF5420-FA7F-11cf-8011-00A0C90A8F78} ~ MNS: 4 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.9E4A55BDA92BA036D762B7BC4F3AE273] [WIS][03/12/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\56960c.msi [1859072] =>PUP.SweetIM ~ WIS: 87 Legitimates Filtered in 00mn 06s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 23/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/01/2013 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe SS - | Disabled 14/04/2008 342624 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 20/07/2012 75648 | (DokanMounter) . (.F-Secure.) - C:\Program Files\Orange\mes contenus - mon disque\mounter.exe SS - | Disabled 09/01/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 09/01/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 04/04/2012 161664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe SS - | Auto 29/05/2007 99248 | (lxdeCATSCustConnectService) . (.Lexmark International, Inc..) - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdeserv.exe SR - | Auto 29/05/2007 598960 | (lxde_device) . (...) - C:\WINDOWS\system32\lxdecoms.exe SS - | Demand 17/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 08/09/2008 575488 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SS - | Disabled 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Disabled 09/11/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Disabled 23/01/2012 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ~ Services: Scanned in 00mn 07s ---\\ Scan Additionnel (O88) Database Version : 12930 - (23/09/2013) Clés trouvées (Keys found) : 69 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 9 [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{13e3ff74-b861-4e69-b223-43d711686832}] =>Adware.LuckyTender [HKLM\Software\Classes\CLSID\{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{3794345d-c731-4fbb-8471-73ddc8dffdd2}] =>Spyware.Passwords [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] =>Adware.Bandoo [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70}] =>Adware.LuckyTender [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent [HKLM\Software\Classes\Installer\Features\B8713814E4D47A84297554B49AA067E0] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\B8713814E4D47A84297554B49AA067E0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B8713814E4D47A84297554B49AA067E0] =>PUP.SweetIM [HKLM\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\iLividSRTB] =>Adware.Bandoo [HKCU\Software\ilivid] =>Adware.Bandoo [HKCU\Software\Iminent] =>Adware.IMBooster [HKLM\Software\Iminent] =>Adware.IMBooster [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}] =>PUP.SweetIM [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}] =>PUP.Datamngr [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}] =>PUP.Datamngr [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites [HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch [HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] =>PUP.SweetIM [HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^ C:\Program Files\Iminent =>Adware.IMBooster^ C:\Program Files\SweetIM =>PUP.SweetIM^ C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM =>PUP.SweetIM^ C:\Documents and Settings\Boedec\Application Data\LuckyTender =>Adware.LuckyTender C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\SearchPlugins\sweetim.xml =>PUP.SweetIM C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\Search_Results.xml =>PUP.SearchResults^ C:\Documents and Settings\Boedec\Application Data\Mozilla\Firefox\Profiles\10zfds1v.default\searchplugins\sweetim.xml =>PUP.SweetIM^ C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml =>PUP.SearchResults^ [HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo^ [HKCU\Software\iLivid] =>Adware.Bandoo^ [HKLM\Software\Datamngr] =>PUP.Datamngr^ C:\WINDOWS\Installer\{4183178B-4D4E-48A7-9257-454BA90A760E}\ARPPRODUCTICON.exe =>PUP.SweetIM^ C:\Windows\Installer\56960c.msi =>PUP.SweetIM^ ~ Additionnel Scan: 255410 Items scanned in 00mn 25s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults =>PUP.SearchResults ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype ~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites =>Adware.SimilarSites ~ MSI: 13 link(s) detected in 00mn 26s ~ 1263 Legitimates filtered by white list End of the scan (635 lines in 01mn 24s)(0)