Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.3.31.116 par Nicolas Coolman, Update du 31/03/2013
Run by family at 01/04/2013 10:39:53
State : Version � jour.
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521 (Defaut)
GCIE: Google Chrome v25.0.1364.172
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 124 GB (21%) free of 583 GB
---\\ Logged in mode
~ Computer Name: FAMILY-PC
~ User Name: family
~ All Users Names: UpdatusUser, HomeGroupUser$, family, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\family\AppData\Roaming\
~ %Desktop% : C:\Users\family\Desktop\
~ %Favorites% : C:\Users\family\Favorites\
~ %LocalAppData% : C:\Users\family\AppData\Local\
~ %StartMenu% : C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 124 Go of 583 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/03/2013 - 14:26:15.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/3992
~ Mes musiques (My Musics) : 48/789
~ Mes Videos (My Videos) : 1/518
~ Mes Favoris (My Favorites) : 1/58
~ Mes Documents (My Documents) : 2/279
~ Mon Bureau (My Desktop) : 1/93
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lanc�s
[MD5.143ECB242AF6ECE366AB477828E29D44] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.3052]
[MD5.095184B28B8414A6D2D09C1CE7C7B86F] - (.Orange - Executable Orange Inside.) -- C:\Users\family\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530520] [PID.2432]
[MD5.6DCFADDA4F2A6D3396D13F0554D672E8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584] [PID.3240]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.3284]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.3424]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.3468]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.3520]
[MD5.916A2C4EB028604783FD5EA169236C1D] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe [421888] [PID.3528]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3536]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576] [PID.3552]
[MD5.66275E52615AF9D2F18EB3442D00CFE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.2452]
[MD5.2859EBC065D2E1CCC94161CE28BAC085] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770560] [PID.3924]
[MD5.99B6CE3840F5AD5C4B13B666249AA467] - (.Microsoft Corporation - Microsoft Search Client Server.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe [316208] [PID.4544]
[MD5.CC5CFE5A9C826B934DC3BE176617E182] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6306816] [PID.2776]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1624]
[MD5.28DDEEEC44E988657B732CF404D504CB] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1492840] [PID.1772]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1804]
[MD5.B5D37852D666E863E8051C1001548328] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448] [PID.1872]
[MD5.B7C53DA1C73FF39F4A6248643EFD979A] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1266464] [PID.1944]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\p4xprpvb.default\prefs.js (.not file.)
C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\p4xprpvb.default\user.js
M3 - MFPP: Plugins - [family] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser: Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://r.orange.fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) [64Bits] - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) [64Bits] - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F3 - REG:win.ini: run=C:\PROGRA~2\KAward\kl.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 14981
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {02478D38-C3F9-4efb-9B51-7695ECA05670} Cl� orpheline
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Cl� orpheline
O2 - BHO: (no name) [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} Cl� orpheline
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Cl� orpheline
~ BHO: 12 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe (.not file.)
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propri�taire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [PC-Doctor for Windows localizer] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\family\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [fklogger.exe] C:\Program Files (x86)\FKRMonitor\fklogger.exe (.not file.)
O4 - HKCU\..\Run: [ASKL Startup] C:\Program Files (x86)\KAward\kl.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [4shared Desktop] C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [HPCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Remote Solution] . (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [OrangeInside] C:\Users\UpdatusUser\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [fklogger.exe] C:\Program Files (x86)\FKRMonitor\fklogger.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [ASKL Startup] C:\Program Files (x86)\KAward\kl.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Akamai NetSession Interface] C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [4shared Desktop] C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: FreeFileViewer.lnk . (.Bitberry Software - Free File Viewer.) -- C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: 77zip.lnk . (.Igor Pavlov - 77Zip File Manager.) -- C:\Program Files (x86)\77zip\77zip.exe
O4 - GS\Desktop: Documents -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop: Images -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop: MP Manager.lnk . (.MPMAN - MP Manager.) -- C:\Users\family\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe
O4 - GS\Desktop: Musique -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
O4 - Global Startup: C:\Users\family\Desktop\My Google.url . (...) -- C:\Users\family\Desktop\My Google.url
~ Global Startup: Scanned in 00mn 00s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: KlgRunSvc (KlgRunSvc) . (...) - C:\Program Files (x86)\Sondle Software\ScrKlg\RunSvc.exe (.not file.)
O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
~ Services: 10 Legitimates Scanned in 00mn 06s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Free File Viewer Update Checker.job [404]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PCDRScheduledMaintenance.job [544]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.66275E52615AF9D2F18EB3442D00CFE3] [APT] [CLMLSvc] (.CyberLink.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216]
[MD5.00000000000000000000000000000000] [APT] [DVDAgent] (...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Launch 19355] (...) -- C:\Program Files (x86)\PC Sync\Voxsync.exe (.not file.) [0]
[MD5.9879731CDFCE67A1214DD636DEBF62A3] [APT] [PCDRScheduledMaintenance] (.PC-Doctor, Inc..) -- C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [147440]
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm Process] (...) -- C:\Users\family\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe (.not file.) [0]
[MD5.A830AEFF4C87333BBE0222D976F47E6D] [APT] [{0F14F90F-A18E-410E-BA4E-3EADE7A1DB39}] (.ESTsoft Corp..) -- C:\Users\family\Downloads\ALZip.exe [6852616]
[MD5.00000000000000000000000000000000] [APT] [{3249EC17-8164-4E4C-AADA-C659F6E9D983}] (...) -- C:\Users\family\Documents\Nos documents\GPS\Navirad_GPS2_V4_Utilitaire_Installation.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6138942F-DB17-4C77-A9A6-5B96CDE4F21F}] (...) -- C:\Users\family\Documents\Nos documents\GPS\Navirad_USB_win7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{69E6B1A1-E8D8-4BD2-B623-EEF2929D904A}] (...) -- C:\Users\family\Documents\ordi\k9-webprotection.exe (.not file.) [0]
~ Scheduled Task: 36 Legitimates Scanned in 00mn 06s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (KlgRunDrv) . (. - .) - C:\Windows\system32\KlgDrv.sys (.not file.)
~ Drivers: 63 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: 77zip - (...) [HKLM][64Bits] -- 77zip
O42 - Logiciel: ALTools Update - (.ESTsoft Corp..) [HKLM][64Bits] -- ALUpdate_is1
O42 - Logiciel: ALZip - (.ESTsoft Corp..) [HKLM][64Bits] -- ALZip_is1
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Delta Chrome Toolbar - (.Visual Tools.) [HKLM][64Bits] -- Delta Chrome Toolbar
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: Free File Viewer 2011 - (.Bitberry Software.) [HKLM][64Bits] -- FreeFileViewer_is1
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Script Font Trial, Version 4.1 - (.Elfring Fonts, Inc..) [HKLM][64Bits] -- Scripts-efi_is1
O42 - Logiciel: ToolbarFR - (.Orange.) [HKLM][64Bits] -- {A047FE02-C91C-41CB-898C-4ED21B86025A}
~ Logic: 171 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\savevid]
[HKCU\Software\Bitberry]
[HKCU\Software\Boolat Games]
[HKCU\Software\DataMngr]
[HKCU\Software\Delta]
[HKCU\Software\Siber Systems]
[HKCU\Software\Softonic]
[HKCU\Software\peter]
[HKLM\Software\Tarma Installer]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Monolith Productions]
[HKLM\Software\Wow6432Node\Siber Systems]
[HKLM\Software\Wow6432Node\Topala Software Solutions]
~ Key Software: 247 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/03/2013 - 15:33:03 - [3,592] ----D C:\Program Files (x86)\77zip
O43 - CFD: 31/03/2013 - 15:32:26 - [2,768] ----D C:\Program Files (x86)\Delta
O43 - CFD: 26/05/2011 - 07:24:52 - [0,004] ----D C:\Program Files (x86)\FKRMonitor
O43 - CFD: 10/03/2011 - 09:39:32 - [29,975] ----D C:\Program Files (x86)\FreeFileViewer
O43 - CFD: 17/02/2013 - 13:45:55 - [4,594] ----D C:\Program Files (x86)\GUM25A9.tmp
O43 - CFD: 31/03/2012 - 12:52:04 - [4,470] ----D C:\Program Files (x86)\GUMC30.tmp
O43 - CFD: 26/02/2012 - 12:39:15 - [0] ----D C:\Program Files (x86)\PC Sync
O43 - CFD: 10/03/2012 - 10:46:09 - [0,000] ----D C:\Program Files (x86)\SavevidPlug-in
O43 - CFD: 18/12/2012 - 18:24:59 - [1,785] ----D C:\Program Files (x86)\Script Font Trial
O43 - CFD: 20/02/2013 - 20:03:16 - [0] ----D C:\Program Files (x86)\Sondle Software
O43 - CFD: 17/02/2013 - 13:11:03 - [2,214] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 31/03/2013 - 13:01:25 - [1,294] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 31/03/2013 - 15:46:21 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 31/03/2013 - 15:32:35 - [7,114] ----D C:\ProgramData\BrowserProtect
O43 - CFD: 12/03/2011 - 09:23:12 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 14/03/2011 - 19:51:08 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 17/02/2013 - 13:21:02 - [15,911] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 31/03/2013 - 15:33:07 - [2,591] ----D C:\ProgramData\Tarma Installer
O43 - CFD: 26/01/2010 - 21:58:25 - [5,468] --H-D C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
O43 - CFD: 10/03/2012 - 10:46:09 - [9,758] --H-D C:\ProgramData\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}
O43 - CFD: 23/07/2012 - 20:24:44 - [0,012] ----D C:\Users\family\AppData\Roaming\Boolat Games
O43 - CFD: 31/03/2013 - 15:32:25 - [0,259] ----D C:\Users\family\AppData\Roaming\Delta
O43 - CFD: 31/03/2013 - 15:32:37 - [0,308] ----D C:\Users\family\AppData\Roaming\File Scout
O43 - CFD: 14/03/2011 - 09:30:09 - [6,259] ----D C:\Users\family\AppData\Roaming\FKRMonitor
O43 - CFD: 30/03/2013 - 14:29:46 - [0,000] ----D C:\Users\family\AppData\Roaming\FreeFileViewer
O43 - CFD: 11/03/2012 - 13:59:39 - [0,001] ----D C:\Users\family\AppData\Roaming\go
O43 - CFD: 31/10/2011 - 23:18:54 - [0,001] ----D C:\Users\family\AppData\Roaming\newfolder3
O43 - CFD: 02/01/2011 - 20:01:45 - [0,000] ----D C:\Users\family\AppData\Roaming\Registry Mechanic
O43 - CFD: 27/01/2011 - 19:00:34 - [0,018] ----D C:\Users\family\AppData\Roaming\Shareaza
O43 - CFD: 20/02/2013 - 19:57:00 - [1,329] ----D C:\Users\family\AppData\Roaming\Sondle Soft
O43 - CFD: 14/03/2011 - 19:51:09 - [0] ----D C:\Users\family\AppData\Local\eMule
O43 - CFD: 31/10/2011 - 23:21:44 - [0,002] ----D C:\Users\family\AppData\Local\Omnifone_Ltd
O43 - CFD: 18/12/2010 - 10:41:47 - [0,000] ----D C:\Users\family\AppData\Local\Shareaza
O43 - CFD: 31/03/2013 - 15:33:03 - [0,003] ----D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip
O43 - CFD: 17/02/2013 - 10:32:29 - [0] ----D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
~ 855 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1182 Legitimates Scanned in 00mn 21s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.071D207F68819D63F0D544064F663C34] - 31/03/2013 - 13:18:55 ---A- . (...) -- C:\Windows\ntbtlog.txt [211134]
O44 - LFC:[MD5.8AE19C0C6FD69184AD35EED997BF5863] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\SysNative\SFComm64.dll [86352]
O44 - LFC:[MD5.FF4BDE67B1C454D4B0A14F10B1D8C1EC] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\SysNative\SFDAPO64.dll [82768]
O44 - LFC:[MD5.6E70EE8A7B6220F7A2AEE8ED38603992] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\SysNative\SFHAPO64.dll [82768]
O44 - LFC:[MD5.2EF9506C67BADF2310A5E8067D093EF3] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\SysNative\SFProc64.dll [180048]
O44 - LFC:[MD5.C054F86E675629AEC51D78EEB87D4415] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\SysNative\SFSAPO64.dll [83792]
O44 - LFC:[MD5.8AE19C0C6FD69184AD35EED997BF5863] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\System32\SFComm64.dll [86352]
O44 - LFC:[MD5.FF4BDE67B1C454D4B0A14F10B1D8C1EC] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\System32\SFDAPO64.dll [82768]
O44 - LFC:[MD5.6E70EE8A7B6220F7A2AEE8ED38603992] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\System32\SFHAPO64.dll [82768]
O44 - LFC:[MD5.2EF9506C67BADF2310A5E8067D093EF3] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\System32\SFProc64.dll [180048]
O44 - LFC:[MD5.C054F86E675629AEC51D78EEB87D4415] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\System32\SFSAPO64.dll [83792]
O44 - LFC:[MD5.A7BE564B3A7B04B4CE42902C5684C8A1] - 17/03/2013 - 14:36:18 ---A- . (...) -- C:\Windows\IE10_main.log [10110]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 17/03/2013 - 14:26:15 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 17/03/2013 - 14:26:15 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.C510655489B80726883CFE07ADCE8A27] - 15/03/2013 - 06:53:06 ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb [17738]
O44 - LFC:[MD5.C510655489B80726883CFE07ADCE8A27] - 15/03/2013 - 06:53:06 RSHAD . (...) -- C:\Windows\System32\nvinfo.pb [17738]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 19/06/2012 - 13:31:00 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
~ Files: 330 Legitimates Scanned in 00mn 06s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E7CC57E359543906BF59141AAA948332] - 01/04/2013 - 02:34:11 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-1ABE92F9.pf
O45 - LFCP:[MD5.8D9033D912ACC3C480154812BF2CEA2C] - 01/04/2013 - 09:24:04 ---A- - C:\Windows\Prefetch\FFVCHECKFORUPDATES.EXE-6A90D98E.pf
O45 - LFCP:[MD5.89E9A6E0FCDB33D647B555F114D012DF] - 01/04/2013 - 09:24:06 ---A- - C:\Windows\Prefetch\SMARTMENU.EXE-67945271.pf
O45 - LFCP:[MD5.13784918CC6F0C8CD609EE17EB7A994E] - 01/04/2013 - 09:24:09 ---A- - C:\Windows\Prefetch\OUSOFTWAREMANAGER.EXE-D8DB207F.pf
O45 - LFCP:[MD5.D8E8058DC15E3324310955C0416FC9D6] - 01/04/2013 - 09:29:39 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-EAF067F3.pf
O45 - LFCP:[MD5.3B3EB338E87651FC83E5F4CF36E5A68A] - 01/04/2013 - 09:34:06 ---A- - C:\Windows\Prefetch\SCSERVER.EXE-17D31468.pf
O45 - LFCP:[MD5.FCE0FBD69DF3A6A78BF8D3D0D56C7CF6] - 31/03/2013 - 16:00:10 ---A- - C:\Windows\Prefetch\PCDRCUI.EXE-B34B7FE9.pf
O45 - LFCP:[MD5.EE15A05CAAF2A3B92003682933F4C459] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOBLUETOOTH.P5X-93B14468.pf
O45 - LFCP:[MD5.DD2E2C03185E99EC13E25467ADB628F9] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOCSMI.P5X-690B0EBE.pf
O45 - LFCP:[MD5.F31BA51C91D004F3A3E8163577D05519] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSMBIOS2.P5X-A3FFC2DD.pf
O45 - LFCP:[MD5.EDB33239642E38A535631FA4362E77F8] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOCOMMUNICATION.P5X-93F46D38.pf
O45 - LFCP:[MD5.821C7344CB7232752C2F50C2686ED8F5] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOPERIPHERAL.P5X-CC7707CE.pf
O45 - LFCP:[MD5.10FFC402F95D54D179B184474E394E04] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSTORAGE.P5X-5E5944BB.pf
O45 - LFCP:[MD5.579BA863EB8099C9C46FAD979A853A06] - 31/03/2013 - 16:00:41 ---A- - C:\Windows\Prefetch\PCDRSYSINFOVIDEOCAPTURE.P5X-71785639.pf
O45 - LFCP:[MD5.5D7DB41E2A6E77EF9ED6F40FDE9F8FC9] - 31/03/2013 - 16:00:43 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSOFTWARE.P5X-95F946C9.pf
O45 - LFCP:[MD5.6A828E0A1A315F5CF08633D3D0D8E891] - 31/03/2013 - 16:07:35 ---A- - C:\Windows\Prefetch\PCDRHARDDRIVE.P5X-D8093460.pf
O45 - LFCP:[MD5.6BC1E430C68EB14CF75A07664D80B802] - 31/03/2013 - 16:08:03 ---A- - C:\Windows\Prefetch\PCDRSMART2.P5X-6BDEBD58.pf
O45 - LFCP:[MD5.E30373CECAA16368098BB3E5773E8B60] - 31/03/2013 - 16:08:25 ---A- - C:\Windows\Prefetch\PCDRNETWORK.P5X-604E4ACD.pf
O45 - LFCP:[MD5.83C9641B368635C8BE8965CF02220117] - 31/03/2013 - 16:08:37 ---A- - C:\Windows\Prefetch\PCDRCMOS.P5X-72F5C415.pf
O45 - LFCP:[MD5.B51944206059825D706DEF394C73B2DF] - 31/03/2013 - 16:08:59 ---A- - C:\Windows\Prefetch\PCDRCPU.P5X-CD7024A3.pf
O45 - LFCP:[MD5.20DC52F4AB8F0C3ECA8006FC60498819] - 31/03/2013 - 16:19:23 ---A- - C:\Windows\Prefetch\PCDRMEMORY.P5X-B85149C8.pf
O45 - LFCP:[MD5.D9D717A5B36CAEA18A780D3C7E3BF59A] - 31/03/2013 - 16:20:07 ---A- - C:\Windows\Prefetch\PCDRPCIEXPRESS.P5X-5DE7A5C9.pf
O45 - LFCP:[MD5.ED35CE6EFE3CFD2558D7720EB7947DBE] - 31/03/2013 - 16:20:09 ---A- - C:\Windows\Prefetch\PCDRPCI.P5X-4B95EBFF.pf
O45 - LFCP:[MD5.0B15668B82247531ED947F925996F2B5] - 31/03/2013 - 16:20:17 ---A- - C:\Windows\Prefetch\PCDRSYSTEMBOARD.P5X-012CC9F4.pf
O45 - LFCP:[MD5.44B646E14D6B03619FB86D500BD635C6] - 31/03/2013 - 16:20:20 ---A- - C:\Windows\Prefetch\PCDRUSB.P5X-A062B235.pf
~ Prefetcher: 125 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Keys: Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 01/01/2005 - 10:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4682]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/04/2013 - 09:33:04 ---A- C:\Users\family\AppData\Roaming\FreeFileViewer\updcheck.cfg [217]
O61 - LFC: 29/03/2013 - 19:11:27 ---A- C:\Users\family\Downloads\SoftonicDownloader_pour_microsoft-visual-c.exe [393080]
O61 - LFC: 29/03/2013 - 19:43:17 ---A- C:\Users\family\AppData\Roaming\Microsoft\VCExpress\9.0\ActivityLog.xsl [4278]
O61 - LFC: 31/03/2013 - 11:32:39 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271137]
O61 - LFC: 31/03/2013 - 12:44:09 ---A- C:\Users\family\Downloads\Lil Wayne - Love Me (Explicit) ft. Drake, Future.mp3 [4239256]
O61 - LFC: 31/03/2013 - 14:29:46 ---A- C:\Users\family\Downloads\Hosts-MEP.zip [69835]
O61 - LFC: 31/03/2013 - 14:32:37 ---A- C:\Users\family\AppData\Roaming\File Scout\uninst.exe [62902]
O61 - LFC: 31/03/2013 - 14:35:24 ---A- C:\Users\family\Downloads\test.dat [4]
O61 - LFC: 31/03/2013 - 14:38:23 ---A- C:\Users\family\Downloads\MEP-CleanTemps.zip [46424]
O61 - LFC: 31/03/2013 - 14:40:05 ---A- C:\Users\family\Downloads\MEP-CleanTemps\CleanTemps.lnk [1413]
O61 - LFC: 31/03/2013 - 20:01:05 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\Local State [31015]
O61 - LFC: 31/03/2013 - 20:01:05 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 204 Legitimates Scanned in 00mn 13s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 11/04/2012 - C:\Windows\System32\DRIVERS\amd_sata.sys (amd_sata) .(.Advanced Micro Devices - AHCI 1.2 Device Driver.) - LEGACY_AMD_SATA
O64 - Services: CurCS - 22/11/2010 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
~ Legacy: 87 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.js>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg>[HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg>[HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {1FEED49C-68AC-4733-95BB-92EF80C2E6BB} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (4shared.com Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {D71B5486-5893-4344-96D0-5EF9788F0701} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.403143999F027BA46A48F7B308C6446A] [SPRF][21/12/2011] (...) -- C:\Users\family\AppData\Local\Temp\Installhelper.dll [1506304]
[MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][25/08/2011] (...) -- C:\Users\family\AppData\Local\Temp\SRAssetsHelper.dll [1085952]
[MD5.A912910681016E95F237D25E43494205] [SPRF][20/10/2010] (...) -- C:\Users\family\AppData\Local\Temp\uninstall.exe [136272]
[MD5.605A171C61A0607BDCF6BE80ED07CF95] [SPRF][09/01/2011] (.AnjoCaido - Free launcher for Minecraft Alpha.) -- C:\Users\family\Desktop\MinecraftUpdate.exe [695296]
[MD5.098F6BCD4621D373CADE4E832627B4F6] [SPRF][31/03/2013] (...) -- C:\Users\family\Desktop\test.dat [4]
[MD5.7492BF962C2948FDAD6BABCDE4B0CE71] [SPRF][29/03/2013] (.Microsoft Corporation - Microsoft Visual C++ 2008 Express Edition - FRA Setup.) -- C:\Users\family\Desktop\vcsetup.exe [2743800]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\bdcore.dll [32]
[MD5.169308DD5FBA9E9C34458248FBA135E4] [SPRF][12/12/2010] (...) -- C:\Windows\Downloaded Program Files\cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe [99936]
[MD5.169308DD5FBA9E9C34458248FBA135E4] [SPRF][20/12/2010] (...) -- C:\Windows\Downloaded Program Files\cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe [99936]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.D4B7A651CB12B6C1A4FEB9FB5115CFE7] [SPRF][12/07/2000] (...) -- C:\Windows\Downloaded Program Files\fxfileop.dll [36864]
[MD5.2B1C4C87EB20ADDBA59DCA975E28DFFB] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\ipsupd.dll [741376]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\libfn.dll [32]
[MD5.81093A8A1719E11B22B586E10BFDC523] [SPRF][31/10/2001] (...) -- C:\Windows\Downloaded Program Files\uninst.bat [118]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{81139382-4475-45AA-A979-F546AB7C62BE}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe (.not file.)
O87 - FAEL: "{66190506-0323-4BA9-A66F-0CF244C751B3}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe (.not file.)
O87 - FAEL: "{1117D100-928B-4EDC-96AB-27520B1C60C6}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe (.not file.)
O87 - FAEL: "{C203D922-4E83-4668-BB24-ABB80ACA3BD3}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe (.not file.)
O87 - FAEL: "{04FC1F46-42D2-465A-A42D-DE1783BFB296}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe (.not file.)
O87 - FAEL: "{DD0EB991-B962-4CC5-9FBE-87ED47589A6E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{84718F69-D96B-4070-96A7-D50CDE02FD52}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{524AFDD7-A89E-4413-8457-ED1B7457178B}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "UDP Query User{31FE9F82-074A-4E5E-B465-35F416F4ADA4}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "TCP Query User{11BE5218-0138-478B-8539-F3C7920F613C}C:\program files (x86)\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{8BF8ED2E-D300-46C6-94C2-ABE90527B6FE}C:\program files (x86)\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "{2C42C6BD-ED09-471B-B76C-E71DCC6DE72E}" | In - None - P17 - TRUE | .(.Bitberry Software - Bitberry Software Update Checker.) -- C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O87 - FAEL: "TCP Query User{6FE7259B-7229-4B00-A982-359EA8205F61}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{CB5B181D-58E9-471A-B44D-C1FA9D8F22CD}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "TCP Query User{08E9C355-6B4D-4FA6-8D62-79E3C65B30AA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "UDP Query User{4DBAD578-1488-4535-9A43-1D54889EF659}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "TCP Query User{F8A2C798-AAC6-4DA4-AED4-535C274B9077}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Private - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{7E1E1022-AE10-41E1-A6AD-34BDF8A1F5B8}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Private - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "{5A4DB839-9DFD-4A25-B3E9-EC62A13AEAB3}" |In - Private - P6 - TRUE | .(...) -- C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{8A3CA953-16B0-4F39-BEE3-A7E7CF32BDBC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{A015FB92-5B16-45CF-A612-984377BCB067}C:\users\family\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\family\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{8D6DBBAA-0CB9-483C-9B3B-95EC0C962F99}C:\users\family\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\family\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{85B9B26B-4804-4718-872D-937BB3A8E946}C:\program files (x86)\java\jre6\bin\javaw.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\java\jre6\bin\javaw.exe (.not file.)
O87 - FAEL: "UDP Query User{7E4B05E2-78D7-4DFD-B3BF-23C3B7E96ECF}C:\program files (x86)\java\jre6\bin\javaw.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\java\jre6\bin\javaw.exe (.not file.)
~ Firewall: 258 Legitimates Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.11349 - (31/03/2013)
Cl�s trouv�es (Keys found) : 59
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2769726] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2769726] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
~ Additionnel: Scanned in 00mn 51s
---\\ Product Upgrade Codes (O90)
~ Update Products: 148 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 12/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 0 | (KlgRunSvc) . (...) - C:\Program Files (x86)\Sondle Software\ScrKlg\RunSvc.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 30/12/1899 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by family at 01/04/2013 10:44:11
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
End of the scan (790 lines in 04mn 17s)(0)
Run by family at 01/04/2013 10:39:53
State : Version � jour.
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521 (Defaut)
GCIE: Google Chrome v25.0.1364.172
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 124 GB (21%) free of 583 GB
---\\ Logged in mode
~ Computer Name: FAMILY-PC
~ User Name: family
~ All Users Names: UpdatusUser, HomeGroupUser$, family, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\family\AppData\Roaming\
~ %Desktop% : C:\Users\family\Desktop\
~ %Favorites% : C:\Users\family\Favorites\
~ %LocalAppData% : C:\Users\family\AppData\Local\
~ %StartMenu% : C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 124 Go of 583 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/03/2013 - 14:26:15.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/3992
~ Mes musiques (My Musics) : 48/789
~ Mes Videos (My Videos) : 1/518
~ Mes Favoris (My Favorites) : 1/58
~ Mes Documents (My Documents) : 2/279
~ Mon Bureau (My Desktop) : 1/93
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lanc�s
[MD5.143ECB242AF6ECE366AB477828E29D44] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.3052]
[MD5.095184B28B8414A6D2D09C1CE7C7B86F] - (.Orange - Executable Orange Inside.) -- C:\Users\family\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530520] [PID.2432]
[MD5.6DCFADDA4F2A6D3396D13F0554D672E8] - (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584] [PID.3240]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.3284]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.3424]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.3468]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.3520]
[MD5.916A2C4EB028604783FD5EA169236C1D] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe [421888] [PID.3528]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3536]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576] [PID.3552]
[MD5.66275E52615AF9D2F18EB3442D00CFE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.2452]
[MD5.2859EBC065D2E1CCC94161CE28BAC085] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770560] [PID.3924]
[MD5.99B6CE3840F5AD5C4B13B666249AA467] - (.Microsoft Corporation - Microsoft Search Client Server.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe [316208] [PID.4544]
[MD5.CC5CFE5A9C826B934DC3BE176617E182] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6306816] [PID.2776]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1624]
[MD5.28DDEEEC44E988657B732CF404D504CB] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1492840] [PID.1772]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1804]
[MD5.B5D37852D666E863E8051C1001548328] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448] [PID.1872]
[MD5.B7C53DA1C73FF39F4A6248643EFD979A] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1266464] [PID.1944]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\p4xprpvb.default\prefs.js (.not file.)
C:\Users\family\AppData\Roaming\Mozilla\Firefox\Profiles\p4xprpvb.default\user.js
M3 - MFPP: Plugins - [family] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser: Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://r.orange.fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: (no name) [64Bits] - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) [64Bits] - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F3 - REG:win.ini: run=C:\PROGRA~2\KAward\kl.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 14981
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {02478D38-C3F9-4efb-9B51-7695ECA05670} Cl� orpheline
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Cl� orpheline
O2 - BHO: (no name) [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} Cl� orpheline
O2 - BHO: delta Helper Object [64Bits] - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper [64Bits] - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Cl� orpheline
~ BHO: 12 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe (.not file.)
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propri�taire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [PC-Doctor for Windows localizer] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe
O4 - HKLM\..\Run: [fssui] . (.Microsoft Corporation - Windows Live Family Safety Filter.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\family\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [fklogger.exe] C:\Program Files (x86)\FKRMonitor\fklogger.exe (.not file.)
O4 - HKCU\..\Run: [ASKL Startup] C:\Program Files (x86)\KAward\kl.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKCU\..\Run: [4shared Desktop] C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [HPCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Remote Solution] . (.Hewlett-Packard - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [OrangeInside] C:\Users\UpdatusUser\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [fklogger.exe] C:\Program Files (x86)\FKRMonitor\fklogger.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [ASKL Startup] C:\Program Files (x86)\KAward\kl.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [Akamai NetSession Interface] C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\Run: [4shared Desktop] C:\Program Files (x86)\4shared Desktop\desktop.exe (.not file.)
O4 - HKUS\S-1-5-21-2709105126-804972407-2606609801-1008\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: FreeFileViewer.lnk . (.Bitberry Software - Free File Viewer.) -- C:\Program Files (x86)\FreeFileViewer\FreeFileViewer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: 77zip.lnk . (.Igor Pavlov - 77Zip File Manager.) -- C:\Program Files (x86)\77zip\77zip.exe
O4 - GS\Desktop: Documents -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop: Images -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop: MP Manager.lnk . (.MPMAN - MP Manager.) -- C:\Users\family\AppData\Roaming\MPMAN\MP Manager\MP Manager.exe
O4 - GS\Desktop: Musique -.lnk . (...) -- C:\Users\family\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
O4 - Global Startup: C:\Users\family\Desktop\My Google.url . (...) -- C:\Users\family\Desktop\My Google.url
~ Global Startup: Scanned in 00mn 00s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
~ IE Zone Confiance: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{38EE2F91-C9DF-418C-B0D2-5B940E752F42}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: KlgRunSvc (KlgRunSvc) . (...) - C:\Program Files (x86)\Sondle Software\ScrKlg\RunSvc.exe (.not file.)
O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
~ Services: 10 Legitimates Scanned in 00mn 06s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Free File Viewer Update Checker.job [404]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PCDRScheduledMaintenance.job [544]
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.66275E52615AF9D2F18EB3442D00CFE3] [APT] [CLMLSvc] (.CyberLink.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216]
[MD5.00000000000000000000000000000000] [APT] [DVDAgent] (...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Launch 19355] (...) -- C:\Program Files (x86)\PC Sync\Voxsync.exe (.not file.) [0]
[MD5.9879731CDFCE67A1214DD636DEBF62A3] [APT] [PCDRScheduledMaintenance] (.PC-Doctor, Inc..) -- C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [147440]
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm Process] (...) -- C:\Users\family\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe (.not file.) [0]
[MD5.A830AEFF4C87333BBE0222D976F47E6D] [APT] [{0F14F90F-A18E-410E-BA4E-3EADE7A1DB39}] (.ESTsoft Corp..) -- C:\Users\family\Downloads\ALZip.exe [6852616]
[MD5.00000000000000000000000000000000] [APT] [{3249EC17-8164-4E4C-AADA-C659F6E9D983}] (...) -- C:\Users\family\Documents\Nos documents\GPS\Navirad_GPS2_V4_Utilitaire_Installation.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6138942F-DB17-4C77-A9A6-5B96CDE4F21F}] (...) -- C:\Users\family\Documents\Nos documents\GPS\Navirad_USB_win7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{69E6B1A1-E8D8-4BD2-B623-EEF2929D904A}] (...) -- C:\Users\family\Documents\ordi\k9-webprotection.exe (.not file.) [0]
~ Scheduled Task: 36 Legitimates Scanned in 00mn 06s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (KlgRunDrv) . (. - .) - C:\Windows\system32\KlgDrv.sys (.not file.)
~ Drivers: 63 Legitimates Scanned in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: 77zip - (...) [HKLM][64Bits] -- 77zip
O42 - Logiciel: ALTools Update - (.ESTsoft Corp..) [HKLM][64Bits] -- ALUpdate_is1
O42 - Logiciel: ALZip - (.ESTsoft Corp..) [HKLM][64Bits] -- ALZip_is1
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Delta Chrome Toolbar - (.Visual Tools.) [HKLM][64Bits] -- Delta Chrome Toolbar
O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM][64Bits] -- delta
O42 - Logiciel: Free File Viewer 2011 - (.Bitberry Software.) [HKLM][64Bits] -- FreeFileViewer_is1
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022F0}
O42 - Logiciel: Script Font Trial, Version 4.1 - (.Elfring Fonts, Inc..) [HKLM][64Bits] -- Scripts-efi_is1
O42 - Logiciel: ToolbarFR - (.Orange.) [HKLM][64Bits] -- {A047FE02-C91C-41CB-898C-4ED21B86025A}
~ Logic: 171 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\savevid]
[HKCU\Software\Bitberry]
[HKCU\Software\Boolat Games]
[HKCU\Software\DataMngr]
[HKCU\Software\Delta]
[HKCU\Software\Siber Systems]
[HKCU\Software\Softonic]
[HKCU\Software\peter]
[HKLM\Software\Tarma Installer]
[HKLM\Software\Wow6432Node\Delta]
[HKLM\Software\Wow6432Node\Monolith Productions]
[HKLM\Software\Wow6432Node\Siber Systems]
[HKLM\Software\Wow6432Node\Topala Software Solutions]
~ Key Software: 247 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 31/03/2013 - 15:33:03 - [3,592] ----D C:\Program Files (x86)\77zip
O43 - CFD: 31/03/2013 - 15:32:26 - [2,768] ----D C:\Program Files (x86)\Delta
O43 - CFD: 26/05/2011 - 07:24:52 - [0,004] ----D C:\Program Files (x86)\FKRMonitor
O43 - CFD: 10/03/2011 - 09:39:32 - [29,975] ----D C:\Program Files (x86)\FreeFileViewer
O43 - CFD: 17/02/2013 - 13:45:55 - [4,594] ----D C:\Program Files (x86)\GUM25A9.tmp
O43 - CFD: 31/03/2012 - 12:52:04 - [4,470] ----D C:\Program Files (x86)\GUMC30.tmp
O43 - CFD: 26/02/2012 - 12:39:15 - [0] ----D C:\Program Files (x86)\PC Sync
O43 - CFD: 10/03/2012 - 10:46:09 - [0,000] ----D C:\Program Files (x86)\SavevidPlug-in
O43 - CFD: 18/12/2012 - 18:24:59 - [1,785] ----D C:\Program Files (x86)\Script Font Trial
O43 - CFD: 20/02/2013 - 20:03:16 - [0] ----D C:\Program Files (x86)\Sondle Software
O43 - CFD: 17/02/2013 - 13:11:03 - [2,214] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 31/03/2013 - 13:01:25 - [1,294] ----D C:\Program Files (x86)\Spybot - Search & Destroy 2
O43 - CFD: 31/03/2013 - 15:46:21 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 31/03/2013 - 15:32:35 - [7,114] ----D C:\ProgramData\BrowserProtect
O43 - CFD: 12/03/2011 - 09:23:12 - [0,000] ----D C:\ProgramData\Driver Mender
O43 - CFD: 14/03/2011 - 19:51:08 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 17/02/2013 - 13:21:02 - [15,911] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 31/03/2013 - 15:33:07 - [2,591] ----D C:\ProgramData\Tarma Installer
O43 - CFD: 26/01/2010 - 21:58:25 - [5,468] --H-D C:\ProgramData\{B12D13C3-76FD-479D-AD99-8C6F18156BC9}
O43 - CFD: 10/03/2012 - 10:46:09 - [9,758] --H-D C:\ProgramData\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}
O43 - CFD: 23/07/2012 - 20:24:44 - [0,012] ----D C:\Users\family\AppData\Roaming\Boolat Games
O43 - CFD: 31/03/2013 - 15:32:25 - [0,259] ----D C:\Users\family\AppData\Roaming\Delta
O43 - CFD: 31/03/2013 - 15:32:37 - [0,308] ----D C:\Users\family\AppData\Roaming\File Scout
O43 - CFD: 14/03/2011 - 09:30:09 - [6,259] ----D C:\Users\family\AppData\Roaming\FKRMonitor
O43 - CFD: 30/03/2013 - 14:29:46 - [0,000] ----D C:\Users\family\AppData\Roaming\FreeFileViewer
O43 - CFD: 11/03/2012 - 13:59:39 - [0,001] ----D C:\Users\family\AppData\Roaming\go
O43 - CFD: 31/10/2011 - 23:18:54 - [0,001] ----D C:\Users\family\AppData\Roaming\newfolder3
O43 - CFD: 02/01/2011 - 20:01:45 - [0,000] ----D C:\Users\family\AppData\Roaming\Registry Mechanic
O43 - CFD: 27/01/2011 - 19:00:34 - [0,018] ----D C:\Users\family\AppData\Roaming\Shareaza
O43 - CFD: 20/02/2013 - 19:57:00 - [1,329] ----D C:\Users\family\AppData\Roaming\Sondle Soft
O43 - CFD: 14/03/2011 - 19:51:09 - [0] ----D C:\Users\family\AppData\Local\eMule
O43 - CFD: 31/10/2011 - 23:21:44 - [0,002] ----D C:\Users\family\AppData\Local\Omnifone_Ltd
O43 - CFD: 18/12/2010 - 10:41:47 - [0,000] ----D C:\Users\family\AppData\Local\Shareaza
O43 - CFD: 31/03/2013 - 15:33:03 - [0,003] ----D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip
O43 - CFD: 17/02/2013 - 10:32:29 - [0] ----D C:\Users\family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
~ 855 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1182 Legitimates Scanned in 00mn 21s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.071D207F68819D63F0D544064F663C34] - 31/03/2013 - 13:18:55 ---A- . (...) -- C:\Windows\ntbtlog.txt [211134]
O44 - LFC:[MD5.8AE19C0C6FD69184AD35EED997BF5863] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\SysNative\SFComm64.dll [86352]
O44 - LFC:[MD5.FF4BDE67B1C454D4B0A14F10B1D8C1EC] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\SysNative\SFDAPO64.dll [82768]
O44 - LFC:[MD5.6E70EE8A7B6220F7A2AEE8ED38603992] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\SysNative\SFHAPO64.dll [82768]
O44 - LFC:[MD5.2EF9506C67BADF2310A5E8067D093EF3] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\SysNative\SFProc64.dll [180048]
O44 - LFC:[MD5.C054F86E675629AEC51D78EEB87D4415] - 28/03/2013 - 23:58:15 ---A- . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\SysNative\SFSAPO64.dll [83792]
O44 - LFC:[MD5.8AE19C0C6FD69184AD35EED997BF5863] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXComm.DLL.) -- C:\Windows\System32\SFComm64.dll [86352]
O44 - LFC:[MD5.FF4BDE67B1C454D4B0A14F10B1D8C1EC] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXDAPO.DLL.) -- C:\Windows\System32\SFDAPO64.dll [82768]
O44 - LFC:[MD5.6E70EE8A7B6220F7A2AEE8ED38603992] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXHAPO.DLL.) -- C:\Windows\System32\SFHAPO64.dll [82768]
O44 - LFC:[MD5.2EF9506C67BADF2310A5E8067D093EF3] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXProc.DLL.) -- C:\Windows\System32\SFProc64.dll [180048]
O44 - LFC:[MD5.C054F86E675629AEC51D78EEB87D4415] - 28/03/2013 - 23:58:15 RSHAD . (.Sonic Focus, Inc. - SFFXSAPO.DLL.) -- C:\Windows\System32\SFSAPO64.dll [83792]
O44 - LFC:[MD5.A7BE564B3A7B04B4CE42902C5684C8A1] - 17/03/2013 - 14:36:18 ---A- . (...) -- C:\Windows\IE10_main.log [10110]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 17/03/2013 - 14:26:15 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 17/03/2013 - 14:26:15 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.C510655489B80726883CFE07ADCE8A27] - 15/03/2013 - 06:53:06 ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb [17738]
O44 - LFC:[MD5.C510655489B80726883CFE07ADCE8A27] - 15/03/2013 - 06:53:06 RSHAD . (...) -- C:\Windows\System32\nvinfo.pb [17738]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 19/06/2012 - 13:31:00 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
~ Files: 330 Legitimates Scanned in 00mn 06s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E7CC57E359543906BF59141AAA948332] - 01/04/2013 - 02:34:11 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-1ABE92F9.pf
O45 - LFCP:[MD5.8D9033D912ACC3C480154812BF2CEA2C] - 01/04/2013 - 09:24:04 ---A- - C:\Windows\Prefetch\FFVCHECKFORUPDATES.EXE-6A90D98E.pf
O45 - LFCP:[MD5.89E9A6E0FCDB33D647B555F114D012DF] - 01/04/2013 - 09:24:06 ---A- - C:\Windows\Prefetch\SMARTMENU.EXE-67945271.pf
O45 - LFCP:[MD5.13784918CC6F0C8CD609EE17EB7A994E] - 01/04/2013 - 09:24:09 ---A- - C:\Windows\Prefetch\OUSOFTWAREMANAGER.EXE-D8DB207F.pf
O45 - LFCP:[MD5.D8E8058DC15E3324310955C0416FC9D6] - 01/04/2013 - 09:29:39 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-EAF067F3.pf
O45 - LFCP:[MD5.3B3EB338E87651FC83E5F4CF36E5A68A] - 01/04/2013 - 09:34:06 ---A- - C:\Windows\Prefetch\SCSERVER.EXE-17D31468.pf
O45 - LFCP:[MD5.FCE0FBD69DF3A6A78BF8D3D0D56C7CF6] - 31/03/2013 - 16:00:10 ---A- - C:\Windows\Prefetch\PCDRCUI.EXE-B34B7FE9.pf
O45 - LFCP:[MD5.EE15A05CAAF2A3B92003682933F4C459] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOBLUETOOTH.P5X-93B14468.pf
O45 - LFCP:[MD5.DD2E2C03185E99EC13E25467ADB628F9] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOCSMI.P5X-690B0EBE.pf
O45 - LFCP:[MD5.F31BA51C91D004F3A3E8163577D05519] - 31/03/2013 - 16:00:38 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSMBIOS2.P5X-A3FFC2DD.pf
O45 - LFCP:[MD5.EDB33239642E38A535631FA4362E77F8] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOCOMMUNICATION.P5X-93F46D38.pf
O45 - LFCP:[MD5.821C7344CB7232752C2F50C2686ED8F5] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOPERIPHERAL.P5X-CC7707CE.pf
O45 - LFCP:[MD5.10FFC402F95D54D179B184474E394E04] - 31/03/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSTORAGE.P5X-5E5944BB.pf
O45 - LFCP:[MD5.579BA863EB8099C9C46FAD979A853A06] - 31/03/2013 - 16:00:41 ---A- - C:\Windows\Prefetch\PCDRSYSINFOVIDEOCAPTURE.P5X-71785639.pf
O45 - LFCP:[MD5.5D7DB41E2A6E77EF9ED6F40FDE9F8FC9] - 31/03/2013 - 16:00:43 ---A- - C:\Windows\Prefetch\PCDRSYSINFOSOFTWARE.P5X-95F946C9.pf
O45 - LFCP:[MD5.6A828E0A1A315F5CF08633D3D0D8E891] - 31/03/2013 - 16:07:35 ---A- - C:\Windows\Prefetch\PCDRHARDDRIVE.P5X-D8093460.pf
O45 - LFCP:[MD5.6BC1E430C68EB14CF75A07664D80B802] - 31/03/2013 - 16:08:03 ---A- - C:\Windows\Prefetch\PCDRSMART2.P5X-6BDEBD58.pf
O45 - LFCP:[MD5.E30373CECAA16368098BB3E5773E8B60] - 31/03/2013 - 16:08:25 ---A- - C:\Windows\Prefetch\PCDRNETWORK.P5X-604E4ACD.pf
O45 - LFCP:[MD5.83C9641B368635C8BE8965CF02220117] - 31/03/2013 - 16:08:37 ---A- - C:\Windows\Prefetch\PCDRCMOS.P5X-72F5C415.pf
O45 - LFCP:[MD5.B51944206059825D706DEF394C73B2DF] - 31/03/2013 - 16:08:59 ---A- - C:\Windows\Prefetch\PCDRCPU.P5X-CD7024A3.pf
O45 - LFCP:[MD5.20DC52F4AB8F0C3ECA8006FC60498819] - 31/03/2013 - 16:19:23 ---A- - C:\Windows\Prefetch\PCDRMEMORY.P5X-B85149C8.pf
O45 - LFCP:[MD5.D9D717A5B36CAEA18A780D3C7E3BF59A] - 31/03/2013 - 16:20:07 ---A- - C:\Windows\Prefetch\PCDRPCIEXPRESS.P5X-5DE7A5C9.pf
O45 - LFCP:[MD5.ED35CE6EFE3CFD2558D7720EB7947DBE] - 31/03/2013 - 16:20:09 ---A- - C:\Windows\Prefetch\PCDRPCI.P5X-4B95EBFF.pf
O45 - LFCP:[MD5.0B15668B82247531ED947F925996F2B5] - 31/03/2013 - 16:20:17 ---A- - C:\Windows\Prefetch\PCDRSYSTEMBOARD.P5X-012CC9F4.pf
O45 - LFCP:[MD5.44B646E14D6B03619FB86D500BD635C6] - 31/03/2013 - 16:20:20 ---A- - C:\Windows\Prefetch\PCDRUSB.P5X-A062B235.pf
~ Prefetcher: 125 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Keys: Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 01/01/2005 - 10:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4682]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/04/2013 - 09:33:04 ---A- C:\Users\family\AppData\Roaming\FreeFileViewer\updcheck.cfg [217]
O61 - LFC: 29/03/2013 - 19:11:27 ---A- C:\Users\family\Downloads\SoftonicDownloader_pour_microsoft-visual-c.exe [393080]
O61 - LFC: 29/03/2013 - 19:43:17 ---A- C:\Users\family\AppData\Roaming\Microsoft\VCExpress\9.0\ActivityLog.xsl [4278]
O61 - LFC: 31/03/2013 - 11:32:39 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271137]
O61 - LFC: 31/03/2013 - 12:44:09 ---A- C:\Users\family\Downloads\Lil Wayne - Love Me (Explicit) ft. Drake, Future.mp3 [4239256]
O61 - LFC: 31/03/2013 - 14:29:46 ---A- C:\Users\family\Downloads\Hosts-MEP.zip [69835]
O61 - LFC: 31/03/2013 - 14:32:37 ---A- C:\Users\family\AppData\Roaming\File Scout\uninst.exe [62902]
O61 - LFC: 31/03/2013 - 14:35:24 ---A- C:\Users\family\Downloads\test.dat [4]
O61 - LFC: 31/03/2013 - 14:38:23 ---A- C:\Users\family\Downloads\MEP-CleanTemps.zip [46424]
O61 - LFC: 31/03/2013 - 14:40:05 ---A- C:\Users\family\Downloads\MEP-CleanTemps\CleanTemps.lnk [1413]
O61 - LFC: 31/03/2013 - 20:01:05 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\Local State [31015]
O61 - LFC: 31/03/2013 - 20:01:05 ---A- C:\Users\family\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 204 Legitimates Scanned in 00mn 13s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 11/04/2012 - C:\Windows\System32\DRIVERS\amd_sata.sys (amd_sata) .(.Advanced Micro Devices - AHCI 1.2 Device Driver.) - LEGACY_AMD_SATA
O64 - Services: CurCS - 22/11/2010 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
~ Legacy: 87 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.evt>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.bat>
O67 - Shell Spawning: <.cpl>
O67 - Shell Spawning: <.cmd>
O67 - Shell Spawning: <.com>
O67 - Shell Spawning: <.evt>
O67 - Shell Spawning: <.exe>
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.js>
O67 - Shell Spawning: <.reg>
~ Keys: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {1FEED49C-68AC-4733-95BB-92EF80C2E6BB} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (4shared.com Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {D71B5486-5893-4344-96D0-5EF9788F0701} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.403143999F027BA46A48F7B308C6446A] [SPRF][21/12/2011] (...) -- C:\Users\family\AppData\Local\Temp\Installhelper.dll [1506304]
[MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][25/08/2011] (...) -- C:\Users\family\AppData\Local\Temp\SRAssetsHelper.dll [1085952]
[MD5.A912910681016E95F237D25E43494205] [SPRF][20/10/2010] (...) -- C:\Users\family\AppData\Local\Temp\uninstall.exe [136272]
[MD5.605A171C61A0607BDCF6BE80ED07CF95] [SPRF][09/01/2011] (.AnjoCaido - Free launcher for Minecraft Alpha.) -- C:\Users\family\Desktop\MinecraftUpdate.exe [695296]
[MD5.098F6BCD4621D373CADE4E832627B4F6] [SPRF][31/03/2013] (...) -- C:\Users\family\Desktop\test.dat [4]
[MD5.7492BF962C2948FDAD6BABCDE4B0CE71] [SPRF][29/03/2013] (.Microsoft Corporation - Microsoft Visual C++ 2008 Express Edition - FRA Setup.) -- C:\Users\family\Desktop\vcsetup.exe [2743800]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\bdcore.dll [32]
[MD5.169308DD5FBA9E9C34458248FBA135E4] [SPRF][12/12/2010] (...) -- C:\Windows\Downloaded Program Files\cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe [99936]
[MD5.169308DD5FBA9E9C34458248FBA135E4] [SPRF][20/12/2010] (...) -- C:\Windows\Downloaded Program Files\cfweb_activex.camfrogweb.com-advanced-2.0.2.23_instmodule.exe [99936]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.D4B7A651CB12B6C1A4FEB9FB5115CFE7] [SPRF][12/07/2000] (...) -- C:\Windows\Downloaded Program Files\fxfileop.dll [36864]
[MD5.2B1C4C87EB20ADDBA59DCA975E28DFFB] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\ipsupd.dll [741376]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][05/01/2009] (...) -- C:\Windows\Downloaded Program Files\libfn.dll [32]
[MD5.81093A8A1719E11B22B586E10BFDC523] [SPRF][31/10/2001] (...) -- C:\Windows\Downloaded Program Files\uninst.bat [118]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][29/08/2006] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{81139382-4475-45AA-A979-F546AB7C62BE}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe (.not file.)
O87 - FAEL: "{66190506-0323-4BA9-A66F-0CF244C751B3}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe (.not file.)
O87 - FAEL: "{1117D100-928B-4EDC-96AB-27520B1C60C6}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe (.not file.)
O87 - FAEL: "{C203D922-4E83-4668-BB24-ABB80ACA3BD3}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe (.not file.)
O87 - FAEL: "{04FC1F46-42D2-465A-A42D-DE1783BFB296}" |In - None - P6 - TRUE | .(...) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe (.not file.)
O87 - FAEL: "{DD0EB991-B962-4CC5-9FBE-87ED47589A6E}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{84718F69-D96B-4070-96A7-D50CDE02FD52}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{524AFDD7-A89E-4413-8457-ED1B7457178B}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "UDP Query User{31FE9F82-074A-4E5E-B465-35F416F4ADA4}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "TCP Query User{11BE5218-0138-478B-8539-F3C7920F613C}C:\program files (x86)\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{8BF8ED2E-D300-46C6-94C2-ABE90527B6FE}C:\program files (x86)\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "{2C42C6BD-ED09-471B-B76C-E71DCC6DE72E}" | In - None - P17 - TRUE | .(.Bitberry Software - Bitberry Software Update Checker.) -- C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O87 - FAEL: "TCP Query User{6FE7259B-7229-4B00-A982-359EA8205F61}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{CB5B181D-58E9-471A-B44D-C1FA9D8F22CD}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Public - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "TCP Query User{08E9C355-6B4D-4FA6-8D62-79E3C65B30AA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "UDP Query User{4DBAD578-1488-4535-9A43-1D54889EF659}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe (.not file.)
O87 - FAEL: "TCP Query User{F8A2C798-AAC6-4DA4-AED4-535C274B9077}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Private - P6 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "UDP Query User{7E1E1022-AE10-41E1-A6AD-34BDF8A1F5B8}C:\aeriagames\wolfteam-fr\wolfteam.bin" |In - Private - P17 - TRUE | .(...) -- C:\aeriagames\wolfteam-fr\wolfteam.bin (.not file.)
O87 - FAEL: "{5A4DB839-9DFD-4A25-B3E9-EC62A13AEAB3}" |In - Private - P6 - TRUE | .(...) -- C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O87 - FAEL: "{8A3CA953-16B0-4F39-BEE3-A7E7CF32BDBC}" |In - Private - P17 - TRUE | .(...) -- C:\Users\family\AppData\Local\Akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{A015FB92-5B16-45CF-A612-984377BCB067}C:\users\family\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\family\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "UDP Query User{8D6DBBAA-0CB9-483C-9B3B-95EC0C962F99}C:\users\family\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\family\appdata\local\akamai\netsession_win.exe (.not file.)
O87 - FAEL: "TCP Query User{85B9B26B-4804-4718-872D-937BB3A8E946}C:\program files (x86)\java\jre6\bin\javaw.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\java\jre6\bin\javaw.exe (.not file.)
O87 - FAEL: "UDP Query User{7E4B05E2-78D7-4DFD-B3BF-23C3B7E96ECF}C:\program files (x86)\java\jre6\bin\javaw.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\java\jre6\bin\javaw.exe (.not file.)
~ Firewall: 258 Legitimates Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.11349 - (31/03/2013)
Cl�s trouv�es (Keys found) : 59
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}] =>Toolbar.Conduit
[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2769726] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaappCore.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltadskBnd.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2233703] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT2769726] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
C:\Users\family\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch
~ Additionnel: Scanned in 00mn 51s
---\\ Product Upgrade Codes (O90)
~ Update Products: 148 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 12/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 25/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Auto 0 | (KlgRunSvc) . (...) - C:\Program Files (x86)\Sondle Software\ScrKlg\RunSvc.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 30/12/1899 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by family at 01/04/2013 10:44:11
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
End of the scan (790 lines in 04mn 17s)(0)