Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013
Run by carlos at 18/04/2013 10:27:48
State : Nouvelle version disponible
WhiteList : Enable
High Elevated Privileges : OK
UAC :
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19088 (Defaut)
MFIE: Mozilla Firefox 17.0.1 v17.0.1
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6CJ97
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.24
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 11
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (44% free)
System Restore: Activ� (Enable)
System drive C: has 8 GB (10%) free of 70 GB
---\\ Logged in mode
~ Computer Name: PC-DE-CARLOS
~ User Name: carlos
~ All Users Names: carlos, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\carlos\AppData\Roaming\
~ %Desktop% : C:\Users\carlos\Desktop\
~ %Favorites% : C:\Users\carlos\Favorites\
~ %LocalAppData% : C:\Users\carlos\AppData\Local\
~ %StartMenu% : C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 70 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 65 Go of 70 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/01/2008 - 08:41:30.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/01/2008 - 06:49:51.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/01/2008 - 05:30:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.19/01/2008 - 06:55:35.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.19/01/2008 - 08:43:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parall�le.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.19/01/2008 - 06:55:27.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.19/01/2008 - 06:55:58.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.19/01/2008 - 08:42:48.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/497
~ Mes musiques (My Musics) : 1/217
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/44
~ Mes Documents (My Documents) : 0/5033
~ Mon Bureau (My Desktop) : 0/1089
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 34s
---\\ Processus lanc�s
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.1424]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3860]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2980]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3016]
[MD5.5A70C964A8D39B329AE02294DBA5F49D] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2launcher.exe [40352] [PID.1596]
[MD5.87AC3175FA9C5FD5BAD55654C4E381F8] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\java.exe [174496] [PID.2176]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.4192]
[MD5.9C8A63AB622C5258C940E6D737C8F374] - (.Microsoft Corporation - Sauvegarde Microsoft� Windows.) -- C:\Windows\system32\sdclt.exe [1169408] [PID.4000]
[MD5.F308ABA6AE65E26AE28DE8B7A5D9B802] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe [2363392] [PID.5488]
[MD5.FA6DD243EB0B37D7578B5DCB4C637359] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN [2580480] [PID.5636]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1108]
[MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.6512]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1328]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1996]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.444]
[MD5.517D30057C726C797764BFD70A55D82A] - (.CyberLink - CLMSServer.) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448] [PID.1440]
[MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propri�taire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.1780]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1752]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.596]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1248]
[MD5.F54907AA07F60AFF81E1E09E97AF98B0] - (.HiTRSUT - eDataSecurity Service.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512] [PID.2100]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2224]
[MD5.A7B084BFBBD582A843D2F5C35220F962] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248] [PID.2516]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3296]
~ Processes Running: Scanned in 00mn 04s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\uevvjxtf.default\prefs.js
M0 - MFSP: prefs.js [carlos - uevvjxtf.default] http://mail.aol.com
~ Firefox Browser: 31 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Barre d'outils MSN - [HKLM]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - MSN Toolbar extension.) -- C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O4 - GS\QuickLaunch: D�marrer AntiVir.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (...) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (.not file.)
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: BearShare - Raccourci.lnk . (...) -- C:\Users\carlos\Music\BearShare =>PUP.BearShare
O4 - GS\Desktop: Explor@ Park.lnk . (...) -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: MioMore Desktop 7.50.lnk . (.MiTAC International Corporation - MioMore.) -- C:\Program Files\Mio\MioMore Desktop 7.50\MioMore.exe
O4 - GS\Desktop: Money Manager Ex.lnk . (.TheZeal Software - Money Management Software.) -- C:\Program Files\Money Manager Ex\mmex.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Cl� orpheline
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (.Google Inc. - Fast Search.) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 11 Legitimates Filtered in 00mn 21s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg
~ Desktop Component: 1 Legitimates Filtered in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Defraggler Volume C Task.job [400]
[MD5.ACF05A48902BE508ABFE7000C40665EB] [APT] [Defraggler Volume C Task] (.Piriform Ltd.) -- C:\Program Files\Defraggler\df.exe [948064]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{8708C276-78BA-4A06-891F-EEAE21F57A74}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_XG760Acomplet.zip\XG760Acomplet\Driver\Setup.exe (.not file.) [0]
[MD5.CD38EEB916CF8BEDC37DF0FC4ECC5DE8] [APT] [{89FBDADF-ECC4-4D47-B979-C5036BCB2A68}] (.Kaspersky Lab.) -- C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe [65536]
[MD5.00000000000000000000000000000000] [APT] [{8D9136CA-213C-4029-A9EC-91645A0D67CE}] (...) -- C:\Users\carlos\Desktop\KevtrisSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{961AFDE0-74D3-4D7B-A7BA-1B8159F48445}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_ZNsoftXp[1].zip\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BBCA9A73-3416-4B5D-AFBB-3EF127F77C50}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C840C28A-B5A8-4637-ABD8-30AA0C8B4482}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.9C222EA27F30BF6F43B2C9E0755BEF9E] [APT] [{CE0DB5FF-4E7A-4B81-9690-343A18A4DD8C}] (.Cendant Software Inc..) -- C:\Program Files\Sierra On-Line\sutil32.exe [910848]
[MD5.00000000000000000000000000000000] [APT] [{F9C16F13-45D7-4819-9EFB-96B5275A6048}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_Utility_XG760A.zip\Utility\Setup.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 12s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Money Manager Ex 0.9.2.0 (beta) - (.TheZeal Software.) [HKLM] -- Money Manager Ex_is1
O42 - Logiciel: Presto! Mr. Photo 4 - (.NewSoft Technology Corporation.) [HKLM] -- {CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}
O42 - Logiciel: Presto! VideoWorks 6 - (.NewSoft Technology Corporation.) [HKLM] -- {B0C0F5E6-10B1-11D6-9296-0050BA073EEC}
O42 - Logiciel: eMule - (...) [HKLM] -- eMule
~ Logic: 72 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Galerie photo et imagerie HP]
[HKCU\Software\SpeedMaxPc]
[HKCU\Software\eMule]
[HKLM\Software\BearShare] =>PUP.BearShare
[HKLM\Software\CAPI20]
[HKLM\Software\CPUCooL]
[HKLM\Software\NewSoft]
[HKLM\Software\OTMoveIt]
[HKLM\Software\SINFONI]
[HKLM\Software\SpeedMaxPc]
~ Key Software: 151 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/06/2012 - 08:18:34 - [42,971] ----D C:\Program Files\BearShare Applications =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:21 - [10,401] ----D C:\Program Files\eMule
O43 - CFD: 29/12/2008 - 15:07:57 - [0,008] ----D C:\Program Files\inKline Global
O43 - CFD: 30/05/2012 - 13:26:18 - [0,000] ----D C:\Program Files\LimeWire
O43 - CFD: 12/09/2012 - 12:13:40 - [8,468] ----D C:\Program Files\Money Manager Ex
O43 - CFD: 19/09/2009 - 00:05:30 - [296,018] ----D C:\Program Files\NewSoft
O43 - CFD: 29/03/2009 - 17:31:21 - [0,473] ----D C:\Program Files\ZNsoft Corporation
O43 - CFD: 19/09/2009 - 00:05:31 - [9,902] ----D C:\Program Files\Common Files\NewSoft
O43 - CFD: 27/12/2012 - 03:02:31 - [0,004] ----D C:\ProgramData\1F2C3
O43 - CFD: 14/06/2012 - 08:05:55 - [0,078] ----D C:\ProgramData\BearShare =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:40 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 19/09/2009 - 00:06:41 - [0,001] ----D C:\ProgramData\Newsoft
O43 - CFD: 13/09/2012 - 01:06:21 - [0] ----D C:\ProgramData\SpeedMaxPc
O43 - CFD: 03/08/2012 - 08:58:55 - [1,884] --H-D C:\ProgramData\{0F7E88C4-5411-4624-880C-8C0A662067C7}
O43 - CFD: 14/04/2013 - 13:20:57 - [0,001] ----D C:\Users\carlos\AppData\Roaming\BleachBit
O43 - CFD: 10/01/2009 - 12:35:00 - [0] ----D C:\Users\carlos\AppData\Roaming\Smart PC Solutions
O43 - CFD: 13/09/2012 - 00:58:12 - [0] ----D C:\Users\carlos\AppData\Roaming\SpeedMaxPc
O43 - CFD: 02/01/2013 - 10:35:48 - [85,296] ----D C:\Users\carlos\AppData\Local\BearShare =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:21 - [0,089] ----D C:\Users\carlos\AppData\Local\eMule
O43 - CFD: 19/09/2009 - 00:23:16 - [0,038] ----D C:\Users\carlos\AppData\Local\NewSoft
O43 - CFD: 14/08/2012 - 00:30:51 - [0,000] ----D C:\Users\carlos\AppData\Local\rencontreshard
~ Program Folder: 202 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.3FD521040AD829E141A2798BB902A918] - 16/04/2013 - 07:02:51 ---A- . (...) -- C:\Windows\win.ini [239]
~ Files: 12 Legitimates Filtered in 01mn 58s
---\\ Contr�le du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.)
~ CSB: 23 Legitimates Filtered in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"VIDC.NSVI"="nsvideo.dll" . (...) -- C:\Windows\System32\nsvideo.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\ZNsoft Optimizer Xp [Key] . (.ZNsoft Corporation - Optimisation compl�te de windows NT, et de.) -- C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "UacDisableNotify"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=0
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.F8E916DD0DE892A3BD9F6CC686100960] - 05/02/2007 - 10:15:26 ---A- . (.NewSoft Technology Corporation - Achernar.sys.) -- C:\Windows\System32\Drivers\Achernar.sys [18432]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 29/09/2009 - C:\Windows\System32\Drivers\AFS.sys (AFS) .(.Oak Technology Inc. - Audio File System.) - LEGACY_AFS
O64 - Services: CurCS - 13/08/2007 - C:\Windows\System32\Ati2evxx.exe (Ati External Event Utility) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_EXTERNAL_EVENT_UTILITY
O64 - Services: CurCS - 25/04/2007 - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (eDataSecurity Service) .(.HiTRSUT - eDataSecurity Service.) - LEGACY_EDATASECURITY_SERVICE
~ Legacy: 117 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {24C494B6-F371-4191-95E0-895346775390} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4A3236AD-47F6-4A7C-A4B2-A24D3808D98E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.21EEE83B1ABD742D6D29F58808B8FCDD] [SPRF][24/07/2012] (...) -- C:\Users\carlos\AppData\Local\d3d9caps.dat [680]
[MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][14/04/2013] (...) -- C:\Users\carlos\AppData\Local\Temp\~gu-ver.dat [112]
[MD5.AF70A48819AC04886B9995874BB5EB92] [SPRF][19/02/2009] (...) -- C:\Users\carlos\AppData\Roaming\wklnhst.dat [346]
[MD5.8CE509A0E6BA3DE8AAE7D844634B2D06] [SPRF][14/06/2012] (.Musiclab, LLC - BearShare.) -- C:\Users\carlos\Desktop\BearShareV10fr.exe [2365816] =>PUP.BearShare
[MD5.557F04A19184853CF475E90D7D2DDB48] [SPRF][14/10/2012] (.Apple Inc. - iTunes Installer.) -- C:\Users\carlos\Desktop\iTunesSetup.exe [78545304]
[MD5.1ED3217D714FACBE53DAC2BD62B34F85] [SPRF][02/02/2010] (.Microsoft Corporation - Windows Live Installer.) -- C:\Users\carlos\Desktop\wlsetup-web.exe [1164616]
[MD5.B88FC4BD8674DE4C314844864D0D4166] [SPRF][17/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\carlos\Desktop\ZHPDiag2.exe [5574753]
~ Files: Scanned in 00mn 02s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C6536C4E-D15F-409F-A87E-CF3665D92C1B}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P6 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
O87 - FAEL: "UDP Query User{5C51BA81-E2DC-4A99-AFA3-E0DEC98304B2}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P17 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
~ Firewall: 230 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.11560 - (16/04/2013)
Cl�s trouv�es (Keys found) : 13
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare
[HKLM\Software\Classes\askibar.popswatterbarbutton] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswatterbarbutton.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin.1] =>Toolbar.AskTBar
[HKCU\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKLM\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
C:\Program Files\BearShare Applications =>PUP.BearShare
C:\ProgramData\SpeedMaxPc =>PUP.SpeedMaxPc
C:\Users\carlos\AppData\Roaming\SpeedMaxPc =>PUP.SpeedMaxPc
~ Additionnel: Scanned in 00mn 57s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 21/06/2007 269448 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 28/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 13/08/2007 610304 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 25/04/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Demand 28/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1094 Legitimates filtered by white list
End of the scan (514 lines in 06mn 53s)(0)
Run by carlos at 18/04/2013 10:27:48
State : Nouvelle version disponible
WhiteList : Enable
High Elevated Privileges : OK
UAC :
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19088 (Defaut)
MFIE: Mozilla Firefox 17.0.1 v17.0.1
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6CJ97
Windows License : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.24
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 11
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (44% free)
System Restore: Activ� (Enable)
System drive C: has 8 GB (10%) free of 70 GB
---\\ Logged in mode
~ Computer Name: PC-DE-CARLOS
~ User Name: carlos
~ All Users Names: carlos, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\carlos\AppData\Roaming\
~ %Desktop% : C:\Users\carlos\Desktop\
~ %Favorites% : C:\Users\carlos\Favorites\
~ %LocalAppData% : C:\Users\carlos\AppData\Local\
~ %StartMenu% : C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 70 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 65 Go of 70 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/01/2008 - 08:41:30.) -- C:\Windows\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/01/2008 - 06:49:51.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/01/2008 - 05:30:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.19/01/2008 - 06:55:35.) -- C:\Windows\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.19/01/2008 - 08:43:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parall�le.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.19/01/2008 - 06:55:27.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.19/01/2008 - 06:55:58.) -- C:\Windows\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.19/01/2008 - 08:42:48.) -- C:\Windows\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/497
~ Mes musiques (My Musics) : 1/217
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/44
~ Mes Documents (My Documents) : 0/5033
~ Mon Bureau (My Desktop) : 0/1089
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 34s
---\\ Processus lanc�s
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.1424]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3860]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2980]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3016]
[MD5.5A70C964A8D39B329AE02294DBA5F49D] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2launcher.exe [40352] [PID.1596]
[MD5.87AC3175FA9C5FD5BAD55654C4E381F8] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\java.exe [174496] [PID.2176]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.4192]
[MD5.9C8A63AB622C5258C940E6D737C8F374] - (.Microsoft Corporation - Sauvegarde Microsoft� Windows.) -- C:\Windows\system32\sdclt.exe [1169408] [PID.4000]
[MD5.F308ABA6AE65E26AE28DE8B7A5D9B802] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe [2363392] [PID.5488]
[MD5.FA6DD243EB0B37D7578B5DCB4C637359] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN [2580480] [PID.5636]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1108]
[MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.6512]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1328]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1996]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.444]
[MD5.517D30057C726C797764BFD70A55D82A] - (.CyberLink - CLMSServer.) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448] [PID.1440]
[MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propri�taire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.1780]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1752]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.596]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1248]
[MD5.F54907AA07F60AFF81E1E09E97AF98B0] - (.HiTRSUT - eDataSecurity Service.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512] [PID.2100]
[MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2224]
[MD5.A7B084BFBBD582A843D2F5C35220F962] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248] [PID.2516]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3296]
~ Processes Running: Scanned in 00mn 04s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\uevvjxtf.default\prefs.js
M0 - MFSP: prefs.js [carlos - uevvjxtf.default] http://mail.aol.com
~ Firefox Browser: 31 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Barre d'outils MSN - [HKLM]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - MSN Toolbar extension.) -- C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare
O4 - GS\QuickLaunch: D�marrer AntiVir.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (...) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (.not file.)
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: BearShare - Raccourci.lnk . (...) -- C:\Users\carlos\Music\BearShare =>PUP.BearShare
O4 - GS\Desktop: Explor@ Park.lnk . (...) -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: MioMore Desktop 7.50.lnk . (.MiTAC International Corporation - MioMore.) -- C:\Program Files\Mio\MioMore Desktop 7.50\MioMore.exe
O4 - GS\Desktop: Money Manager Ex.lnk . (.TheZeal Software - Money Management Software.) -- C:\Program Files\Money Manager Ex\mmex.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Cl� orpheline
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (.Google Inc. - Fast Search.) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 11 Legitimates Filtered in 00mn 21s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg
~ Desktop Component: 1 Legitimates Filtered in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: (lsdelete) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Defraggler Volume C Task.job [400]
[MD5.ACF05A48902BE508ABFE7000C40665EB] [APT] [Defraggler Volume C Task] (.Piriform Ltd.) -- C:\Program Files\Defraggler\df.exe [948064]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{8708C276-78BA-4A06-891F-EEAE21F57A74}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_XG760Acomplet.zip\XG760Acomplet\Driver\Setup.exe (.not file.) [0]
[MD5.CD38EEB916CF8BEDC37DF0FC4ECC5DE8] [APT] [{89FBDADF-ECC4-4D47-B979-C5036BCB2A68}] (.Kaspersky Lab.) -- C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe [65536]
[MD5.00000000000000000000000000000000] [APT] [{8D9136CA-213C-4029-A9EC-91645A0D67CE}] (...) -- C:\Users\carlos\Desktop\KevtrisSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{961AFDE0-74D3-4D7B-A7BA-1B8159F48445}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_ZNsoftXp[1].zip\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BBCA9A73-3416-4B5D-AFBB-3EF127F77C50}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C840C28A-B5A8-4637-ABD8-30AA0C8B4482}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.9C222EA27F30BF6F43B2C9E0755BEF9E] [APT] [{CE0DB5FF-4E7A-4B81-9690-343A18A4DD8C}] (.Cendant Software Inc..) -- C:\Program Files\Sierra On-Line\sutil32.exe [910848]
[MD5.00000000000000000000000000000000] [APT] [{F9C16F13-45D7-4819-9EFB-96B5275A6048}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_Utility_XG760A.zip\Utility\Setup.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 12s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Money Manager Ex 0.9.2.0 (beta) - (.TheZeal Software.) [HKLM] -- Money Manager Ex_is1
O42 - Logiciel: Presto! Mr. Photo 4 - (.NewSoft Technology Corporation.) [HKLM] -- {CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}
O42 - Logiciel: Presto! VideoWorks 6 - (.NewSoft Technology Corporation.) [HKLM] -- {B0C0F5E6-10B1-11D6-9296-0050BA073EEC}
O42 - Logiciel: eMule - (...) [HKLM] -- eMule
~ Logic: 72 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\Galerie photo et imagerie HP]
[HKCU\Software\SpeedMaxPc]
[HKCU\Software\eMule]
[HKLM\Software\BearShare] =>PUP.BearShare
[HKLM\Software\CAPI20]
[HKLM\Software\CPUCooL]
[HKLM\Software\NewSoft]
[HKLM\Software\OTMoveIt]
[HKLM\Software\SINFONI]
[HKLM\Software\SpeedMaxPc]
~ Key Software: 151 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/06/2012 - 08:18:34 - [42,971] ----D C:\Program Files\BearShare Applications =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:21 - [10,401] ----D C:\Program Files\eMule
O43 - CFD: 29/12/2008 - 15:07:57 - [0,008] ----D C:\Program Files\inKline Global
O43 - CFD: 30/05/2012 - 13:26:18 - [0,000] ----D C:\Program Files\LimeWire
O43 - CFD: 12/09/2012 - 12:13:40 - [8,468] ----D C:\Program Files\Money Manager Ex
O43 - CFD: 19/09/2009 - 00:05:30 - [296,018] ----D C:\Program Files\NewSoft
O43 - CFD: 29/03/2009 - 17:31:21 - [0,473] ----D C:\Program Files\ZNsoft Corporation
O43 - CFD: 19/09/2009 - 00:05:31 - [9,902] ----D C:\Program Files\Common Files\NewSoft
O43 - CFD: 27/12/2012 - 03:02:31 - [0,004] ----D C:\ProgramData\1F2C3
O43 - CFD: 14/06/2012 - 08:05:55 - [0,078] ----D C:\ProgramData\BearShare =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:40 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 19/09/2009 - 00:06:41 - [0,001] ----D C:\ProgramData\Newsoft
O43 - CFD: 13/09/2012 - 01:06:21 - [0] ----D C:\ProgramData\SpeedMaxPc
O43 - CFD: 03/08/2012 - 08:58:55 - [1,884] --H-D C:\ProgramData\{0F7E88C4-5411-4624-880C-8C0A662067C7}
O43 - CFD: 14/04/2013 - 13:20:57 - [0,001] ----D C:\Users\carlos\AppData\Roaming\BleachBit
O43 - CFD: 10/01/2009 - 12:35:00 - [0] ----D C:\Users\carlos\AppData\Roaming\Smart PC Solutions
O43 - CFD: 13/09/2012 - 00:58:12 - [0] ----D C:\Users\carlos\AppData\Roaming\SpeedMaxPc
O43 - CFD: 02/01/2013 - 10:35:48 - [85,296] ----D C:\Users\carlos\AppData\Local\BearShare =>PUP.BearShare
O43 - CFD: 04/05/2011 - 10:40:21 - [0,089] ----D C:\Users\carlos\AppData\Local\eMule
O43 - CFD: 19/09/2009 - 00:23:16 - [0,038] ----D C:\Users\carlos\AppData\Local\NewSoft
O43 - CFD: 14/08/2012 - 00:30:51 - [0,000] ----D C:\Users\carlos\AppData\Local\rencontreshard
~ Program Folder: 202 Legitimates Filtered in 00mn 37s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.3FD521040AD829E141A2798BB902A918] - 16/04/2013 - 07:02:51 ---A- . (...) -- C:\Windows\win.ini [239]
~ Files: 12 Legitimates Filtered in 01mn 58s
---\\ Contr�le du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.)
~ CSB: 23 Legitimates Filtered in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"VIDC.NSVI"="nsvideo.dll" . (...) -- C:\Windows\System32\nsvideo.dll
~ TDSD: 8 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\ZNsoft Optimizer Xp [Key] . (.ZNsoft Corporation - Optimisation compl�te de windows NT, et de.) -- C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "UacDisableNotify"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=0
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.F8E916DD0DE892A3BD9F6CC686100960] - 05/02/2007 - 10:15:26 ---A- . (.NewSoft Technology Corporation - Achernar.sys.) -- C:\Windows\System32\Drivers\Achernar.sys [18432]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 29/09/2009 - C:\Windows\System32\Drivers\AFS.sys (AFS) .(.Oak Technology Inc. - Audio File System.) - LEGACY_AFS
O64 - Services: CurCS - 13/08/2007 - C:\Windows\System32\Ati2evxx.exe (Ati External Event Utility) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_EXTERNAL_EVENT_UTILITY
O64 - Services: CurCS - 25/04/2007 - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (eDataSecurity Service) .(.HiTRSUT - eDataSecurity Service.) - LEGACY_EDATASECURITY_SERVICE
~ Legacy: 117 Legitimates Filtered in 00mn 01s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {24C494B6-F371-4191-95E0-895346775390} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {4A3236AD-47F6-4A7C-A4B2-A24D3808D98E} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.21EEE83B1ABD742D6D29F58808B8FCDD] [SPRF][24/07/2012] (...) -- C:\Users\carlos\AppData\Local\d3d9caps.dat [680]
[MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][14/04/2013] (...) -- C:\Users\carlos\AppData\Local\Temp\~gu-ver.dat [112]
[MD5.AF70A48819AC04886B9995874BB5EB92] [SPRF][19/02/2009] (...) -- C:\Users\carlos\AppData\Roaming\wklnhst.dat [346]
[MD5.8CE509A0E6BA3DE8AAE7D844634B2D06] [SPRF][14/06/2012] (.Musiclab, LLC - BearShare.) -- C:\Users\carlos\Desktop\BearShareV10fr.exe [2365816] =>PUP.BearShare
[MD5.557F04A19184853CF475E90D7D2DDB48] [SPRF][14/10/2012] (.Apple Inc. - iTunes Installer.) -- C:\Users\carlos\Desktop\iTunesSetup.exe [78545304]
[MD5.1ED3217D714FACBE53DAC2BD62B34F85] [SPRF][02/02/2010] (.Microsoft Corporation - Windows Live Installer.) -- C:\Users\carlos\Desktop\wlsetup-web.exe [1164616]
[MD5.B88FC4BD8674DE4C314844864D0D4166] [SPRF][17/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\carlos\Desktop\ZHPDiag2.exe [5574753]
~ Files: Scanned in 00mn 02s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C6536C4E-D15F-409F-A87E-CF3665D92C1B}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P6 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
O87 - FAEL: "UDP Query User{5C51BA81-E2DC-4A99-AFA3-E0DEC98304B2}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P17 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare
~ Firewall: 230 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.11560 - (16/04/2013)
Cl�s trouv�es (Keys found) : 13
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare
[HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare
[HKLM\Software\Classes\askibar.popswatterbarbutton] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswatterbarbutton.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol] =>Toolbar.AskTBar
[HKLM\Software\Classes\askibar.popswattersettingscontrol.1] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin] =>Toolbar.AskTBar
[HKLM\Software\Classes\asktoolbar.settingsplugin.1] =>Toolbar.AskTBar
[HKCU\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKLM\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
C:\Program Files\BearShare Applications =>PUP.BearShare
C:\ProgramData\SpeedMaxPc =>PUP.SpeedMaxPc
C:\Users\carlos\AppData\Roaming\SpeedMaxPc =>PUP.SpeedMaxPc
~ Additionnel: Scanned in 00mn 57s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 21/06/2007 269448 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 28/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 13/08/2007 610304 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe
SR - | Auto 25/04/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SS - | Demand 28/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1094 Legitimates filtered by white list
End of the scan (514 lines in 06mn 53s)(0)