Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 2013-04-22
Run by galie at 2013-04-23 10:56:21
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 24367
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Kaspersky Anti-Virus 2011 v11.0.2.556
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v16.7.0.30
Windows Defender W7
---\\ System Optimizer
CCleaner v4.00
---\\ Software Update
Adobe Flash Player 10 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2936 MB (52% free)
System Restore: Activ� (Enable)
System drive C: has 167 GB (58%) free of 287 GB
---\\ Logged in mode
~ Computer Name: GALIE-THINK
~ User Name: galie
~ All Users Names: HomeGroupUser$, galie, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\galie\AppData\Roaming\
~ %Desktop% : C:\Users\galie\Desktop\
~ %Favorites% : C:\Users\galie\Favorites\
~ %LocalAppData% : C:\Users\galie\AppData\Local\
~ %StartMenu% : C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 167 Go of 287 Go)
D:\ CD-ROM drive (Not Inserted)
Q:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 10 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-02-21 - 22:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.2010-11-20 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.2010-11-20 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-24 - 21:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.2013-03-02 - 00:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 05:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.2010-11-20 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1082
~ Mes musiques (My Musics) : 1/9534
~ Mes Videos (My Videos) : 2/16
~ Mes Favoris (My Favorites) : 1/159
~ Mes Documents (My Documents) : 3/25733
~ Mon Bureau (My Desktop) : 2/34912
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 01mn 21s
---\\ Processus lanc�s
[MD5.17DD73B0BBBB722B9BCBDD5F15223BB1] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe [52600] [PID.1900]
[MD5.EF12244CD9CAD4F6A538CF1A415A3AC7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960] [PID.2280]
[MD5.0BF10B23779565BC472BEEBE3B9A20D9] - (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976] [PID.2372]
[MD5.2B083A7AD8DF8698159480A3D53E8B84] - (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe [62752] [PID.2384]
[MD5.72D9419E4AA1C40C9E34821722D335C8] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [67432] [PID.2432]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2492]
[MD5.7B5384F7DF6327BA351BCAAF9455A1AD] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe [132464] [PID.2500]
[MD5.DCEDB74733F562547150CB1D205452AC] - (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe [337184] [PID.2520]
[MD5.BCE374383583CEA7C4D97368DF5DED31] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2564]
[MD5.E6C697B63721C0FC29473962A97B0B0B] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2660]
[MD5.364D7ED5BAE561AA31E56808D2482BA1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2708]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2744]
[MD5.3B376496187AB240FAC6ECD7BD1251F6] - (.Pas de propri�taire - Message Center Plus Launcher.) -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [49976] [PID.2756]
[MD5.66A3CF1B8A895FCB2A62599D2EAE3066] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736] [PID.2812]
[MD5.B2B3FCBA37671C853879DF7DDE8A839A] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336] [PID.2056]
[MD5.626F7FCA830F9BA95AD85569BB2038C9] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [128296] [PID.3064]
[MD5.A9E1468F4959F9A4A04B90173D206B57] - (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304] [PID.3080]
[MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.3168]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3376]
[MD5.BF8650D4FEFB972A4A6A5FFC1F41C38C] - (.Microsoft Corporation - dpupdchk.exe.) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe [412552] [PID.3384]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.3408]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3728]
[MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.3820]
[MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4008]
[MD5.CC37819A9C45FDF9E0577D71D8044319] - (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4016]
[MD5.EE38D491D51FB79B7CA55500F20CD802] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe [311584] [PID.1780]
[MD5.497F27E279C0F921E2130BB89C1CB5CA] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [PID.1448]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.4356]
[MD5.46DA8E7484AC7A52CE1D6E428398724B] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720] [PID.4516]
[MD5.FBCD01BA4100D0433887B48E6CDD9B24] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7485440] [PID.4700]
[MD5.889DCA119B467434D9AE727D9E8D9C01] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5008]
[MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.5736]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.7784]
[MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.7524]
[MD5.7E6EA9CB72B5DE84A5D700BED877E5F9] - (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe [397312] [PID.6732]
[MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6961664] [PID.5848]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPHOTKEY] . (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] . (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] . (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.)
O4 - HKLM\..\Run: [Message Center Plus] . (.Pas de propri�taire - Message Center Plus Launcher.) -- C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
O4 - HKLM\..\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] . (...) -- C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [Standby] . (.Corel - Standby service.) -- c:\Program Files\Common Files\Corel\Standby\Standby.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (.not file.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Corel PaintShop Photo Pro X3.lnk . (.Corel, Inc. - Corel PaintShop Photo Pro X3.) -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe
O4 - GS\TaskBar: Corel PaintShop Pro X5.lnk . (.Corel, Inc. - Corel PaintShop Pro X5.) -- C:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\QuickLaunch: Nero Home.lnk . (.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe
O4 - GS\QuickLaunch: Nero StartSmart.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url . (...) -- C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kbrd.ico
O9 - Extra button: Notes &li�es OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CS2\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: (AcPrfMgrSvc) . (.Lenovo - ThinkVantage Access Connections Profile Man.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: (AcSvc) . (.Lenovo - ThinkVantage Access Connections Main Servic.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\Windows\system32\ASTSRV.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Pos Service (PowerOffer Service) . (.PowerOfferService - PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe
O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Incrustation (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
~ Services: 23 Legitimates Filtered in 00mn 13s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [GinyasBrowserCompanion FireFox Watcher] (...) -- C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (.not file.) [0]
[MD5.37E0736B52AA748E2E28F231BBB03E30] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [173344]
[MD5.00000000000000000000000000000000] [APT] [{184A209A-2310-47CD-B4F6-6D3D3FF7A739}] (...) -- C:\Users\galie\AppData\Local\Temp\JewelQuest3SDM.exe (.not file.) [0]
[MD5.B59DEFC593FACABBEEF98107E5C6D142] [APT] [{FDD233D2-F961-4126-B8C9-06708C7B2A99}] (...) -- C:\Program Files\WinRAR\WinRAR.exe [936960]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 05s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys
O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys
~ Drivers: 81 Legitimates Filtered in 00mn 35s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: Gestionnaire d'alimentation ThinkPad - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
O42 - Logiciel: Incrustation - (...) [HKLM] -- OnScreenDisplay
O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.0.1.2 - (.RICOH.) [HKLM] -- {C3CD17B4-08B0-492D-8A4C-81716D33E520}
O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F}
O42 - Logiciel: PowerOffer 2.0 - (...) [HKLM] -- {0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1
O42 - Logiciel: Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows - (...) [HKLM] -- EnablePS
O42 - Logiciel: Registry Patch to arrange icons in Device and Printers folder of Windows 7 - (...) [HKLM] -- W7DevOR
O42 - Logiciel: The Font Thing - (...) [HKLM] -- The Font Thing
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: UltraTorrent 2.0 - (.UltraTorrent.org.) [HKLM] -- {5BC7DF04-9FC0-4DF5-A219-2D272B234D8C}_is1
~ Logic: 168 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATS-FFormula]
[HKCU\Software\Fisher]
[HKCU\Software\Flaming Pear PV]
[HKCU\Software\RAYflect]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Topaz Labs]
[HKCU\Software\VanDerLee]
[HKLM\Software\Elf_1.15]
[HKLM\Software\Fisher]
[HKLM\Software\Macserlen]
[HKLM\Software\PowerOffer]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\ThinkVantage]
[HKLM\Software\Topaz Labs]
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
~ Key Software: 211 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2011-08-28 - 14:17:42 - [1,051] ----D C:\Program Files\Fisher
O43 - CFD: 2012-03-29 - 11:07:56 - [0,999] ----D C:\Program Files\FMPatcher
O43 - CFD: 2010-10-13 - 13:27:39 - [10,884] ----D C:\Program Files\Integrated Camera Driver
O43 - CFD: 2011-07-13 - 14:23:32 - [3,114] ----D C:\Program Files\MakeUpPilot
O43 - CFD: 2011-04-04 - 23:47:12 - [2,082] ----D C:\Program Files\malwarebite
O43 - CFD: 2010-10-13 - 13:30:42 - [36,624] ----D C:\Program Files\ThinkPad
O43 - CFD: 2010-10-13 - 13:32:31 - [0,012] ----D C:\Program Files\ThinkVantage
O43 - CFD: 2012-06-26 - 23:16:05 - [8,621] ----D C:\Program Files\Topaz Labs
O43 - CFD: 2013-04-11 - 10:55:44 - [6,905] ----D C:\Program Files\UltraTorrent
O43 - CFD: 2013-04-23 - 07:42:05 - [30,439] ----D C:\Program Files\Common Files\Akamai
O43 - CFD: 2013-04-05 - 11:27:05 - [1,852] ----D C:\Users\galie\AppData\Roaming\uTorrent
O43 - CFD: 2013-03-18 - 11:36:55 - [32,441] ----D C:\Users\galie\AppData\Local\Akamai
O43 - CFD: 2012-04-26 - 11:44:16 - [1,285] ----D C:\Users\galie\AppData\Local\LiveCraft
O43 - CFD: 2011-04-04 - 23:02:30 - [0,006] ----D C:\Users\galie\AppData\Local\Panther
O43 - CFD: 2012-06-04 - 16:15:15 - [1,385] ----D C:\Users\galie\AppData\Local\PosService
O43 - CFD: 2012-06-04 - 16:15:03 - [1,582] ----D C:\Users\galie\AppData\Local\PowerOffer
O43 - CFD: 2013-01-23 - 17:34:46 - [1,238] ----D C:\Users\galie\AppData\Local\ServUpdater
O43 - CFD: 2011-07-13 - 14:23:32 - [0] ----D C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeUpPilot
~ 539 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 813 Legitimates Filtered in 00mn 58s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 2013-04-22 - 19:35:04 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003]
~ Files: 45 Legitimates Filtered in 00mn 08s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\ACGina.dll
~ LSA: 10 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{441ffdee-d6ee-11df-8fb7-806e6f6e6963}\AutoRun\command. (.Lenovo Group Limited - Lenovo Factory Backup Partition Information.) -- Q:\LenovoQDrive.exe
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.D623AF0D0DB0F13D32CAE34D3F0DAD39] - 2009-06-18 - 03:21:06 ----- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [125568]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 2008-05-12 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 2009-08-23 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF
~ Legacy: 95 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {591E527C-E9FC-424F-B38F-E97E698798F2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {D7E280B4-8191-4C77-B8FC-177D4F326020} - (Softonic FR) - http://www.softonic.fr
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3D738EC947C0EDD6AF0D24F564C4744A] [SPRF][2011-01-24] (...) -- C:\ProgramData\8274819577.sys [88]
[MD5.E3517457F6FBFA53B107E1F6B91A6DA6] [SPRF][2010-10-29] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.A9341B3337F3390CBE5C5417088187C4] [SPRF][2013-03-21] (...) -- C:\ProgramData\KGyGaAvL.sys [5642]
[MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\pqr.exe [114688]
[MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\qxj.exe [114688]
[MD5.B2AC8F6C8464929EB37E12AC1B065F95] [SPRF][2013-04-22] (...) -- C:\Users\galie\AppData\Local\Temp\secuniasi7231367373296541728.dll [192512]
[MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][2002-10-02] (...) -- C:\Users\galie\Desktop\BesCheReLle.exe [635392]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][2006-06-30] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.D715A946E66028CDB04C9E9F8C7137F5] [SPRF][2007-03-20] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [205744]
[MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][2008-10-24] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][2006-08-29] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{5C6D31B4-4EE6-4791-9598-B520E0BBB185}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "UDP Query User{761567F0-3833-4058-9106-F76BB300D9EA}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "TCP Query User{92228B00-C2F4-4B19-A3F3-7B67B3412976}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "UDP Query User{226FD748-8DBE-473A-8DBC-3E67A0EA0FEA}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "TCP Query User{935A329F-366D-480A-BE98-F59F651F85C5}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "UDP Query User{30D57E4C-BB23-425C-9980-659C68F2514B}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "TCP Query User{3936E9BA-6C88-49C8-BB28-8FE4BAA34278}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "UDP Query User{7B267227-A1C8-4324-9DB4-D3C9AAFAEC71}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
~ Firewall: 232 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11647 - (2013-04-22)
Cl�s trouv�es (Keys found) : 11
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Elf_1.15] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Additionnel Scan: 420624 Items scanned in 00mn 36s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "0335B4D39AEC85D438554727A95E72DC" . (.Topaz Clean 2.) -- C:\Windows\Installer\{3D4B5330-CEA9-4D58-8355-74729AE527CD}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "16F2A4AD62E115D449BB637D6787DBDA" . (.PSPH10Pro.) -- c:\Windows\Installer\{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}\ARPPRODUCTICON.exe
O90 - PUC: "1A68418D17329504CA07A18B49CA696E" . (.AT&T Service Activation.) -- C:\Windows\Installer\{D81486A1-2371-4059-AC70-1AB894AC96E6}\ARPPRODUCTICON.exe
O90 - PUC: "49648A64CE950F8469C4E7679E8F2ADE" . (.Syst�me de protection active ThinkVantage.) -- C:\Windows\Installer\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}\ARPPRODUCTICON.exe
O90 - PUC: "498735E8955A06D43BBC4F84E5D3423E" . (.ThinkVantage Access Connections.) -- C:\Windows\Installer\{8E537894-A559-4D60-B3CB-F4485E3D24E3}\ARPPRODUCTICON.exe
O90 - PUC: "6315CD058E12CB84795EA10D556F0B6B" . (.Create Recovery Media.) -- C:\Program Files\Lenovo\Factory Recovery\recovburncd.exe,0
O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- c:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe
O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- c:\Program Files\Lenovo\System Update\Tvsu.exe
O90 - PUC: "E7C7B48DD4E22004C88AEE4DDE3B33CA" . (.MLE.) -- c:\Windows\Installer\{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}\ARPPRODUCTICON.exe
~ Update Products: 134 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2009-09-08 124192 | (AcPrfMgrSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
SR - | Auto 2009-09-08 242976 | (AcSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 2013-04-11 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2009-07-13 20992 | c:\program files\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2008-05-19 57344 | (ASTSRV) . (.Nalpeiron Ltd..) - C:\Windows\system32\ASTSRV.exe
SR - | Auto 2010-11-02 365336 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 2010-10-17 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2010-10-17 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-08-14 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 2009-08-06 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 2009-08-18 38176 | (IBMPMSVC) . (.Lenovo.) - C:\Windows\System32\ibmpmsvc.exe
SR - | Demand 2013-02-20 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2007-01-04 112152 | (IviRegMgr) . (.InterVideo.) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
SR - | Auto 2009-07-03 45424 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 2013-01-23 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 2007-09-20 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 2011-09-22 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\nlssrv32.exe
SS - | Demand 2007-10-23 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Demand 0 | (PCDSRVC{3037D694-FD904ACA-06000000}_0) . (...) - c:\program files\pc-doctor\pcdsrvc.pkms
SS - | Demand 2009-08-23 75040 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
SS - | Auto 2011-12-16 164352 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe
SR - | Auto 2010-03-10 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Demand 2009-08-04 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
SS - | Auto 2009-08-04 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
SS - | Auto 2009-08-04 309744 | (RoxLiveShare10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
SS - | Demand 2009-08-04 1124848 | (RoxMediaDB10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
SS - | Auto 2009-08-04 166384 | (RoxWatch10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
SS - | Auto 2013-01-08 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2009-04-30 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 2009-09-04 15872 | (SUService) . (.Lenovo Group Limited.) - c:\Program Files\Lenovo\System Update\SUService.exe
SS - | Demand 1899-12-30 0 | C:\Windows\System32\TPHDEXLG.exe (TPHDEXLGSVC) . (.Lenovo..) - c:\System32\TPHDEXLG.exe
SR - | Auto 2009-05-21 62320 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 2009-07-13 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
~ 1823 Legitimates filtered by white list
End of the scan (604 lines in 04mn 24s)(0)
Run by galie at 2013-04-23 10:56:21
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 24367
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Kaspersky Anti-Virus 2011 v11.0.2.556
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v16.7.0.30
Windows Defender W7
---\\ System Optimizer
CCleaner v4.00
---\\ Software Update
Adobe Flash Player 10 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2936 MB (52% free)
System Restore: Activ� (Enable)
System drive C: has 167 GB (58%) free of 287 GB
---\\ Logged in mode
~ Computer Name: GALIE-THINK
~ User Name: galie
~ All Users Names: HomeGroupUser$, galie, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\galie\AppData\Roaming\
~ %Desktop% : C:\Users\galie\Desktop\
~ %Favorites% : C:\Users\galie\Favorites\
~ %LocalAppData% : C:\Users\galie\AppData\Local\
~ %StartMenu% : C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 167 Go of 287 Go)
D:\ CD-ROM drive (Not Inserted)
Q:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 10 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-02-21 - 22:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.2010-11-20 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.2010-11-20 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-24 - 21:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.2013-03-02 - 00:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 05:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.2010-11-20 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1082
~ Mes musiques (My Musics) : 1/9534
~ Mes Videos (My Videos) : 2/16
~ Mes Favoris (My Favorites) : 1/159
~ Mes Documents (My Documents) : 3/25733
~ Mon Bureau (My Desktop) : 2/34912
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 01mn 21s
---\\ Processus lanc�s
[MD5.17DD73B0BBBB722B9BCBDD5F15223BB1] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe [52600] [PID.1900]
[MD5.EF12244CD9CAD4F6A538CF1A415A3AC7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960] [PID.2280]
[MD5.0BF10B23779565BC472BEEBE3B9A20D9] - (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976] [PID.2372]
[MD5.2B083A7AD8DF8698159480A3D53E8B84] - (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe [62752] [PID.2384]
[MD5.72D9419E4AA1C40C9E34821722D335C8] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [67432] [PID.2432]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2492]
[MD5.7B5384F7DF6327BA351BCAAF9455A1AD] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe [132464] [PID.2500]
[MD5.DCEDB74733F562547150CB1D205452AC] - (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe [337184] [PID.2520]
[MD5.BCE374383583CEA7C4D97368DF5DED31] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2564]
[MD5.E6C697B63721C0FC29473962A97B0B0B] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2660]
[MD5.364D7ED5BAE561AA31E56808D2482BA1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2708]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2744]
[MD5.3B376496187AB240FAC6ECD7BD1251F6] - (.Pas de propri�taire - Message Center Plus Launcher.) -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [49976] [PID.2756]
[MD5.66A3CF1B8A895FCB2A62599D2EAE3066] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736] [PID.2812]
[MD5.B2B3FCBA37671C853879DF7DDE8A839A] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336] [PID.2056]
[MD5.626F7FCA830F9BA95AD85569BB2038C9] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [128296] [PID.3064]
[MD5.A9E1468F4959F9A4A04B90173D206B57] - (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304] [PID.3080]
[MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.3168]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3376]
[MD5.BF8650D4FEFB972A4A6A5FFC1F41C38C] - (.Microsoft Corporation - dpupdchk.exe.) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe [412552] [PID.3384]
[MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.3408]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3728]
[MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.3820]
[MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4008]
[MD5.CC37819A9C45FDF9E0577D71D8044319] - (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4016]
[MD5.EE38D491D51FB79B7CA55500F20CD802] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe [311584] [PID.1780]
[MD5.497F27E279C0F921E2130BB89C1CB5CA] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [PID.1448]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.4356]
[MD5.46DA8E7484AC7A52CE1D6E428398724B] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720] [PID.4516]
[MD5.FBCD01BA4100D0433887B48E6CDD9B24] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7485440] [PID.4700]
[MD5.889DCA119B467434D9AE727D9E8D9C01] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5008]
[MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.5736]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.7784]
[MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.7524]
[MD5.7E6EA9CB72B5DE84A5D700BED877E5F9] - (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe [397312] [PID.6732]
[MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6961664] [PID.5848]
~ Processes Running: Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [TPHOTKEY] . (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] . (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] . (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.)
O4 - HKLM\..\Run: [Message Center Plus] . (.Pas de propri�taire - Message Center Plus Launcher.) -- C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
O4 - HKLM\..\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] . (...) -- C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [Standby] . (.Corel - Standby service.) -- c:\Program Files\Common Files\Corel\Standby\Standby.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (.not file.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Corel PaintShop Photo Pro X3.lnk . (.Corel, Inc. - Corel PaintShop Photo Pro X3.) -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe
O4 - GS\TaskBar: Corel PaintShop Pro X5.lnk . (.Corel, Inc. - Corel PaintShop Pro X5.) -- C:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\QuickLaunch: Nero Home.lnk . (.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe
O4 - GS\QuickLaunch: Nero StartSmart.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url . (...) -- C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kbrd.ico
O9 - Extra button: Notes &li�es OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CS2\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: (AcPrfMgrSvc) . (.Lenovo - ThinkVantage Access Connections Profile Man.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: (AcSvc) . (.Lenovo - ThinkVantage Access Connections Main Servic.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\Windows\system32\ASTSRV.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Pos Service (PowerOffer Service) . (.PowerOfferService - PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe
O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Incrustation (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
~ Services: 23 Legitimates Filtered in 00mn 13s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [GinyasBrowserCompanion FireFox Watcher] (...) -- C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (.not file.) [0]
[MD5.37E0736B52AA748E2E28F231BBB03E30] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [173344]
[MD5.00000000000000000000000000000000] [APT] [{184A209A-2310-47CD-B4F6-6D3D3FF7A739}] (...) -- C:\Users\galie\AppData\Local\Temp\JewelQuest3SDM.exe (.not file.) [0]
[MD5.B59DEFC593FACABBEEF98107E5C6D142] [APT] [{FDD233D2-F961-4126-B8C9-06708C7B2A99}] (...) -- C:\Program Files\WinRAR\WinRAR.exe [936960]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 05s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys
O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys
~ Drivers: 81 Legitimates Filtered in 00mn 35s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai
O42 - Logiciel: Gestionnaire d'alimentation ThinkPad - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
O42 - Logiciel: Incrustation - (...) [HKLM] -- OnScreenDisplay
O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.0.1.2 - (.RICOH.) [HKLM] -- {C3CD17B4-08B0-492D-8A4C-81716D33E520}
O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F}
O42 - Logiciel: PowerOffer 2.0 - (...) [HKLM] -- {0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1
O42 - Logiciel: Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows - (...) [HKLM] -- EnablePS
O42 - Logiciel: Registry Patch to arrange icons in Device and Printers folder of Windows 7 - (...) [HKLM] -- W7DevOR
O42 - Logiciel: The Font Thing - (...) [HKLM] -- The Font Thing
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: UltraTorrent 2.0 - (.UltraTorrent.org.) [HKLM] -- {5BC7DF04-9FC0-4DF5-A219-2D272B234D8C}_is1
~ Logic: 168 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATS-FFormula]
[HKCU\Software\Fisher]
[HKCU\Software\Flaming Pear PV]
[HKCU\Software\RAYflect]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Topaz Labs]
[HKCU\Software\VanDerLee]
[HKLM\Software\Elf_1.15]
[HKLM\Software\Fisher]
[HKLM\Software\Macserlen]
[HKLM\Software\PowerOffer]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\ThinkVantage]
[HKLM\Software\Topaz Labs]
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
~ Key Software: 211 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2011-08-28 - 14:17:42 - [1,051] ----D C:\Program Files\Fisher
O43 - CFD: 2012-03-29 - 11:07:56 - [0,999] ----D C:\Program Files\FMPatcher
O43 - CFD: 2010-10-13 - 13:27:39 - [10,884] ----D C:\Program Files\Integrated Camera Driver
O43 - CFD: 2011-07-13 - 14:23:32 - [3,114] ----D C:\Program Files\MakeUpPilot
O43 - CFD: 2011-04-04 - 23:47:12 - [2,082] ----D C:\Program Files\malwarebite
O43 - CFD: 2010-10-13 - 13:30:42 - [36,624] ----D C:\Program Files\ThinkPad
O43 - CFD: 2010-10-13 - 13:32:31 - [0,012] ----D C:\Program Files\ThinkVantage
O43 - CFD: 2012-06-26 - 23:16:05 - [8,621] ----D C:\Program Files\Topaz Labs
O43 - CFD: 2013-04-11 - 10:55:44 - [6,905] ----D C:\Program Files\UltraTorrent
O43 - CFD: 2013-04-23 - 07:42:05 - [30,439] ----D C:\Program Files\Common Files\Akamai
O43 - CFD: 2013-04-05 - 11:27:05 - [1,852] ----D C:\Users\galie\AppData\Roaming\uTorrent
O43 - CFD: 2013-03-18 - 11:36:55 - [32,441] ----D C:\Users\galie\AppData\Local\Akamai
O43 - CFD: 2012-04-26 - 11:44:16 - [1,285] ----D C:\Users\galie\AppData\Local\LiveCraft
O43 - CFD: 2011-04-04 - 23:02:30 - [0,006] ----D C:\Users\galie\AppData\Local\Panther
O43 - CFD: 2012-06-04 - 16:15:15 - [1,385] ----D C:\Users\galie\AppData\Local\PosService
O43 - CFD: 2012-06-04 - 16:15:03 - [1,582] ----D C:\Users\galie\AppData\Local\PowerOffer
O43 - CFD: 2013-01-23 - 17:34:46 - [1,238] ----D C:\Users\galie\AppData\Local\ServUpdater
O43 - CFD: 2011-07-13 - 14:23:32 - [0] ----D C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeUpPilot
~ 539 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 813 Legitimates Filtered in 00mn 58s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 2013-04-22 - 19:35:04 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003]
~ Files: 45 Legitimates Filtered in 00mn 08s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\ACGina.dll
~ LSA: 10 Legitimates Filtered in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{441ffdee-d6ee-11df-8fb7-806e6f6e6963}\AutoRun\command. (.Lenovo Group Limited - Lenovo Factory Backup Partition Information.) -- Q:\LenovoQDrive.exe
~ Keys: Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.D623AF0D0DB0F13D32CAE34D3F0DAD39] - 2009-06-18 - 03:21:06 ----- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [125568]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 2008-05-12 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 2009-08-23 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF
~ Legacy: 95 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {591E527C-E9FC-424F-B38F-E97E698798F2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {D7E280B4-8191-4C77-B8FC-177D4F326020} - (Softonic FR) - http://www.softonic.fr
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3D738EC947C0EDD6AF0D24F564C4744A] [SPRF][2011-01-24] (...) -- C:\ProgramData\8274819577.sys [88]
[MD5.E3517457F6FBFA53B107E1F6B91A6DA6] [SPRF][2010-10-29] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.A9341B3337F3390CBE5C5417088187C4] [SPRF][2013-03-21] (...) -- C:\ProgramData\KGyGaAvL.sys [5642]
[MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\pqr.exe [114688]
[MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\qxj.exe [114688]
[MD5.B2AC8F6C8464929EB37E12AC1B065F95] [SPRF][2013-04-22] (...) -- C:\Users\galie\AppData\Local\Temp\secuniasi7231367373296541728.dll [192512]
[MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][2002-10-02] (...) -- C:\Users\galie\Desktop\BesCheReLle.exe [635392]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][2006-06-30] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.D715A946E66028CDB04C9E9F8C7137F5] [SPRF][2007-03-20] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [205744]
[MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][2008-10-24] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736]
[MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][2006-08-29] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{5C6D31B4-4EE6-4791-9598-B520E0BBB185}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "UDP Query User{761567F0-3833-4058-9106-F76BB300D9EA}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "TCP Query User{92228B00-C2F4-4B19-A3F3-7B67B3412976}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "UDP Query User{226FD748-8DBE-473A-8DBC-3E67A0EA0FEA}C:\users\galie\desktop\��i�tfix\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\��i�tfix\mirc.exe
O87 - FAEL: "TCP Query User{935A329F-366D-480A-BE98-F59F651F85C5}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "UDP Query User{30D57E4C-BB23-425C-9980-659C68F2514B}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "TCP Query User{3936E9BA-6C88-49C8-BB28-8FE4BAA34278}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
O87 - FAEL: "UDP Query User{7B267227-A1C8-4324-9DB4-D3C9AAFAEC71}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe
~ Firewall: 232 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11647 - (2013-04-22)
Cl�s trouv�es (Keys found) : 11
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Elf_1.15] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Additionnel Scan: 420624 Items scanned in 00mn 36s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "0335B4D39AEC85D438554727A95E72DC" . (.Topaz Clean 2.) -- C:\Windows\Installer\{3D4B5330-CEA9-4D58-8355-74729AE527CD}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "16F2A4AD62E115D449BB637D6787DBDA" . (.PSPH10Pro.) -- c:\Windows\Installer\{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}\ARPPRODUCTICON.exe
O90 - PUC: "1A68418D17329504CA07A18B49CA696E" . (.AT&T Service Activation.) -- C:\Windows\Installer\{D81486A1-2371-4059-AC70-1AB894AC96E6}\ARPPRODUCTICON.exe
O90 - PUC: "49648A64CE950F8469C4E7679E8F2ADE" . (.Syst�me de protection active ThinkVantage.) -- C:\Windows\Installer\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}\ARPPRODUCTICON.exe
O90 - PUC: "498735E8955A06D43BBC4F84E5D3423E" . (.ThinkVantage Access Connections.) -- C:\Windows\Installer\{8E537894-A559-4D60-B3CB-F4485E3D24E3}\ARPPRODUCTICON.exe
O90 - PUC: "6315CD058E12CB84795EA10D556F0B6B" . (.Create Recovery Media.) -- C:\Program Files\Lenovo\Factory Recovery\recovburncd.exe,0
O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- c:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe
O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- c:\Program Files\Lenovo\System Update\Tvsu.exe
O90 - PUC: "E7C7B48DD4E22004C88AEE4DDE3B33CA" . (.MLE.) -- c:\Windows\Installer\{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}\ARPPRODUCTICON.exe
~ Update Products: 134 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2009-09-08 124192 | (AcPrfMgrSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
SR - | Auto 2009-09-08 242976 | (AcSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 2013-04-11 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2009-07-13 20992 | c:\program files\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2008-05-19 57344 | (ASTSRV) . (.Nalpeiron Ltd..) - C:\Windows\system32\ASTSRV.exe
SR - | Auto 2010-11-02 365336 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 2010-10-17 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2010-10-17 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-08-14 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 2009-08-06 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 2009-08-18 38176 | (IBMPMSVC) . (.Lenovo.) - C:\Windows\System32\ibmpmsvc.exe
SR - | Demand 2013-02-20 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2007-01-04 112152 | (IviRegMgr) . (.InterVideo.) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
SR - | Auto 2009-07-03 45424 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 2013-01-23 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
SR - | Auto 2007-09-20 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 2011-09-22 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\nlssrv32.exe
SS - | Demand 2007-10-23 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Demand 0 | (PCDSRVC{3037D694-FD904ACA-06000000}_0) . (...) - c:\program files\pc-doctor\pcdsrvc.pkms
SS - | Demand 2009-08-23 75040 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
SS - | Auto 2011-12-16 164352 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe
SR - | Auto 2010-03-10 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Demand 2009-08-04 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
SS - | Auto 2009-08-04 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
SS - | Auto 2009-08-04 309744 | (RoxLiveShare10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
SS - | Demand 2009-08-04 1124848 | (RoxMediaDB10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
SS - | Auto 2009-08-04 166384 | (RoxWatch10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
SS - | Auto 2013-01-08 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2009-04-30 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Auto 2009-09-04 15872 | (SUService) . (.Lenovo Group Limited.) - c:\Program Files\Lenovo\System Update\SUService.exe
SS - | Demand 1899-12-30 0 | C:\Windows\System32\TPHDEXLG.exe (TPHDEXLGSVC) . (.Lenovo..) - c:\System32\TPHDEXLG.exe
SR - | Auto 2009-05-21 62320 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 2009-07-13 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
~ 1823 Legitimates filtered by white list
End of the scan (604 lines in 04mn 24s)(0)