Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.23.139 par Nicolas Coolman, Update du 23/04/2013
Run by David at 24/04/2013 10:00:51
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v26.0.1410.64
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2BT4J
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1483.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7
---\\ System Optimizer
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 16 GB (11%) free of 141 GB
---\\ Logged in mode
~ Computer Name: 35E59N8W
~ User Name: David
~ All Users Names: UpdatusUser, HomeGroupUser$, David, brid�, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\David\AppData\Roaming\
~ %Desktop% : C:\Users\David\Desktop\
~ %Favorites% : C:\Users\David\Favorites\
~ %LocalAppData% : C:\Users\David\AppData\Local\
~ %StartMenu% : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 16 Go of 141 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 50 Go of 141 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:30:16.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/144
~ Mes musiques (My Musics) : 121/269
~ Mes Videos (My Videos) : 1/99
~ Mes Favoris (My Favorites) : 1/379
~ Mes Documents (My Documents) : 8/7752
~ Mon Bureau (My Desktop) : 7/4394
~ Menu demarrer (Programs) : 1/90
~ Hidden Files: Scanned in 00mn 12s
---\\ Processus lanc�s
[MD5.015C6099859F1E646D658DE55AA8A2AA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.504]
[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2080]
[MD5.091A0924AC02AE0A04F3D03BCCDE2712] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2246144] [PID.2104]
[MD5.A46796CCF032D35720347262998D1F90] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [835072] [PID.2112]
[MD5.E3735DC796E5183D63F35921B058934C] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800] [PID.2120]
[MD5.64F562F206E5474B9E01F8CD944770A6] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192] [PID.2848]
[MD5.3EE8375B1063CF4A0C4353123F4129C5] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280] [PID.3576]
[MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.496]
[MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.792]
[MD5.428F4A9D4CB5816030F88F3DD7595675] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.768]
[MD5.AF6A30EE63F360C85099137F0F64D031] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488] [PID.1548]
[MD5.5300552AC15F1A877C4B6BB6512AD1FD] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288] [PID.392]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.1532]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4124]
[MD5.61F5A23510D46FE7C02931604AFC8407] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe [149784] [PID.4532]
[MD5.316F1706417F82AF97D1E149A19E6D3E] - (.Logitech, Inc. - SetPoint User Interface (UNICODE).) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe [453400] [PID.4992]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.224]
[MD5.88156BBA7DF86C9F4921FE098A7488D1] - (.Pas de propri�taire - Samsung Update Plus.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe [650920] [PID.0]
[MD5.AAE42F24B1510ADF8E7DE92085B8E67F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6971904] [PID.5076]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\prefs.js
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\howjsay.xml
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\urban-dictionary.xml
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\wr-english-french.xml
P2 - FPN:Firefox Plugin Navigator . (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npDivxPlayerPlugin.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 55 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: PROMT - {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} . (.PROMT Ltd. - PROMT for Internet Explorer.) -- C:\Program Files\PRMT9\PRMTIE\prmtie.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
~ BHO: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
O3 - Toolbar: Traducteur PROMT - [HKLM]{C7DDDD27-F303-42A5-B979-51559F7DC0F0} . (.PROMT Ltd. - PROMT for Internet Explorer.) -- C:\Program Files\PRMT9\PRMTIE\prmtie.dll
O3 - Toolbar: IE AdBlock - [HKLM]{BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [KiesTrayAgent] Cl� orpheline
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1072828290-3828818215-1948454868-1009\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1072828290-3828818215-1948454868-1009\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive Setup.) -- C:\Program Files\Microsoft SkyDrive\SkyDriveSetup.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe
O4 - GS\Desktop: CyberLink DVD Suite.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
O4 - GS\Desktop: CyberLink YouCam.lnk . (.CyberLink Corp. - CyberLink YouCam.) -- C:\Program Files\CyberLink\YouCam\YouCam.exe
O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\David\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Livephone.lnk . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: Subtitle Workshop.lnk . (...) -- C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: PDF Password Cracker Pro v2.0.lnk . (...) -- C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 04s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{23C779FB-BDE2-414D-9ED9-58DA1ADE351F}] (...) -- C:\Users\David\Downloads\IDoserSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{24A73B48-FBD7-4326-9DAC-C669755490F1}] (...) -- C:\Users\David\Downloads\SteamInstall_French.msi" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3250748E-5AFB-4982-8E3B-2382512D6732}] (...) -- C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{41DB3752-585C-4E46-88E5-E84423241610}] (...) -- C:\Users\David\Desktop\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4509B611-F689-44AD-8FDF-F3520B4198D0}] (...) -- E:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6818232F-6AED-4A1B-A9F1-F37D32A136D6}] (...) -- C:\Users\David\Downloads\SteamInstall_French.msi" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9535C65C-A142-49F0-AE1C-F49E26CD6DDE}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A9F2412F-2D79-404E-87F6-E7EDDCF60171}] (...) -- C:\Users\David\Desktop\RegCleaner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF766AE3-E0C3-4A99-85EC-CDE10139F56E}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2C86D50-6A7D-417E-9FFF-DABECF32F655}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BC4F8FB9-5521-4C23-90D5-C6044F47DC11}] (...) -- C:\Users\David\Downloads\Video games\setup-base-all-beta.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BEDCD25B-BD02-466C-A921-93E80BF8D851}] (...) -- C:\Users\David\Downloads\portal-prelude-setup-1.1.5.exe (.not file.) [0]
[MD5.7C3CDAB15A6D6B8627E835852BBD2ED3] [APT] [{CEFF5DF1-151A-4025-9E0E-548858B987F3}] (.Apple Computer, Inc..) -- C:\windows\system32\QuickTime.cpl [323072]
[MD5.00000000000000000000000000000000] [APT] [{E2407D99-836E-4AC1-AE1C-6FDEA4C0F6A1}] (...) -- C:\Users\David\Downloads\dldof.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E39FCC1A-EFB8-4DD1-88EE-4D0447DF0F71}] (...) -- C:\Users\David\Desktop\tmnationseswc_175_to_179_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E4A17348-4551-4801-9965-BF91FF4712CD}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED88D6DF-776B-437B-881D-B2A0A8590488}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EFD90948-CC72-44A5-8CF8-A6568A99C9B3}] (...) -- C:\Users\David\Downloads\PROMT9_Standard_EngFra_EFE(1).exe (.not file.) [0]
[MD5.9C429B0B71263C805CA1505FB3D5C7D1] [APT] [{FCEEE03B-89AC-468F-90AA-73401A55ABA3}] (.Ripp-it Te@m.) -- C:\Program Files\Ripp-it_AM\Ripp-it_AM.exe [7502974]
[MD5.00000000000000000000000000000000] [APT] [{FE138B68-841D-40DC-A5F5-E2AE076506CA}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [dofus] (...) -- C:\Program Files\Dofus 2\app\UpLauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PROMT8_Professional_EngFra_EFE_trial] (...) -- C:\Users\David\Desktop\PROMT8_Professional_EngFra_EFE_trial.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [uacpass] (...) -- C:\Users\David\Desktop\uacpass.exe (.not file.) [0]
~ Scheduled Task: 43 Legitimates Filtered in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AMCap - (.No�l Danjou.) [HKLM] -- AMCap
O42 - Logiciel: Alliance of Valiant Arms - (...) [HKLM] -- Steam App 102700
O42 - Logiciel: Alt WAV MP3 WMA OGG Converter 7.3 - (.Nesoft Inc..) [HKLM] -- Alt WAV MP3 WMA OGG Converter 7.3_is1
O42 - Logiciel: D�sinstaller Raveille - (.Yolan Ch�riaux.) [HKLM] -- Raveille_is1
O42 - Logiciel: Freez Screen Video Capture v1.2 - (.www.smallvideosoft.com.) [HKLM] -- Freez Screen Video Capture v1.2_is1
O42 - Logiciel: HOMEFRONT Demo - (...) [HKLM] -- Steam App 55130
O42 - Logiciel: IE AdBlock - (.CatenaLogic.) [HKLM] -- IE AdBlock_is1
O42 - Logiciel: Lernout & Hauspie TruVoice American English TTS Engine - (...) [HKLM] -- tv_enua
O42 - Logiciel: Livephone application 2.5.6 - (.France Telecom R&D.) [HKLM] -- t�l�phone sur PC
O42 - Logiciel: Macro Wizard 4.1 - VsiSystems.com - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Mouse Recorder Pro 2.0.5.0 - (.Nemex Studios.) [HKLM] -- {889E44CE-435C-4D37-B302-A7E43339E5FA}_is1
O42 - Logiciel: Super Monday Night Combat - (...) [HKLM] -- Steam App 104700
O42 - Logiciel: SuperExec 4.4.1.347 - (.JCB.) [HKLM] -- {44DDD690-3D1B-4289-9BA3-FDFD61D7E11B}_is1
O42 - Logiciel: WebPlayer - (.Kreapixel.) [HKLM] -- {582E705F-1D5C-46E1-8FB7-DBE7BBDBA5CA} =>Adware.SocialSkinz
~ Logic: 183 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACP]
[HKCU\Software\Blabbers ] =>PUP.Blabbers
[HKCU\Software\Ghost Control]
[HKCU\Software\LdShih]
[HKCU\Software\NecroSystems]
[HKCU\Software\Past Motion Interactive]
[HKCU\Software\eMule]
[HKLM\Software\Karos]
[HKLM\Software\Uber]
[HKLM\Software\jcb]
~ Key Software: 307 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/06/2010 - 13:59:59 - [15,650] ----D C:\Program Files\Alt WAV MP3 WMA OGG Converter
O43 - CFD: 22/10/2012 - 20:55:36 - [2,673] ----D C:\Program Files\IE AdBlock
O43 - CFD: 11/10/2010 - 05:17:30 - [0,520] ----D C:\Program Files\Macro Wizard 4.1
O43 - CFD: 11/10/2010 - 20:33:10 - [4,273] ----D C:\Program Files\Nemex
O43 - CFD: 17/08/2010 - 01:12:35 - [1,606] ----D C:\Program Files\Raveille
O43 - CFD: 22/05/2010 - 23:00:27 - [24,124] ----D C:\Program Files\Smallvideosoft
O43 - CFD: 02/03/2012 - 01:55:57 - [7,266] ----D C:\Program Files\SuperExec
O43 - CFD: 26/11/2011 - 00:16:07 - [42,482] ----D C:\Program Files\Telephone sur PC
O43 - CFD: 29/04/2012 - 12:17:34 - [0,133] ----D C:\Program Files\TranslateIt!
O43 - CFD: 18/02/2010 - 02:12:09 - [5,763] ----D C:\ProgramData\Dictionaries
O43 - CFD: 06/02/2010 - 20:48:31 - [5,763] ----D C:\ProgramData\EaseDic
O43 - CFD: 13/02/2011 - 19:12:01 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 18/02/2010 - 02:17:03 - [5,254] ----D C:\ProgramData\Fonts
O43 - CFD: 18/02/2010 - 02:16:43 - [0,000] ----D C:\ProgramData\RInfo
O43 - CFD: 07/09/2010 - 00:12:06 - [0,006] ----D C:\ProgramData\Vocaboly
O43 - CFD: 13/03/2013 - 18:49:09 - [0,280] ----D C:\Users\David\AppData\Roaming\Awesomium
O43 - CFD: 18/02/2010 - 02:40:35 - [25,910] ----D C:\Users\David\AppData\Roaming\EaseDic
O43 - CFD: 23/01/2012 - 15:33:54 - [24,110] ----D C:\Users\David\AppData\Roaming\LimeWire
O43 - CFD: 11/10/2010 - 20:33:14 - [0] ----D C:\Users\David\AppData\Roaming\Mouse Recorder Pro
O43 - CFD: 26/11/2011 - 00:16:20 - [0,010] ----D C:\Users\David\AppData\Roaming\Telephone sur PC
O43 - CFD: 29/04/2012 - 12:17:33 - [0] ----D C:\Users\David\AppData\Roaming\TranslateIt 8.1 build 3
O43 - CFD: 13/02/2011 - 19:11:44 - [0,025] ----D C:\Users\David\AppData\Local\eMule
O43 - CFD: 11/10/2010 - 20:33:27 - [0,003] ----D C:\Users\David\AppData\Local\Nemex
O43 - CFD: 15/05/2012 - 15:50:31 - [0,043] ----D C:\Users\David\AppData\Local\Nous
O43 - CFD: 01/04/2012 - 04:36:56 - [0,001] ----D C:\Users\David\AppData\Local\Sinvise Systems
O43 - CFD: 04/10/2012 - 17:35:15 - [0,002] ----D C:\Users\David\AppData\Local\Uber_Entertainment
O43 - CFD: 13/02/2010 - 22:29:57 - [0] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
O43 - CFD: 11/10/2010 - 05:17:06 - [0] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macro Wizard
O43 - CFD: 04/10/2012 - 17:34:08 - [0,000] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
~ 370 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 739 Legitimates Filtered in 00mn 18s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6AA7B493481A1AA0E2043C9E24D25A38] - 24/04/2013 - 07:48:25 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [13625]
O44 - LFC:[MD5.C0BBB99DEABFF462E10F1B452316573B] - 12/04/2013 - 22:02:55 ---A- . (...) -- C:\Windows\LkmdfCoInst.log [3572]
~ Files: 74 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.494D428FFF72325FCCBB0FB7BDBA2907] - 23/04/2013 - 13:46:35 ---A- - C:\Windows\Prefetch\LXDQCOMS.EXE-82629EA4.pf
O45 - LFCP:[MD5.9C9FC1B8147E099DB38E93306E869C66] - 23/04/2013 - 13:49:14 ---A- - C:\Windows\Prefetch\DMHKCORE.EXE-67EA6A45.pf
O45 - LFCP:[MD5.3914A3195A9E26D3F8BF86F12808E5CE] - 24/04/2013 - 07:53:24 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-FC4D8CF6.pf
O45 - LFCP:[MD5.0013D6B1E8D18F892BD12DF0EFC13CA9] - 24/04/2013 - 08:23:18 ---A- - C:\Windows\Prefetch\SETPOINTII.EXE-25740653.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{f5ebcb01-da18-11df-aa2e-00245442326e}\AutoRun\command. (...) -- F:\ICM_ML.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\4Sync [Key] . (...) -- C:\Program Files\4Sync\4Sync.exe
O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O53 - SMSR:HKLM\...\startupreg\TELEPHONESURPCAGENT [Key] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "LocalAccountTokenFilterPolicy"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 21/04/2013 - 20:12:48 ---A- C:\Users\David\Downloads\FHSetup.exe [264757]
O61 - LFC: 21/04/2013 - 20:19:10 ---A- C:\Users\David\Downloads\jre-7u21-windows-i586.exe [31666592]
O61 - LFC: 24/04/2013 - 07:39:30 ---A- C:\Users\David\Downloads\adwcleaner.exe [619461]
~ 20 Fichiers temporaires (Temporary files)
~ Files: 540 Legitimates Filtered in 02mn 16s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (UACReplaceDriver) .(...) - LEGACY_UACREPLACEDRIVER
~ Legacy: 95 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Opera.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [David - d29mc282.default-1350936067347] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.dat
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.exe
C:\Users\David\Downloads\pdfcrackerpro.exe
C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.dat
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.exe
C:\Users\David\Downloads\pdfcrackerpro.exe
~ Files: Scanned in 04mn 14s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BAE4B3BC2C11189EAAC9DDA3EDB7F697] [SPRF][29/04/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.90399C00F349EB42510266A1103D3C22] [SPRF][07/05/2012] (...) -- C:\ProgramData\hash.dat [32]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][01/03/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\David\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448]
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][24/04/2013] (...) -- C:\Users\David\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/04/2010] (...) -- C:\Users\David\AppData\Roaming\wklnhst.dat [0]
[MD5.0CD5F4C4C5DF15F307619429F4BBFAC4] [SPRF][14/03/2013] (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Users\David\Desktop\StarCraft-II-Setup-enGB.exe [54085656]
[MD5.61FB16B6016BCC9AA42E02F787DC87FC] [SPRF][26/01/2010] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1955384]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{23B83422-4EFD-4EE0-8F83-C9BC6831FDCA}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{B6840CFA-1F10-4748-9154-CA45E3CA7123}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{518F0D24-C76F-444F-B734-7708BF5AE9B4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{4927434E-F0A8-477B-BD2F-7D8B966BBD36}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{AC9C715D-7CC2-4D95-BF93-AD5910D38A53}C:\program files\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{1AC25D42-0889-4CCB-BD19-C3EE04F63717}C:\program files\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{919B97CF-A898-4917-9F96-517F03FF5C22}C:\program files\bittorrent\bittorrent.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "UDP Query User{9183A0CF-C765-49C9-8732-F46FBF513E00}C:\program files\bittorrent\bittorrent.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "TCP Query User{529430F4-A3C1-40B4-A1FF-CA071FC1E30F}C:\program files\bittorrent\bittorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "UDP Query User{893CF5CF-CD70-463C-AEB4-02844E0DE0A9}C:\program files\bittorrent\bittorrent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "{106A9620-853F-4C04-9C9D-CCA70C1A6791}" | In - Public - P6 - TRUE | .(.Pas de propri�taire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdqjswx.exe
O87 - FAEL: "{B5E7006B-71CF-474A-8483-F34BB297A3DE}" | In - Public - P17 - TRUE | .(.Pas de propri�taire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdqjswx.exe
O87 - FAEL: "TCP Query User{4E2BCB5C-B845-411A-BE9A-2A1F66F17BE1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\common files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "UDP Query User{A4380C70-B90C-47AD-BDDA-A1BAE4ED5410}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\common files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "TCP Query User{4B6A6019-EE20-46EF-B808-55ED4D678ACF}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.)
O87 - FAEL: "UDP Query User{0718EB92-2A5E-47FB-8441-6118C1A8AC64}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.)
O87 - FAEL: "TCP Query User{82CA3983-FFA0-4304-8B9F-FC16BDE545EC}C:\program files\telephone sur pc\telephonesurpc.exe" | In - Public - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\program files\telephone sur pc\telephonesurpc.exe
O87 - FAEL: "UDP Query User{3EDE54DC-A167-4285-989A-5B20A176D2AD}C:\program files\telephone sur pc\telephonesurpc.exe" | In - Public - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\program files\telephone sur pc\telephonesurpc.exe
O87 - FAEL: "{41C65187-637C-4BDF-B36F-C9E776966B99}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{9D4B3E4B-1279-4D71-A6C1-E8052A6F0E85}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "TCP Query User{DB11DC58-9F17-407E-8BF3-16680AF01305}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{2C8F4D33-35EB-4565-A2BB-FAC7811434CE}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "TCP Query User{2EBEAA34-F02B-4FAC-B1A4-B6B1F40EE9AA}C:\program files\mediaget\mediaget.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\mediaget\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "UDP Query User{B52A2D62-998A-49D8-B8F0-07191AED7AD7}C:\program files\mediaget\mediaget.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\mediaget\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "{1BBD729F-3E42-42C0-A997-C20D2BF6E470}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{FD9AEDEA-96D8-438C-9CB5-42500B043AFC}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "TCP Query User{DE1AB721-E081-4D50-BC5C-A94064FE1DF2}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "UDP Query User{FDF24FBD-2F9C-49EA-946F-076E6AC2F79C}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "TCP Query User{90AB2F95-F4CB-454B-AB2E-FC39CB13E546}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "UDP Query User{EC75ED54-01DF-4D22-BF4E-18F984D3191E}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "{24A503F8-950B-4BA8-A4E4-4D15D523E124}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{FEB2C1E2-BEC4-43E1-B86C-60AEF4D4AA82}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
~ Firewall: 419 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11668 - (23/04/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange
[HKLM\Software\Classes\Installer\Features\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Classes\Installer\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida =>Adware.SPointer
~ Additionnel Scan: 362151 Items scanned in 00mn 23s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "112C48061A10E464790A9077E221B205" . (.Moovida.) -- C:\windows\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe =>Adware.SPointer
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico
~ Update Products: 91 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 20/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Disabled 01/04/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe
SR - | Auto 15/09/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\windows\system32\dgdersvc.exe
SR - | Auto 01/05/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\windows\system32\FsUsbExService.exe
SS - | Auto 07/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 27/09/2011 295192 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 28/04/2009 94208 | (lxdqCATSCustConnectService) . (.Lexmark International, Inc..) - C:\windows\system32\spool\DRIVERS\W32X86\3\lxdqserv.exe
SR - | Auto 589824 | (lxdq_device) . (...) - C:\windows\system32\lxdqcoms.exe
SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 06/03/2012 3953632 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\windows\system32\GameMon.des
SR - | Auto 15/03/2013 634144 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 44312 | (OberonGameConsoleService) . (...) - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 20/12/2012 541760 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by David at 24/04/2013 10:08:51
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 nt!IofCallDriver[0x83440FC6] >> \Device\Harddisk0\DR0[0x875A3030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by David at 24/04/2013 10:08:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2766 Legitimates filtered by white list
End of the scan (650 lines in 08mn 02s)(8)
Run by David at 24/04/2013 10:00:51
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)
GCIE: Google Chrome v26.0.1410.64
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2BT4J
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1483.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7
---\\ System Optimizer
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (58% free)
System Restore: Activ� (Enable)
System drive C: has 16 GB (11%) free of 141 GB
---\\ Logged in mode
~ Computer Name: 35E59N8W
~ User Name: David
~ All Users Names: UpdatusUser, HomeGroupUser$, David, brid�, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\David\AppData\Roaming\
~ %Desktop% : C:\Users\David\Desktop\
~ %Favorites% : C:\Users\David\Favorites\
~ %LocalAppData% : C:\Users\David\AppData\Local\
~ %StartMenu% : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 16 Go of 141 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 50 Go of 141 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:30:16.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/144
~ Mes musiques (My Musics) : 121/269
~ Mes Videos (My Videos) : 1/99
~ Mes Favoris (My Favorites) : 1/379
~ Mes Documents (My Documents) : 8/7752
~ Mon Bureau (My Desktop) : 7/4394
~ Menu demarrer (Programs) : 1/90
~ Hidden Files: Scanned in 00mn 12s
---\\ Processus lanc�s
[MD5.015C6099859F1E646D658DE55AA8A2AA] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821472] [PID.504]
[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136] [PID.2080]
[MD5.091A0924AC02AE0A04F3D03BCCDE2712] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2246144] [PID.2104]
[MD5.A46796CCF032D35720347262998D1F90] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [835072] [PID.2112]
[MD5.E3735DC796E5183D63F35921B058934C] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800] [PID.2120]
[MD5.64F562F206E5474B9E01F8CD944770A6] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192] [PID.2848]
[MD5.3EE8375B1063CF4A0C4353123F4129C5] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280] [PID.3576]
[MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.496]
[MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.792]
[MD5.428F4A9D4CB5816030F88F3DD7595675] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.768]
[MD5.AF6A30EE63F360C85099137F0F64D031] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488] [PID.1548]
[MD5.5300552AC15F1A877C4B6BB6512AD1FD] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288] [PID.392]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.1532]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4124]
[MD5.61F5A23510D46FE7C02931604AFC8407] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe [149784] [PID.4532]
[MD5.316F1706417F82AF97D1E149A19E6D3E] - (.Logitech, Inc. - SetPoint User Interface (UNICODE).) -- C:\Program Files\Logitech\SetPointG\SetPointII.exe [453400] [PID.4992]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.224]
[MD5.88156BBA7DF86C9F4921FE098A7488D1] - (.Pas de propri�taire - Samsung Update Plus.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe [650920] [PID.0]
[MD5.AAE42F24B1510ADF8E7DE92085B8E67F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6971904] [PID.5076]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\prefs.js
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\howjsay.xml
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\urban-dictionary.xml
M3 - MFPP: Plugins - [David] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\d29mc282.default-1350936067347\searchplugins\wr-english-french.xml
P2 - FPN:Firefox Plugin Navigator . (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npDivxPlayerPlugin.dll
P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (.not file.)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 55 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: PROMT - {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} . (.PROMT Ltd. - PROMT for Internet Explorer.) -- C:\Program Files\PRMT9\PRMTIE\prmtie.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
~ BHO: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\BingExt.dll
O3 - Toolbar: Traducteur PROMT - [HKLM]{C7DDDD27-F303-42A5-B979-51559F7DC0F0} . (.PROMT Ltd. - PROMT for Internet Explorer.) -- C:\Program Files\PRMT9\PRMTIE\prmtie.dll
O3 - Toolbar: IE AdBlock - [HKLM]{BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - StartMen Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [UCam_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [KiesTrayAgent] Cl� orpheline
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-18\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [TELEPHONESURPCAGENT] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1072828290-3828818215-1948454868-1009\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-1072828290-3828818215-1948454868-1009\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive Setup.) -- C:\Program Files\Microsoft SkyDrive\SkyDriveSetup.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\windows\system32\WFS.exe
O4 - GS\Desktop: CyberLink DVD Suite.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe
O4 - GS\Desktop: CyberLink YouCam.lnk . (.CyberLink Corp. - CyberLink YouCam.) -- C:\Program Files\CyberLink\YouCam\YouCam.exe
O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\David\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Livephone.lnk . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
O4 - GS\QuickLaunch: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: Subtitle Workshop.lnk . (...) -- C:\Program Files\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: PDF Password Cracker Pro v2.0.lnk . (...) -- C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C199E5FB-A2D7-41FC-B47C-EB8233011906}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 04s
---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{23C779FB-BDE2-414D-9ED9-58DA1ADE351F}] (...) -- C:\Users\David\Downloads\IDoserSetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{24A73B48-FBD7-4326-9DAC-C669755490F1}] (...) -- C:\Users\David\Downloads\SteamInstall_French.msi" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3250748E-5AFB-4982-8E3B-2382512D6732}] (...) -- C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{41DB3752-585C-4E46-88E5-E84423241610}] (...) -- C:\Users\David\Desktop\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4509B611-F689-44AD-8FDF-F3520B4198D0}] (...) -- E:\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6818232F-6AED-4A1B-A9F1-F37D32A136D6}] (...) -- C:\Users\David\Downloads\SteamInstall_French.msi" (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9535C65C-A142-49F0-AE1C-F49E26CD6DDE}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A9F2412F-2D79-404E-87F6-E7EDDCF60171}] (...) -- C:\Users\David\Desktop\RegCleaner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AF766AE3-E0C3-4A99-85EC-CDE10139F56E}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B2C86D50-6A7D-417E-9FFF-DABECF32F655}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BC4F8FB9-5521-4C23-90D5-C6044F47DC11}] (...) -- C:\Users\David\Downloads\Video games\setup-base-all-beta.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BEDCD25B-BD02-466C-A921-93E80BF8D851}] (...) -- C:\Users\David\Downloads\portal-prelude-setup-1.1.5.exe (.not file.) [0]
[MD5.7C3CDAB15A6D6B8627E835852BBD2ED3] [APT] [{CEFF5DF1-151A-4025-9E0E-548858B987F3}] (.Apple Computer, Inc..) -- C:\windows\system32\QuickTime.cpl [323072]
[MD5.00000000000000000000000000000000] [APT] [{E2407D99-836E-4AC1-AE1C-6FDEA4C0F6A1}] (...) -- C:\Users\David\Downloads\dldof.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E39FCC1A-EFB8-4DD1-88EE-4D0447DF0F71}] (...) -- C:\Users\David\Desktop\tmnationseswc_175_to_179_setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E4A17348-4551-4801-9965-BF91FF4712CD}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ED88D6DF-776B-437B-881D-B2A0A8590488}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EFD90948-CC72-44A5-8CF8-A6568A99C9B3}] (...) -- C:\Users\David\Downloads\PROMT9_Standard_EngFra_EFE(1).exe (.not file.) [0]
[MD5.9C429B0B71263C805CA1505FB3D5C7D1] [APT] [{FCEEE03B-89AC-468F-90AA-73401A55ABA3}] (.Ripp-it Te@m.) -- C:\Program Files\Ripp-it_AM\Ripp-it_AM.exe [7502974]
[MD5.00000000000000000000000000000000] [APT] [{FE138B68-841D-40DC-A5F5-E2AE076506CA}] (...) -- C:\Program Files\EaseDic\EaseDic.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [dofus] (...) -- C:\Program Files\Dofus 2\app\UpLauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PROMT8_Professional_EngFra_EFE_trial] (...) -- C:\Users\David\Desktop\PROMT8_Professional_EngFra_EFE_trial.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [uacpass] (...) -- C:\Users\David\Desktop\uacpass.exe (.not file.) [0]
~ Scheduled Task: 43 Legitimates Filtered in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AMCap - (.No�l Danjou.) [HKLM] -- AMCap
O42 - Logiciel: Alliance of Valiant Arms - (...) [HKLM] -- Steam App 102700
O42 - Logiciel: Alt WAV MP3 WMA OGG Converter 7.3 - (.Nesoft Inc..) [HKLM] -- Alt WAV MP3 WMA OGG Converter 7.3_is1
O42 - Logiciel: D�sinstaller Raveille - (.Yolan Ch�riaux.) [HKLM] -- Raveille_is1
O42 - Logiciel: Freez Screen Video Capture v1.2 - (.www.smallvideosoft.com.) [HKLM] -- Freez Screen Video Capture v1.2_is1
O42 - Logiciel: HOMEFRONT Demo - (...) [HKLM] -- Steam App 55130
O42 - Logiciel: IE AdBlock - (.CatenaLogic.) [HKLM] -- IE AdBlock_is1
O42 - Logiciel: Lernout & Hauspie TruVoice American English TTS Engine - (...) [HKLM] -- tv_enua
O42 - Logiciel: Livephone application 2.5.6 - (.France Telecom R&D.) [HKLM] -- t�l�phone sur PC
O42 - Logiciel: Macro Wizard 4.1 - VsiSystems.com - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Mouse Recorder Pro 2.0.5.0 - (.Nemex Studios.) [HKLM] -- {889E44CE-435C-4D37-B302-A7E43339E5FA}_is1
O42 - Logiciel: Super Monday Night Combat - (...) [HKLM] -- Steam App 104700
O42 - Logiciel: SuperExec 4.4.1.347 - (.JCB.) [HKLM] -- {44DDD690-3D1B-4289-9BA3-FDFD61D7E11B}_is1
O42 - Logiciel: WebPlayer - (.Kreapixel.) [HKLM] -- {582E705F-1D5C-46E1-8FB7-DBE7BBDBA5CA} =>Adware.SocialSkinz
~ Logic: 183 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ACP]
[HKCU\Software\Blabbers ] =>PUP.Blabbers
[HKCU\Software\Ghost Control]
[HKCU\Software\LdShih]
[HKCU\Software\NecroSystems]
[HKCU\Software\Past Motion Interactive]
[HKCU\Software\eMule]
[HKLM\Software\Karos]
[HKLM\Software\Uber]
[HKLM\Software\jcb]
~ Key Software: 307 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/06/2010 - 13:59:59 - [15,650] ----D C:\Program Files\Alt WAV MP3 WMA OGG Converter
O43 - CFD: 22/10/2012 - 20:55:36 - [2,673] ----D C:\Program Files\IE AdBlock
O43 - CFD: 11/10/2010 - 05:17:30 - [0,520] ----D C:\Program Files\Macro Wizard 4.1
O43 - CFD: 11/10/2010 - 20:33:10 - [4,273] ----D C:\Program Files\Nemex
O43 - CFD: 17/08/2010 - 01:12:35 - [1,606] ----D C:\Program Files\Raveille
O43 - CFD: 22/05/2010 - 23:00:27 - [24,124] ----D C:\Program Files\Smallvideosoft
O43 - CFD: 02/03/2012 - 01:55:57 - [7,266] ----D C:\Program Files\SuperExec
O43 - CFD: 26/11/2011 - 00:16:07 - [42,482] ----D C:\Program Files\Telephone sur PC
O43 - CFD: 29/04/2012 - 12:17:34 - [0,133] ----D C:\Program Files\TranslateIt!
O43 - CFD: 18/02/2010 - 02:12:09 - [5,763] ----D C:\ProgramData\Dictionaries
O43 - CFD: 06/02/2010 - 20:48:31 - [5,763] ----D C:\ProgramData\EaseDic
O43 - CFD: 13/02/2011 - 19:12:01 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 18/02/2010 - 02:17:03 - [5,254] ----D C:\ProgramData\Fonts
O43 - CFD: 18/02/2010 - 02:16:43 - [0,000] ----D C:\ProgramData\RInfo
O43 - CFD: 07/09/2010 - 00:12:06 - [0,006] ----D C:\ProgramData\Vocaboly
O43 - CFD: 13/03/2013 - 18:49:09 - [0,280] ----D C:\Users\David\AppData\Roaming\Awesomium
O43 - CFD: 18/02/2010 - 02:40:35 - [25,910] ----D C:\Users\David\AppData\Roaming\EaseDic
O43 - CFD: 23/01/2012 - 15:33:54 - [24,110] ----D C:\Users\David\AppData\Roaming\LimeWire
O43 - CFD: 11/10/2010 - 20:33:14 - [0] ----D C:\Users\David\AppData\Roaming\Mouse Recorder Pro
O43 - CFD: 26/11/2011 - 00:16:20 - [0,010] ----D C:\Users\David\AppData\Roaming\Telephone sur PC
O43 - CFD: 29/04/2012 - 12:17:33 - [0] ----D C:\Users\David\AppData\Roaming\TranslateIt 8.1 build 3
O43 - CFD: 13/02/2011 - 19:11:44 - [0,025] ----D C:\Users\David\AppData\Local\eMule
O43 - CFD: 11/10/2010 - 20:33:27 - [0,003] ----D C:\Users\David\AppData\Local\Nemex
O43 - CFD: 15/05/2012 - 15:50:31 - [0,043] ----D C:\Users\David\AppData\Local\Nous
O43 - CFD: 01/04/2012 - 04:36:56 - [0,001] ----D C:\Users\David\AppData\Local\Sinvise Systems
O43 - CFD: 04/10/2012 - 17:35:15 - [0,002] ----D C:\Users\David\AppData\Local\Uber_Entertainment
O43 - CFD: 13/02/2010 - 22:29:57 - [0] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
O43 - CFD: 11/10/2010 - 05:17:06 - [0] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macro Wizard
O43 - CFD: 04/10/2012 - 17:34:08 - [0,000] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperMNC
~ 370 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 739 Legitimates Filtered in 00mn 18s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.6AA7B493481A1AA0E2043C9E24D25A38] - 24/04/2013 - 07:48:25 ---A- . (...) -- C:\Windows\System32\nvinfo.pb [13625]
O44 - LFC:[MD5.C0BBB99DEABFF462E10F1B452316573B] - 12/04/2013 - 22:02:55 ---A- . (...) -- C:\Windows\LkmdfCoInst.log [3572]
~ Files: 74 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.494D428FFF72325FCCBB0FB7BDBA2907] - 23/04/2013 - 13:46:35 ---A- - C:\Windows\Prefetch\LXDQCOMS.EXE-82629EA4.pf
O45 - LFCP:[MD5.9C9FC1B8147E099DB38E93306E869C66] - 23/04/2013 - 13:49:14 ---A- - C:\Windows\Prefetch\DMHKCORE.EXE-67EA6A45.pf
O45 - LFCP:[MD5.3914A3195A9E26D3F8BF86F12808E5CE] - 24/04/2013 - 07:53:24 ---A- - C:\Windows\Prefetch\SETPOINT.EXE-FC4D8CF6.pf
O45 - LFCP:[MD5.0013D6B1E8D18F892BD12DF0EFC13CA9] - 24/04/2013 - 08:23:18 ---A- - C:\Windows\Prefetch\SETPOINTII.EXE-25740653.pf
~ Prefetcher: 139 Legitimates Filtered in 00mn 01s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{f5ebcb01-da18-11df-aa2e-00245442326e}\AutoRun\command. (...) -- F:\ICM_ML.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\4Sync [Key] . (...) -- C:\Program Files\4Sync\4Sync.exe
O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O53 - SMSR:HKLM\...\startupreg\TELEPHONESURPCAGENT [Key] . (...) -- C:\Program Files\Telephone sur PC\TelephoneSurPCAgent.exe
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "LocalAccountTokenFilterPolicy"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 21/04/2013 - 20:12:48 ---A- C:\Users\David\Downloads\FHSetup.exe [264757]
O61 - LFC: 21/04/2013 - 20:19:10 ---A- C:\Users\David\Downloads\jre-7u21-windows-i586.exe [31666592]
O61 - LFC: 24/04/2013 - 07:39:30 ---A- C:\Users\David\Downloads\adwcleaner.exe [619461]
~ 20 Fichiers temporaires (Temporary files)
~ Files: 540 Legitimates Filtered in 02mn 16s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (UACReplaceDriver) .(...) - LEGACY_UACREPLACEDRIVER
~ Legacy: 95 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [David - d29mc282.default-1350936067347] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.dat
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.exe
C:\Users\David\Downloads\pdfcrackerpro.exe
C:\Program Files\PDF Password Cracker Pro v2.0\crackpdf.exe
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.dat
C:\Program Files\PDF Password Cracker Pro v2.0\unins000.exe
C:\Users\David\Downloads\pdfcrackerpro.exe
~ Files: Scanned in 04mn 14s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.BAE4B3BC2C11189EAAC9DDA3EDB7F697] [SPRF][29/04/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.90399C00F349EB42510266A1103D3C22] [SPRF][07/05/2012] (...) -- C:\ProgramData\hash.dat [32]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][01/03/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\David\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448]
[MD5.43C35081CE0AC367267C5916AB25A817] [SPRF][24/04/2013] (...) -- C:\Users\David\AppData\Local\Temp\vlc-2.0.6-win32.exe [22948790]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/04/2010] (...) -- C:\Users\David\AppData\Roaming\wklnhst.dat [0]
[MD5.0CD5F4C4C5DF15F307619429F4BBFAC4] [SPRF][14/03/2013] (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Users\David\Desktop\StarCraft-II-Setup-enGB.exe [54085656]
[MD5.61FB16B6016BCC9AA42E02F787DC87FC] [SPRF][26/01/2010] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1955384]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{23B83422-4EFD-4EE0-8F83-C9BC6831FDCA}C:\program files\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{B6840CFA-1F10-4748-9154-CA45E3CA7123}C:\program files\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "{518F0D24-C76F-444F-B734-7708BF5AE9B4}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{4927434E-F0A8-477B-BD2F-7D8B966BBD36}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{AC9C715D-7CC2-4D95-BF93-AD5910D38A53}C:\program files\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{1AC25D42-0889-4CCB-BD19-C3EE04F63717}C:\program files\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{919B97CF-A898-4917-9F96-517F03FF5C22}C:\program files\bittorrent\bittorrent.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "UDP Query User{9183A0CF-C765-49C9-8732-F46FBF513E00}C:\program files\bittorrent\bittorrent.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "TCP Query User{529430F4-A3C1-40B4-A1FF-CA071FC1E30F}C:\program files\bittorrent\bittorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "UDP Query User{893CF5CF-CD70-463C-AEB4-02844E0DE0A9}C:\program files\bittorrent\bittorrent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\bittorrent\bittorrent.exe (.not file.)
O87 - FAEL: "{106A9620-853F-4C04-9C9D-CCA70C1A6791}" | In - Public - P6 - TRUE | .(.Pas de propri�taire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdqjswx.exe
O87 - FAEL: "{B5E7006B-71CF-474A-8483-F34BB297A3DE}" | In - Public - P17 - TRUE | .(.Pas de propri�taire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdqjswx.exe
O87 - FAEL: "TCP Query User{4E2BCB5C-B845-411A-BE9A-2A1F66F17BE1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\common files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "UDP Query User{A4380C70-B90C-47AD-BDDA-A1BAE4ED5410}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\common files\nokia\service layer\a\nsl_host_process.exe (.not file.)
O87 - FAEL: "TCP Query User{4B6A6019-EE20-46EF-B808-55ED4D678ACF}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.)
O87 - FAEL: "UDP Query User{0718EB92-2A5E-47FB-8441-6118C1A8AC64}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\nokia\nokia software updater\nsu_ui_client.exe (.not file.)
O87 - FAEL: "TCP Query User{82CA3983-FFA0-4304-8B9F-FC16BDE545EC}C:\program files\telephone sur pc\telephonesurpc.exe" | In - Public - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\program files\telephone sur pc\telephonesurpc.exe
O87 - FAEL: "UDP Query User{3EDE54DC-A167-4285-989A-5B20A176D2AD}C:\program files\telephone sur pc\telephonesurpc.exe" | In - Public - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\program files\telephone sur pc\telephonesurpc.exe
O87 - FAEL: "{41C65187-637C-4BDF-B36F-C9E776966B99}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{9D4B3E4B-1279-4D71-A6C1-E8052A6F0E85}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "TCP Query User{DB11DC58-9F17-407E-8BF3-16680AF01305}C:\program files\emule\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{2C8F4D33-35EB-4565-A2BB-FAC7811434CE}C:\program files\emule\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\emule\emule.exe (.not file.)
O87 - FAEL: "TCP Query User{2EBEAA34-F02B-4FAC-B1A4-B6B1F40EE9AA}C:\program files\mediaget\mediaget.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\mediaget\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "UDP Query User{B52A2D62-998A-49D8-B8F0-07191AED7AD7}C:\program files\mediaget\mediaget.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\mediaget\mediaget.exe (.not file.) =>PUP.MediaGet
O87 - FAEL: "{1BBD729F-3E42-42C0-A997-C20D2BF6E470}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{FD9AEDEA-96D8-438C-9CB5-42500B043AFC}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "TCP Query User{DE1AB721-E081-4D50-BC5C-A94064FE1DF2}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "UDP Query User{FDF24FBD-2F9C-49EA-946F-076E6AC2F79C}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "TCP Query User{90AB2F95-F4CB-454B-AB2E-FC39CB13E546}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "UDP Query User{EC75ED54-01DF-4D22-BF4E-18F984D3191E}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\tmnationsforever\tmforever.exe
O87 - FAEL: "{24A503F8-950B-4BA8-A4E4-4D15D523E124}" | In - Domain - P6 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
O87 - FAEL: "{FEB2C1E2-BEC4-43E1-B86C-60AEF4D4AA82}" | In - Domain - P17 - TRUE | .(.France Telecom - Telephone Sur PC.) -- C:\Program Files\Telephone sur PC\TelephoneSurPC.exe
~ Firewall: 419 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.11668 - (23/04/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange
[HKLM\Software\Classes\Installer\Features\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Classes\Installer\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\112C48061A10E464790A9077E221B205] =>Adware.SPointer
[HKCU\AppEvents\Schemes\Apps\Explorer\Navigating\Old_Current] =>PUP.MediaFinder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida =>Adware.SPointer
~ Additionnel Scan: 362151 Items scanned in 00mn 23s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "112C48061A10E464790A9077E221B205" . (.Moovida.) -- C:\windows\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe =>Adware.SPointer
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico
~ Update Products: 91 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 20/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Disabled 01/04/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe
SR - | Auto 15/09/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\windows\system32\dgdersvc.exe
SR - | Auto 01/05/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\windows\system32\FsUsbExService.exe
SS - | Auto 07/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 27/09/2011 295192 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 28/04/2009 94208 | (lxdqCATSCustConnectService) . (.Lexmark International, Inc..) - C:\windows\system32\spool\DRIVERS\W32X86\3\lxdqserv.exe
SR - | Auto 589824 | (lxdq_device) . (...) - C:\windows\system32\lxdqcoms.exe
SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 06/03/2012 3953632 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\windows\system32\GameMon.des
SR - | Auto 15/03/2013 634144 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 44312 | (OberonGameConsoleService) . (...) - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
SR - | Auto 247152 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 28/03/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 20/12/2012 541760 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by David at 24/04/2013 10:08:51
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 nt!IofCallDriver[0x83440FC6] >> \Device\Harddisk0\DR0[0x875A3030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by David at 24/04/2013 10:08:53
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2766 Legitimates filtered by white list
End of the scan (650 lines in 08mn 02s)(8)