cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.6.1.2 par Nicolas Coolman, Update du 01/06/2013
Run by rg at 02/06/2013 15:20:24
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v27.0.1453.94 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.3640
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v4.01 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 21

---\\ System Information
~ Processor: x86 Family 15 Model 2 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1535 MB (73% free)
System Restore: Activ� (Enable)
System drive C: has 132 GB (88%) free of 149 GB

---\\ Logged in mode
~ Computer Name: PCRG-13E1E027BC
~ User Name: rg
~ All Users Names: UpdatusUser, SUPPORT_388945a0, rg, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\rg\Application Data\
~ %Desktop% : C:\Documents and Settings\rg\Bureau\
~ %Favorites% : C:\Documents and Settings\rg\Favoris\
~ %LocalAppData% : C:\Documents and Settings\rg\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\rg\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 132 Go of 149 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 29 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.3405104CE3F9B8CDCF5F5A23EC26E681] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/04/2013 - 23:16:49.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/7
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/234
~ Mon Bureau (My Desktop) : 0/3
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.9243229DFCCC99B5441750EBA49F1B14] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272] [PID.988]
[MD5.F31572C8035EEB5CFECFE406925EBADD] - (.eSafe Security Co., Ltd. - eSafe Security Control 1.0.0.2359.) -- C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe [360512] [PID.1728] =>PUP.eSafeSecurity
[MD5.897FFA00EEEC74208B766A37C5F2CDC1] - (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) -- C:\Program Files\WinZipper\winzipersvc.exe [424104] [PID.1852]
[MD5.1BFFBD98A6A16FF855B6AA8393A3661D] - (.IObit - Smart Defrag v2.) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe [1611584] [PID.244]
[MD5.60CAA8A76E0E101F4F42AA6598CA53F4] - (.IObit - Advanced SystemCare 6 Monitor.) -- C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe [720192] [PID.268]
[MD5.E4057DB9CD901E443D651C578FBCE603] - (.Pas de propri�taire - VIA_RaidTool MFC Application.) -- C:\Program Files\VIA\RAID\raid_tool.exe [2378352] [PID.1316]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.1328]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDLL32.exe [0] [PID.1360]
[MD5.6B08632F7634F344372B25A507DA7C47] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000] [PID.1408]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.1428]
[MD5.78185A1C861FA7AD6BE016D54D050119] - (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.1480]
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] - (.Innovative Apps - Savings Wave exe.) -- C:\Documents and Settings\rg\Local Settings\Application Data\Updater12765\Updater12765.exe [210312] [PID.1500] =>PUP.CrossRider
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1428]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.520]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.1044]
[MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.1100]
[MD5.55E823719F5F1795D7AE78D189A95CBA] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 320.1.) -- C:\WINDOWS\system32\nvsvc32.exe [156960] [PID.1692]
[MD5.A6CDD9E3288C9C11D204B8E2F98D0B61] - (...) -- C:\Program Files\VIA\RAID\vialogsv.exe [55920] [PID.2800]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.4004]
[MD5.9987636E1191907AB52F3A49FFB83393] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7431168] [PID.2736]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.1856]
[MD5.A9AFE5B0648C8D7A411A72D8222F7F6E] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592] [PID.2304]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\rg\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.qvo6.com =>Hijacker.Qvo6
G0 - GCSP: Preference [User Data\Default] http://www.qvo6.com =>Hijacker.Qvo6
G2 - GCE: Preference [User Data\Default] [ambfimhigppdidfmelpjmojccbfdoeig] Beautiful landscape v.1 (Activ�)
G2 - GCE: Preference [User Data\Default] [gggpfgbncdijopafhadglgjglomiaoba] WallpaperBackgrounds | Fonds D'�cran Gratuits v.1.1.0.0 (Activ�)
G2 - GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Activ�) =>PUP.CrossRider
~ Google Browser: 12 Legitimates Filtered in 00mn 07s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com =>Hijacker.Qvo6
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 24



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0012765 - {11111111-1111-1111-1111-110111271165} . (.Innovative Apps - Savings Wave BHO.) -- C:\Program Files\Savings Wave\Savings Wave-bho.dll =>PUP.CrossRider
~ BHO: 4 Legitimates Filtered in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [VIARaidUtl] . (.Pas de propri�taire - VIA_RaidTool MFC Application.) -- C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKCU\..\Run: [Updater12765.exe] . (.Innovative Apps - Savings Wave exe.) -- C:\Documents and Settings\rg\Local Settings\Application Data\Updater12765\Updater12765.exe =>PUP.CrossRider
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1614895754-1425521274-1547161642-1010\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe
O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: V9 Portal Site - Mon Site Web - Le site le mieux et le plus complet de navigation des Etats-Unis!.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://en.v9.com
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368446760453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369582953000
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE2EEC2-D46F-4476-971F-1ECB5392FBE9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DE2EEC2-D46F-4476-971F-1ECB5392FBE9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6DE2EEC2-D46F-4476-971F-1ECB5392FBE9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: WinZiper service (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - C:\Program Files\WinZipper\winzipersvc.exe
~ Services: 11 Legitimates Filtered in 00mn 05s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\rg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\rg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Savings Wave - (.Innovative Apps.) [HKLM] -- Savings Wave =>PUP.CrossRider
O42 - Logiciel: eSafe Security Control 1.0.0.2359 - (.eSafe Security Co., Ltd..) [HKLM] -- eSafeSecControl =>PUP.eSafeSecurity
~ Logic: 48 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\SqueakyChocolate]
[HKLM\Software\V9]
[HKLM\Software\deskSvc]
~ Key Software: 113 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2013 - 14:36:58 - [0,008] ----D C:\Program Files\Desk 365 =>Hijacker.22Find
O43 - CFD: 02/06/2013 - 15:07:42 - [0,695] ----D C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 02/06/2013 - 14:35:54 - [4,485] ----D C:\Program Files\Savings Wave =>PUP.CrossRider
O43 - CFD: 02/06/2013 - 14:34:12 - [3,973] ----D C:\Documents and Settings\rg\Application Data\Desk 365 =>Hijacker.22Find
O43 - CFD: 02/06/2013 - 14:33:24 - [5,164] ----D C:\Documents and Settings\rg\Application Data\eIntaller
O43 - CFD: 22/05/2013 - 19:58:49 - [0,000] ----D C:\Documents and Settings\rg\Application Data\FreeTorrentViewer
O43 - CFD: 02/06/2013 - 13:15:23 - [0,356] ----D C:\Documents and Settings\rg\Application Data\OpenCandy =>Adware.OpenCandy
O43 - CFD: 02/06/2013 - 14:35:35 - [0,172] ----D C:\Documents and Settings\rg\Local Settings\Application Data\Savings Wave =>PUP.CrossRider
O43 - CFD: 02/06/2013 - 14:35:54 - [0,201] ----D C:\Documents and Settings\rg\Local Settings\Application Data\Updater12765 =>PUP.CrossRider
~ Program Folder: 97 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.105804FDDC961D6D1D131B296D51D413] - 02/06/2013 - 14:13:52 ----- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.C8EDD525246B81F36A7AE0594ECE3DFB] - 02/06/2013 - 14:13:51 ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.87074870AE168D1487B92A1F85F7C07C] - 02/06/2013 - 13:38:05 ---A- . (...) -- C:\WINDOWS\system32\InstallUtil.InstallLog [918]
O44 - LFC:[MD5.3B7E26FA92BF1F9971A5310B5C5A793F] - 02/06/2013 - 13:27:54 ---A- . (...) -- C:\WINDOWS\system32\nvAppTimestamps [5792]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/06/2013 - 12:19:44 ---A- . (...) -- C:\END [0]
O44 - LFC:[MD5.7560FF49EA0734813D88D181B86D2BF4] - 31/05/2013 - 22:39:31 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/06/2013 - 16:13:02 ----- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.5AAC0D9CE874CED14BC16E2F6887C449] - 29/05/2013 - 09:35:35 ---A- . (...) -- C:\WINDOWS\system32\sdkinst.log [3211]
O44 - LFC:[MD5.7F436E586ED98F4B84422422C53ED4F9] - 24/05/2013 - 17:38:43 ---A- . (...) -- C:\WINDOWS\system32\nvdrsdb0.bin [1091636]
O44 - LFC:[MD5.93B885ADFE0DA089CDF634904FD59F71] - 24/05/2013 - 17:38:43 ---A- . (...) -- C:\WINDOWS\system32\nvdrssel.bin [1]
O44 - LFC:[MD5.80A75C413036696FB381704AC7559918] - 24/05/2013 - 17:38:37 ---A- . (...) -- C:\WINDOWS\system32\nvdrsdb1.bin [1091636]
O44 - LFC:[MD5.245EC8A0CBB4245CC39E2556EE350847] - 24/05/2013 - 17:37:29 ---A- . (...) -- C:\WINDOWS\system32\nvinfo.pb [17363]
~ Files: 45 Legitimates Filtered in 00mn 51s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.DD8520280304B6145A6BE31008748C7C] - 24/09/2008 - 09:40:22 R--A- . (.Realtek Semiconductor Corp. - Realtek AC'97 Audio Driver (WDM).) -- C:\WINDOWS\system32\Drivers\alcxwdm.sys [4122368]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 02/06/2013 - C:\Program Files\WinZipper\winzipersvc.exe (winzipersvc) .(.Taiwan Shui Mu Chih Ching Technology Limite - update service.) - LEGACY_WINZIPERSVC
~ Legacy: 135 Legitimates Filtered in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe" http://www.qvo6.com =>Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2BEBDD25-ADCC-4883-95B3-E8E4EBF3C7FC} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {4EC53EB0-FD25-4F5C-AAAB-3CC949622E8D} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][30/05/2013] (...) -- C:\Documents and Settings\rg\Bureau\adwcleaner.exe [632031]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.12368 - (01/06/2013)
Cl�s trouv�es (Keys found) : 78
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 7
Fichiers trouv�s (Files found) : 0

[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\qvo6Software] =>Hijacker.Qvo6
[HKCU\Software\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio
[HKLM\SYSTEM\CurrentControlSet\Services\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\CrossriderApp0012765.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0012765.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220122272265}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
C:\Program Files\Iminent =>Adware.IMBooster
C:\Program Files\Desk 365 =>Hijacker.22find
C:\Program Files\Savings Wave =>PUP.CrossRider
C:\Documents and Settings\rg\Application Data\OpenCandy =>Adware.OpenCandy
C:\Documents and Settings\rg\Application Data\Desk 365 =>Hijacker.22find
C:\Documents and Settings\rg\Application Data\eIntaller =>PUP.eSafeSecurity
C:\Documents and Settings\rg\Local Settings\Application Data\Savings Wave =>PUP.CrossRider
~ Additionnel Scan: 96643 Items scanned in 00mn 19s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 02/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 24/05/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 24/05/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 02/06/2013 360512 | (eSafeSvc) . (.eSafe Security Co., Ltd..) - C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe =>PUP.eSafeSecurity
SS - | Auto 01/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 30/05/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 12/05/2013 156960 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/05/2013 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 55920 | (VRAID Log Service) . (...) - C:\Program Files\VIA\RAID\vialogsv.exe
SR - | Auto 02/06/2013 424104 | (winzipersvc) . (.Taiwan Shui Mu Chih Ching Technology Limite.) - C:\Program Files\WinZipper\winzipersvc.exe
~ Services: Scanned in 00mn 00s



~ 702 Legitimates filtered by white list
End of the scan (511 lines in 01mn 48s)(0)

Publicité


Signaler le contenu de ce document

Publicité