cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.6.7.12 par Nicolas Coolman, Update du 07/06/2013
Run by Admin at 08/06/2013 11:12:30
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : WY2X2
Windows License : OK
~ Windows Remaining Initializations Number : 5
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ System Optimizer
CCleaner v4.00 =>Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 21

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1960 MB (51% free)
System Restore: Activ� (Enable)
System drive C: has 421 GB (90%) free of 466 GB

---\\ Logged in mode
~ Computer Name: ADMIN-PC
~ User Name: Admin
~ All Users Names: Administrateur, Admin,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Admin\AppData\Roaming\
~ %Desktop% : C:\Users\Admin\HC Inventaire des dossiers moteurs du PC\Desktop\
~ %Favorites% : C:\Users\Admin\Favorites\
~ %LocalAppData% : C:\Users\Admin\AppData\Local\
~ %StartMenu% : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 421 Go of 466 Go)
D:\ CD-ROM drive (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
L:\ Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/208
~ Mon Bureau (My Desktop) : 2/17
~ Menu demarrer (Programs) : 0/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.66295B0D0FB2292C6D62904F5C3DE0B2] - (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.1704]
[MD5.095184B28B8414A6D2D09C1CE7C7B86F] - (.Orange - Executable Orange Inside.) -- C:\Users\Admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530520] [PID.1892]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.1836]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.1204]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] - (.Microsoft Corporation - Outil de notification de cadeaux MSN.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [183096] [PID.1932]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Tout sur la s�curit�\mbamgui.exe [532040] [PID.2060]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.2604]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.1352]
[MD5.01D92A226791867F2DED688F25271905] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400] [PID.3408]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.2104]
[MD5.BA58BE8F544B058C160E7CCDB7A6EA72] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7472128] [PID.3180]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1160]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1680]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.1836]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Tout sur la s�curit�\mbamscheduler.exe [418376] [PID.1948]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Tout sur la s�curit�\mbamservice.exe [701512] [PID.1224]
[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2784]
[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.3036]
[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3368]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://start.iminent.com =>Adware.IMBooster
G2 - GCE: Preference [User Data\Default] [mocblcnaofikinigmceddfghppkkjbog] Cool Smiley Bar for Facebook v.1.0.0.3 (D�sactiv�) =>Adware.SmileyBar
~ Google Browser: 8 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v3k8qwtb.default\prefs.js
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v3k8qwtb.default\user.js
M3 - MFPP: Plugins - [Admin] -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v3k8qwtb.default\searchplugins\bingp.xml
M0 - MFSP: prefs.js [Admin - v3k8qwtb.default] http://start.iminent.com =>Adware.IMBooster
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.offerbox.com =>PUP.OfferBox
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
O1 - Hosts: 0.0.0.0 boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.com =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.org =>Adware.Boxore
O1 - Hosts: 0.0.0.0 boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 www.boxore.net =>Adware.Boxore
O1 - Hosts: 0.0.0.0 dlmanager.com
O1 - Hosts: 0.0.0.0 www.dlmanager.com
O1 - Hosts: 0.0.0.0 dlmanager.org
O1 - Hosts: 0.0.0.0 www.dlmanager.org
O1 - Hosts: 0.0.0.0 dlmanager.net
O1 - Hosts: 0.0.0.0 www.dlmanager.net
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 33



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ToolbarOrange.InitToolbarBHO [64Bits] - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.)
O2 - BHO: RoboForm BHO [64Bits] - {724d43a9-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
~ BHO: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
O3 - Toolbar: avast! EasyPass Toolbar [64Bits] - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files (x86)\Accelerer PC\PCSUNotifier.exe (.not file.) =>Rogue.PCSpeedUp
O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.exe
O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [EPSON Stylus DX7400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [PCSpeedUp] C:\Program Files (x86)\Accelerer PC\PCSUNotifier.exe (.not file.) =>Rogue.PCSpeedUp
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [Orange Installer] . (...) -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [EPLTarget\P0000000000000001] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-4284402399-1168880800-77002223-1000\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\TaskBar: Microsoft Excel 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
O4 - GS\TaskBar: Microsoft Office Client Virtualization Handler.lnk . (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.exe
O4 - GS\TaskBar: Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Favoris - Centre d'aide Barre�d'outils�Google.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: France - Doubs -Venise - 30 rue Jean Moulin - Google Maps.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Programs: Google Chrome _ cr�ez un raccourci sur le Bureau.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Horloge.lnk . (...) -- C:\Program Files (x86)\Horloge\Horloge.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe
O4 - GS\QuickLaunch: MoneyManagerEX.lnk . (...) -- J:\MoneyManagerEX\bin\mmex.exe (.not file.)
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Remplir les formulaires [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Enregistrer les formulaires [64Bits] - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Barre avast! EasyPass [64Bits] - {724d43aa-0d85-11d4-9908-00400523e39a} . (.AVAST Software - avast! EasyPass Main Module.) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{425F6616-573D-4D7B-B44B-E88BADBF954A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{425F6616-573D-4D7B-B44B-E88BADBF954A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{425F6616-573D-4D7B-B44B-E88BADBF954A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\PC SpeedUp Service Deactivator.job [344]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Admin\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [EPUpdater] (...) -- C:\Users\Admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PC SpeedUp Service Deactivator] (...) -- C:\Program Files (x86)\Accelerer PC\PCSUSD.exe (.not file.) [0] =>Rogue.PCSpeedUp
[MD5.00000000000000000000000000000000] [APT] [Updater12767.exe] (...) -- C:\Users\Admin\AppData\Local\Updater12767\Updater12767.exe (.not file.) [0] =>PUP.CrossRider
~ Scheduled Task: 21 Legitimates Filtered in 00mn 01s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Accelerer PC - (.Speedchecker Limited.) [HKLM][64Bits] -- PCSU-SL_is1 =>Rogue.PCSpeedUp
O42 - Logiciel: Fran�ais enrichi version 2011.09.25 - (.Denis Li�geois (mailto:denis.liegeois@neottia.net).) [HKLM][64Bits] -- {641F9E67-B5D1-4F42-89E9-E9A8323FD32F}
O42 - Logiciel: Horloge 3.0.0.0 - (.Thierry COTEN.) [HKLM][64Bits] -- Horloge_is1
O42 - Logiciel: PC Registry Shield - (.ShieldApps.) [HKLM][64Bits] -- PC Registry Shield_is1 =>Rogue.PCRegistryShield
~ Logic: 57 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\LyricStar] =>Adware.AddLyrics
[HKCU\Software\Duuqu] =>Toolbar.DeltaSearch
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\DomaIQ] =>Toolbar.DomaIQ
[HKLM\Software\Wow6432Node\Duuqu] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
~ Key Software: 167 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/11/2012 - 12:40:33 - [0] ----D C:\Users\Admin\AppData\Roaming\Marine Aquarium Lite
~ Program Folder: 161 Legitimates Filtered in 00mn 33s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.64EC14BBFCD21D6AE6AF823A9A0071AA] - 02/06/2013 - 07:51:15 ---A- - C:\Windows\Prefetch\IMINENT.EXE-239E2AD1.pf =>Adware.IMBooster
O45 - LFCP:[MD5.3CA48106A7AF7416BA4DBD09D6844ABD] - 03/06/2013 - 17:11:33 ---A- - C:\Windows\Prefetch\UMBRELLA.EXE-9B266DB9.pf
O45 - LFCP:[MD5.5AB220F040C4049A75C9B220921DC2DD] - 06/06/2013 - 06:09:11 ---A- - C:\Windows\Prefetch\FRAMEFOX.EXE-222E5E8B.pf
O45 - LFCP:[MD5.CC3F2749652DDC7F0921ABF1273A180D] - 06/06/2013 - 06:09:11 ---A- - C:\Windows\Prefetch\IMINENT.MESSENGERS.EXE-C7B6CC1B.pf =>Adware.IMBooster
O45 - LFCP:[MD5.6A7CF9B52F934BD30DA0E8F2AB503FC4] - 06/06/2013 - 21:45:15 ---A- - C:\Windows\Prefetch\PCSUUCC.EXE-9E574FB4.pf
O45 - LFCP:[MD5.473D7D38C0EF3F8194CD3C80ED8DBD41] - 07/06/2013 - 07:36:05 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-CA3B5323.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.3F318CFF0F7C5C5DBC6903967A97ACC4] - 07/06/2013 - 09:54:09 ---A- - C:\Windows\Prefetch\ROBOTASKBARICON.EXE-20C79AF5.pf
O45 - LFCP:[MD5.5B065CD5DE24EC60C096133A1C8BC762] - 07/06/2013 - 10:11:13 ---A- - C:\Windows\Prefetch\27.0.1453.110_CHROME_INSTALLE-0B69DCCF.pf
O45 - LFCP:[MD5.D527C82EF1B17EA2A089476C454808C3] - 07/06/2013 - 14:37:02 ---A- - C:\Windows\Prefetch\UPDATER12767.EXE-9DE2EC10.pf
O45 - LFCP:[MD5.EA8539710B42AE2AF72BC10477035206] - 07/06/2013 - 18:19:44 ---A- - C:\Windows\Prefetch\PCSUSD.EXE-9120E8F8.pf
O45 - LFCP:[MD5.1E8C51351D9335D0DA847078DF35B63F] - 07/06/2013 - 19:34:52 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-6E727E4C.pf =>Adware.Yontoo
~ Prefetcher: 119 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 07/06/2013 - 08:18:07 ---A- C:\Users\Admin\08 Jardinage\A010401 Achat des plants\Flore install�e (2012 et 2013).docx [19496]
O61 - LFC: 07/06/2013 - 09:37:53 ---A- C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268840]
O61 - LFC: 07/06/2013 - 10:24:50 ---A- C:\Users\Admin\Documents\Downloads\direct-telecharger_pour_googlechrome.exe [98704]
O61 - LFC: 07/06/2013 - 17:42:47 ---A- C:\Users\Admin\31Tout sur le Commune\31 - Commune de PSE\3108 Nouvelle num�rotation 28052013\Organismes � contacter.docx [20069]
O61 - LFC: 07/06/2013 - 20:18:41 ---A- C:\Users\Admin\Documents\Downloads\adwcleaner.exe [640135]
O61 - LFC: 07/06/2013 - 20:19:29 ---A- C:\Users\Admin\Documents\Downloads\AdwCleaner (1).exe [640135]
O61 - LFC: 07/06/2013 - 20:47:16 ---A- C:\Users\Admin\28 Fiches techniques (ordinateur)\281 Fiches techniques\AdwCleaner - Information.docx [17865]
O61 - LFC: 08/06/2013 - 10:12:30 ---A- C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State [35617]
~ 15 Fichiers temporaires (Temporary files)
~ 3 Fichiers cookies (Cookies files)
~ Files: 497 Legitimates Filtered in 00mn 56s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\Firefox.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {26328CB3-AA52-6FE7-598C-225DEFC1530B} - (Babylon) - http://search.babylon.com =>Toolbar.Babylon
O69 - SBI: SearchScopes [HKCU] {3E3544A8-2101-47DD-A5DB-98DE34422B71} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.9D5EE25C7544623B70618726FECB2F8A] [SPRF][21/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\1366573926itinstallerp.exe [2171648]
[MD5.7BB86C9BE39042DA4B13060C50CEC327] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\1366619609itinstallerp.exe [3149232]
[MD5.7BB86C9BE39042DA4B13060C50CEC327] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\1366619616itinstallerp.exe [3149232]
[MD5.7BB86C9BE39042DA4B13060C50CEC327] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\1366619691itinstallerp.exe [3149232]
[MD5.7BB86C9BE39042DA4B13060C50CEC327] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\1366619801itinstallerp.exe [3149232]
[MD5.FC628041F4B6BDC67CB0984710E4AB1C] [SPRF][22/04/2013] (.Microsoft Corporation - Programme d�installation Windows Internet Explorer 9.) -- C:\Users\Admin\AppData\Local\Temp\224889-659887-internet-explorer-9.exe [36967728]
[MD5.57184DC9CC12566012452A47FB63B83D] [SPRF][08/05/2013] (.Setup � - Setup.) -- C:\Users\Admin\AppData\Local\Temp\24631uninstall.exe [410624]
[MD5.7ED4B76E0BC854386B30A3CD7B41C6D0] [SPRF][21/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\80615-82786-flv-media-player.exe [6836884]
[MD5.75F23CE9AE14037CBFE95F69A9BFCFC5] [SPRF][22/04/2013] (.Pas de propri�taire - Auto Lyrics.) -- C:\Users\Admin\AppData\Local\Temp\addlyrics.exe [253922] =>Adware.AddLyrics
[MD5.34928768A32DD3B644CBF740DE73183B] [SPRF][08/05/2013] (.PC Health Labs - PC Health Kit.) -- C:\Users\Admin\AppData\Local\Temp\air26E.exe [3629968] =>PUP.DealPly
[MD5.DE3479E75AA8408F772A4810D4F95B52] [SPRF][08/05/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\airA726.exe [73816]
[MD5.CE755676AE6D27A1EFEEFB0F3C70A929] [SPRF][28/04/2013] (.Ask.com - AskStub Application.) -- C:\Users\Admin\AppData\Local\Temp\APNStub.exe [358600]
[MD5.6360CADC6A11CB4FFE04ABC250F1A841] [SPRF][08/05/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\BackupSetup.exe [10380896]
[MD5.43F3EFAD86C15749AA2B6D71C2814C5F] [SPRF][22/04/2013] (.Uniblue Systems Ltd - Uniblue DriverScanner Setup.) -- C:\Users\Admin\AppData\Local\Temp\driverscanner.exe [5815952]
[MD5.58FB81B1EEE272D3767B2F154DCA27C7] [SPRF][23/04/2013] (.Pas de propri�taire - Lyric Star.) -- C:\Users\Admin\AppData\Local\Temp\happyl.exe [285488] =>Adware.AddLyrics
[MD5.48A7B6D1A4B519349E2D64E877A34BAC] [SPRF][13/04/2013] (.Microsoft Corporation - Installation �cran de veille MSN.) -- C:\Users\Admin\AppData\Local\Temp\Installation �cran de veille MSN.exe [174368]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\installerp.exe [0]
[MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Admin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104]
[MD5.1D99754A57A2FDD3E14EFCCB42D7A396] [SPRF][22/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\MixiDJToolbar.exe [885400] =>Toolbar.MixiDJ
[MD5.5A92350E43622FC6A03BC3449CB557D0] [SPRF][22/04/2013] (.Aedge Performance BCN SL - OfferBox setup.) -- C:\Users\Admin\AppData\Local\Temp\OB.exe [3435912] =>PUP.OfferBox
[MD5.0BC3C7D06C612B06363641A975950C58] [SPRF][15/04/2013] (.Pas de propri�taire - Installer.) -- C:\Users\Admin\AppData\Local\Temp\PC Performer43861.exe [622592] =>Rogue.PCPerformer
[MD5.5E2B7409E20694DC9B1A9A85327FF9E2] [SPRF][21/04/2013] (.Amonetize - Installer.) -- C:\Users\Admin\AppData\Local\Temp\setup__1492.exe [151584]
[MD5.0A061085491157DC00BA56ABE84CD9CD] [SPRF][21/04/2013] (.Amonetize - Installer.) -- C:\Users\Admin\AppData\Local\Temp\setup__1830.exe [156192]
[MD5.A6A8E061B69581A52D5E09B12B4A5A66] [SPRF][21/04/2013] (.Amonetize - Installer.) -- C:\Users\Admin\AppData\Local\Temp\setup__1935.exe [152608]
[MD5.EE9597B4AA13249E1B7F01346215A01B] [SPRF][21/04/2013] (.Amonetize - Installer.) -- C:\Users\Admin\AppData\Local\Temp\setup__2011.exe [152608]
[MD5.8BEAE7D3A488C018FEFFDA3FE9D7D4B9] [SPRF][22/04/2013] (.Uniblue Systems Ltd - SpeedUpMyPC Setup.) -- C:\Users\Admin\AppData\Local\Temp\speedupmypc.exe [6151872] =>Rogue SpeedUpMyPC
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][08/05/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.F3A10836603E03A28CAF404B29328F92] [SPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Admin\AppData\Local\Temp\uninst1.exe [394320] =>Toolbar.Babylon
[MD5.18BB65E7709E8CFDFB1F3E287893C282] [SPRF][05/05/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\uninstallkit.exe [97744]
[MD5.BCFAEE85EC74C624D660EF170D1FCEB5] [SPRF][15/04/2013] (...) -- C:\Users\Admin\AppData\Local\Temp\wajam_install.exe [493544] =>Toolbar.Wajam
~ Files: Scanned in 00mn 02s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{7ECAD834-FD80-4CFC-AF0C-8A004683F30D}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster
O87 - FAEL: "{F799EE0A-4ED9-4D56-BF00-977DCD961C4E}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster
~ Firewall: 212 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12437 - (07/06/2013)
Cl�s trouv�es (Keys found) : 52
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 7

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635] =>PUP.SweetIM
[HKLM\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420] =>PUP.SweetIM
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EAD96AE2CB1DE84BAA9425A8CCA0817] =>Adware.Boxore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim
[HKCU\Software\AppDataLow\Software\LyricStar] =>Adware.AddLyrics
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1] =>Rogue.PCSpeedUp
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PC Registry Shield_is1] =>Rogue.PCRegistryShield
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}] =>Toolbar.DeltaSearch
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog] =>Adware.SmileyBar
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272267}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156] =>PUP.SweetIM^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:PCSpeedUp =>Rogue.PCSpeedUp
C:\ProgramData\Software =>Adware.Boxore
C:\Users\Admin\AppData\Local\Software =>Adware.Boxore
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog =>Adware.SmileyBar
C:\Users\Admin\AppData\Local\Temp\OB.exe =>PUP.OfferBox
C:\Users\Admin\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\Admin\AppData\Local\Temp\wajam_install.exe =>Toolbar.Wajam
C:\Users\Admin\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\Admin\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
~ Additionnel Scan: 320969 Items scanned in 00mn 34s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SS - | Demand 14/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 11/12/2011 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe
SS - | Auto 21/04/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/04/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 14/04/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Tout sur la s�curit�\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Tout sur la s�curit�\mbamservice.exe
SS - | Demand 0 | (MozillaMaintenance) . (...) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Admin at 08/06/2013 11:15:45

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1596 Legitimates filtered by white list
End of the scan (555 lines in 03mn 15s)(0)

Publicité


Signaler le contenu de ce document

Publicité