Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2013.10.1.1 - Nicolas Coolman (30/09/2013)
~ Lanc� par MariVin's (01/10/2013 22:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v29.0.1547.76
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du syst�me
avast! Free Antivirus v8.0.1497.0
Windows Defender W7
---\\ Logiciels d'optimisation du syst�me
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Java 7 Update 40
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4043 MB (47% free)
System Restore: Activ� (Enable)
System drive C: has 469 GB (68%) free of 684 GB
---\\ Mode de connexion au syst�me
~ Computer Name: MARIVINS-HP
~ User Name: MariVin's
~ All Users Names: MariVin's, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\MariVin's\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\MariVin's\AppData\Roaming\
~ %Desktop% : C:\Users\MariVin's\Desktop\
~ %Favorites% : C:\Users\MariVin's\Favorites\
~ %LocalAppData% : C:\Users\MariVin's\AppData\Local\
~ %StartMenu% : C:\Users\MariVin's\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 469 Go of 684 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Free 0 Go of 5 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 34 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 04:49:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.11/03/2011 - 07:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/9871
~ Mes musiques (My Musics) : 1/115
~ Mes Videos (My Videos) : 2/7
~ Mes Favoris (My Favorites) : 1/15
~ Mes Documents (My Documents) : 6/3760
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lanc�s
[MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968] [PID.1580]
[MD5.41D1214B86A06FD29423A797EBDA17E4] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1220]
[MD5.D59ABED205F424BD4C52419479930BE9] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296] [PID.1656]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3848]
[MD5.D8465C1AE6CE673E60045E16CFBC6E64] - (.Motorola Solutions, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1503824] [PID.3992]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe [1612920] [PID.3560]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3768]
[MD5.FDB2FB392B20797AF3F4ED9D7699938E] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2424]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1180]
[MD5.E7148BB584830E51AFD414CE9AEAE74C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.4508]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [274840] [PID.2836]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17816] [PID.5672]
[MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.5348]
[MD5.3C32D620BEA5CC151CE286690590AA88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8032768] [PID.5452]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1612]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1344]
[MD5.F630DD7564EBB7248A13B1CC774D9EA6] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.1744]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propri�taire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.1416]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2064]
[MD5.7C8DD5576695B3362202EF09B20C425E] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3574624] [PID.2124]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3084]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.580]
[MD5.983FC69644DDF0486C8DFEA262948D1A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4760]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4840]
[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1444]
[MD5.E040F0064D39F73BB4995D494F3DCBB8] - (.Hewlett-Packard Development Company L.P. - HP Connection Manager Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1071160] [PID.2996]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\MariVin's\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.searchgol.com =>Hijacker.SearchGol
~ Google Browser: 12 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\MariVin's\AppData\Roaming\Mozilla\Firefox\Profiles\hauklpye.default\prefs.js
C:\Users\MariVin's\AppData\Roaming\Mozilla\Firefox\Profiles\vpd10h1q.default\prefs.js (.not file.)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 92
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - GS\Desktop [Public]: Les�Sims��3�Animaux & Cie.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- C:\Program Files (x86)\Electronic Arts\Les Sims 3 Animaux & Cie\Game\Bin\Sims3Launcher.exe
O4 - GS\Desktop [Public]: NetBeans IDE 7.3.1.lnk . (.Oracle Corporation - NetBeans IDE.) -- C:\Program Files (x86)\NetBeans 7.3.1\bin\netbeans.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Program [Public]: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - GS\TaskBar [MariVin's]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\SendTo [MariVin's]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [MariVin's]: Audiograbber.lnk . (...) -- C:\Users\MariVin's\Music\audiograbber\audiograbber.exe
O4 - GS\Desktop [MariVin's]: Kies Air Discovery Service.lnk . (.Oracle Corporation - Java(TM) Web Start Launcher.) -- C:\Windows\SysWOW64\javaws.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 01s
---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MariVin's\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DriverTurbo] . (.Pas de propri�taire - DriverTurbo.) -- C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKCU\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. - HPCMDelayStart Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MariVin's\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [DriverTurbo] . (.Pas de propri�taire - DriverTurbo.) -- C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 8 Legitimates Filtered in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\IncrediMail]
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 235 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/09/2013 - 16:53:53 - [0,851] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 11/09/2012 - 21:20:20 - [1,132] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 25/04/2013 - 11:21:41 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 23/09/2013 - 15:56:05 - [1,063] ----D C:\Users\MariVin's\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
O43 - CFD: 29/07/2013 - 15:21:07 - [0] ----D C:\Users\MariVin's\AppData\Roaming\Reg
~ 226 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 467 Legitimates Filtered in 02mn 33s
---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0088e0c0-f6dd-11e1-b9d4-101f741b2d58}\AutoRun\command. (...) -- H:\iStudio.exe (.not file.)
O51 - MPSK:{12001546-2f97-11e1-8697-806e6f6e6963}\AutoRun\command. (.Electronic Arts - Autorun Application.) -- E:\Autorun.exe
O51 - MPSK:{3b4fe482-2463-11e3-a400-101f741b2d58}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 05s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3B783D08-D28C-43C3-A458-20E9DD26F36A} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {4B6618AA-55C1-48AE-806F-130FFA9EB15C} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {C6032E4B-F4D5-4B62-906B-55E7D90625AF} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche dans la cl� de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/07/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.1BE42EE5E0DFD8B190F889A013CA7D47] [SPRF][10/06/2013] (.DealPly Technologies Ltd. - DealPly.) -- C:\Users\MariVin's\AppData\Local\Temp\dp.exe [846368] =>PUP.DealPly
[MD5.9A8D0898E868B05DA3BDB4D8E74EEBD6] [SPRF][20/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\ICReinstall_KiesSetup.exe [667016]
[MD5.2B7CFEB1A0388AB0BDA3A77B3D6A6E12] [SPRF][10/06/2013] (.Pas de propri�taire - LyricsPal.) -- C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe [288672] =>Adware.AddLyrics
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe [110936] =>Toolbar.Conduit
[MD5.7D463428029CEADCC3B9B871ADDCD6F5] [SPRF][11/05/2013] (.SweetLabs,Inc. - Pokki.) -- C:\Users\MariVin's\AppData\Local\Temp\octB98D.tmp.exe [33796664]
[MD5.7539A29FEEAAE401A9806942BBF99BED] [SPRF][06/06/2013] (.SweetLabs,Inc. - Pokki.) -- C:\Users\MariVin's\AppData\Local\Temp\octC6C5.tmp.exe [44805472]
[MD5.DCE55F9EF42344C20E7D4B858D3712D7] [SPRF][10/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe [589768] =>Adware.PricePeep
[MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\Quarantine.exe [344601]
[MD5.F4E3DE7B4898E37652F39A06BC9591E3] [SPRF][08/05/2013] (.Conduit - Search Protect by Conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe [2824352] =>Toolbar.Conduit
[MD5.C98A2183D9FBD7A1D0AEDEFBF0822DC6] [SPRF][22/05/2013] (.Ask - Wrapper Application.) -- C:\Users\MariVin's\AppData\Local\Temp\setup.exe [4001416]
[MD5.83954C128100AD89746811E92C1B4BF6] [SPRF][28/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\setup_fsu_cid.exe [251299]
[MD5.AFE843667B8C01E4B0DA1BCB3AE0C1C2] [SPRF][10/04/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe [70192] =>Toolbar.Conduit
[MD5.85D4AB0939E2D92F4087772C16909BB5] [SPRF][10/04/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll [5071648] =>Toolbar.Conduit
[MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][10/04/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe [86816] =>Toolbar.Conduit
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe [340464] =>Toolbar.Babylon
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][10/06/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.D11C518043B93901A47FBD503F1DDF1D] [SPRF][23/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\uqnydo1m.dll [9216]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][21/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\utt4CD0.tmp.bat [77]
[MD5.5682236F5A6DF29E3294573BDAC11958] [SPRF][03/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\utt630F.tmp.exe [8194048]
[MD5.69D2894206516657B7A06EEEA5B917E5] [SPRF][10/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\vlc-2.0.2-win32.exe [22630361]
~ Files: 44 Legitimates Filtered in 00mn 35s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Demand 28/09/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 28/09/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 31/01/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/01/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 13/01/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 11/03/2011 297984 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 23/04/2013 3574624 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scan Additionnel (O88)
Database Version : 12932 - (30/09/2013)
Cl�s trouv�es (Keys found) : 10
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 4
Fichiers trouv�s (Files found) : 33
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Software =>Adware.Boxore
C:\Users\MariVin's\AppData\Local\Software =>Adware.Boxore
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals^
C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\dp.exe =>PUP.DealPly^
C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe =>Adware.AddLyrics^
C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe =>Adware.PricePeep^
C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\Vid-SaverUninstaller_1373827396.log =>Adware.VidSaver
~ Additionnel Scan: 324562 Items scanned in 00mn 23s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32816468-adware-bonanzadeals =>Adware.BonanzaDeals
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss =>Rootkit.TDSS
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ MSI: 15 link(s) detected in 00mn 23s
~ 1201 Legitimates filtered by white list
End of the scan (505 lines in 04mn 48s)(0)
~ Lanc� par MariVin's (01/10/2013 22:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 24.0 (Defaut)
GCIE: Google Chrome v29.0.1547.76
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du syst�me
avast! Free Antivirus v8.0.1497.0
Windows Defender W7
---\\ Logiciels d'optimisation du syst�me
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Java 7 Update 40
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4043 MB (47% free)
System Restore: Activ� (Enable)
System drive C: has 469 GB (68%) free of 684 GB
---\\ Mode de connexion au syst�me
~ Computer Name: MARIVINS-HP
~ User Name: MariVin's
~ All Users Names: MariVin's, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\MariVin's\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\MariVin's\AppData\Roaming\
~ %Desktop% : C:\Users\MariVin's\Desktop\
~ %Favorites% : C:\Users\MariVin's\Favorites\
~ %LocalAppData% : C:\Users\MariVin's\AppData\Local\
~ %StartMenu% : C:\Users\MariVin's\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 469 Go of 684 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Free 0 Go of 5 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 34 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 04:49:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.11/03/2011 - 07:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/9871
~ Mes musiques (My Musics) : 1/115
~ Mes Videos (My Videos) : 2/7
~ Mes Favoris (My Favorites) : 1/15
~ Mes Documents (My Documents) : 6/3760
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 16s
---\\ Processus lanc�s
[MD5.659474582C6E060DBD8FFFF97DC892C5] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968] [PID.1580]
[MD5.41D1214B86A06FD29423A797EBDA17E4] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1220]
[MD5.D59ABED205F424BD4C52419479930BE9] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296] [PID.1656]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.3848]
[MD5.D8465C1AE6CE673E60045E16CFBC6E64] - (.Motorola Solutions, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1503824] [PID.3992]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe [1612920] [PID.3560]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3768]
[MD5.FDB2FB392B20797AF3F4ED9D7699938E] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2424]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.1180]
[MD5.E7148BB584830E51AFD414CE9AEAE74C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.4508]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [274840] [PID.2836]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17816] [PID.5672]
[MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.5348]
[MD5.3C32D620BEA5CC151CE286690590AA88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8032768] [PID.5452]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1612]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.1344]
[MD5.F630DD7564EBB7248A13B1CC774D9EA6] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.1744]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propri�taire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.1416]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2064]
[MD5.7C8DD5576695B3362202EF09B20C425E] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3574624] [PID.2124]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.3084]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.580]
[MD5.983FC69644DDF0486C8DFEA262948D1A] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4760]
[MD5.D7E0BED3EA21D7BDDD410ADE51708D90] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4840]
[MD5.A678E5DDD974903DD71F503BDCACA218] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1444]
[MD5.E040F0064D39F73BB4995D494F3DCBB8] - (.Hewlett-Packard Development Company L.P. - HP Connection Manager Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [1071160] [PID.2996]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\MariVin's\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.searchgol.com =>Hijacker.SearchGol
~ Google Browser: 12 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\MariVin's\AppData\Roaming\Mozilla\Firefox\Profiles\hauklpye.default\prefs.js
C:\Users\MariVin's\AppData\Roaming\Mozilla\Firefox\Profiles\vpd10h1q.default\prefs.js (.not file.)
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 92
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - GS\Desktop [Public]: Les�Sims��3�Animaux & Cie.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- C:\Program Files (x86)\Electronic Arts\Les Sims 3 Animaux & Cie\Game\Bin\Sims3Launcher.exe
O4 - GS\Desktop [Public]: NetBeans IDE 7.3.1.lnk . (.Oracle Corporation - NetBeans IDE.) -- C:\Program Files (x86)\NetBeans 7.3.1\bin\netbeans.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Program [Public]: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - GS\TaskBar [MariVin's]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\SendTo [MariVin's]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [MariVin's]: Audiograbber.lnk . (...) -- C:\Users\MariVin's\Music\audiograbber\audiograbber.exe
O4 - GS\Desktop [MariVin's]: Kies Air Discovery Service.lnk . (.Oracle Corporation - Java(TM) Web Start Launcher.) -- C:\Windows\SysWOW64\javaws.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 01s
---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MariVin's\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DriverTurbo] . (.Pas de propri�taire - DriverTurbo.) -- C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKCU\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. - HPCMDelayStart Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe =>Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\MariVin's\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [DriverTurbo] . (.Pas de propri�taire - DriverTurbo.) -- C:\Program Files (x86)\DriverTurbo\DriverTurbo.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKUS\S-1-5-21-3922777432-989095338-2368192436-1000\..\Run: [EA Core] . (.Electronic Arts - EA Download Manager.) -- C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 8 Legitimates Filtered in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{14342E6C-96F9-494B-8367-12FFE7F59EC9}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\ForumerIT] =>Toolbar.Forumer
[HKCU\Software\IncrediMail]
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 235 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 23/09/2013 - 16:53:53 - [0,851] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 11/09/2012 - 21:20:20 - [1,132] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 25/04/2013 - 11:21:41 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 23/09/2013 - 15:56:05 - [1,063] ----D C:\Users\MariVin's\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
O43 - CFD: 29/07/2013 - 15:21:07 - [0] ----D C:\Users\MariVin's\AppData\Roaming\Reg
~ 226 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 467 Legitimates Filtered in 02mn 33s
---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0088e0c0-f6dd-11e1-b9d4-101f741b2d58}\AutoRun\command. (...) -- H:\iStudio.exe (.not file.)
O51 - MPSK:{12001546-2f97-11e1-8697-806e6f6e6963}\AutoRun\command. (.Electronic Arts - Autorun Application.) -- E:\Autorun.exe
O51 - MPSK:{3b4fe482-2463-11e3-a400-101f741b2d58}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 05s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65336]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3B783D08-D28C-43C3-A458-20E9DD26F36A} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {4B6618AA-55C1-48AE-806F-130FFA9EB15C} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {C6032E4B-F4D5-4B62-906B-55E7D90625AF} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche dans la cl� de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/07/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.1BE42EE5E0DFD8B190F889A013CA7D47] [SPRF][10/06/2013] (.DealPly Technologies Ltd. - DealPly.) -- C:\Users\MariVin's\AppData\Local\Temp\dp.exe [846368] =>PUP.DealPly
[MD5.9A8D0898E868B05DA3BDB4D8E74EEBD6] [SPRF][20/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\ICReinstall_KiesSetup.exe [667016]
[MD5.2B7CFEB1A0388AB0BDA3A77B3D6A6E12] [SPRF][10/06/2013] (.Pas de propri�taire - LyricsPal.) -- C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe [288672] =>Adware.AddLyrics
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][08/05/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe [110936] =>Toolbar.Conduit
[MD5.CBB0857B4E4C5D947A0933733F19AFFC] [SPRF][11/04/2013] (.Conduit - SP Usage Sender.) -- C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe [110936] =>Toolbar.Conduit
[MD5.7D463428029CEADCC3B9B871ADDCD6F5] [SPRF][11/05/2013] (.SweetLabs,Inc. - Pokki.) -- C:\Users\MariVin's\AppData\Local\Temp\octB98D.tmp.exe [33796664]
[MD5.7539A29FEEAAE401A9806942BBF99BED] [SPRF][06/06/2013] (.SweetLabs,Inc. - Pokki.) -- C:\Users\MariVin's\AppData\Local\Temp\octC6C5.tmp.exe [44805472]
[MD5.DCE55F9EF42344C20E7D4B858D3712D7] [SPRF][10/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe [589768] =>Adware.PricePeep
[MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\Quarantine.exe [344601]
[MD5.F4E3DE7B4898E37652F39A06BC9591E3] [SPRF][08/05/2013] (.Conduit - Search Protect by Conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe [2824352] =>Toolbar.Conduit
[MD5.C98A2183D9FBD7A1D0AEDEFBF0822DC6] [SPRF][22/05/2013] (.Ask - Wrapper Application.) -- C:\Users\MariVin's\AppData\Local\Temp\setup.exe [4001416]
[MD5.83954C128100AD89746811E92C1B4BF6] [SPRF][28/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\setup_fsu_cid.exe [251299]
[MD5.AFE843667B8C01E4B0DA1BCB3AE0C1C2] [SPRF][10/04/2013] (.Conduit - Search Protect by conduit.) -- C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe [70192] =>Toolbar.Conduit
[MD5.85D4AB0939E2D92F4087772C16909BB5] [SPRF][10/04/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll [5071648] =>Toolbar.Conduit
[MD5.943F313974A830D4634C73BEB8103F5E] [SPRF][10/04/2013] (.Conduit Ltd. - ToolbarHelper Application.) -- C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe [86816] =>Toolbar.Conduit
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe [340464] =>Toolbar.Babylon
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][10/06/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.D11C518043B93901A47FBD503F1DDF1D] [SPRF][23/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\uqnydo1m.dll [9216]
[MD5.CBF9C44A4C35599989CA8BDA97DDC586] [SPRF][21/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\utt4CD0.tmp.bat [77]
[MD5.5682236F5A6DF29E3294573BDAC11958] [SPRF][03/05/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\utt630F.tmp.exe [8194048]
[MD5.69D2894206516657B7A06EEEA5B917E5] [SPRF][10/06/2013] (...) -- C:\Users\MariVin's\AppData\Local\Temp\vlc-2.0.2-win32.exe [22630361]
~ Files: 44 Legitimates Filtered in 00mn 35s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SS - | Demand 28/09/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 28/09/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 31/01/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/01/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 13/01/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 22/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 11/03/2011 297984 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 23/04/2013 3574624 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 22/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scan Additionnel (O88)
Database Version : 12932 - (30/09/2013)
Cl�s trouv�es (Keys found) : 10
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 4
Fichiers trouv�s (Files found) : 33
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Software =>Adware.Boxore
C:\Users\MariVin's\AppData\Local\Software =>Adware.Boxore
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe =>Toolbar.Conduit^
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\ForumerIT] =>Toolbar.Forumer^
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals^
C:\Users\MariVin's\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\dp.exe =>PUP.DealPly^
C:\Users\MariVin's\AppData\Local\Temp\LyricsPal_1060-8101_v114.exe =>Adware.AddLyrics^
C:\Users\MariVin's\AppData\Local\Temp\nsn905A.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsn9ABC.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nss670F.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsvB924.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\nsx5222.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\pricepeep_130001_0101.exe =>Adware.PricePeep^
C:\Users\MariVin's\AppData\Local\Temp\SecondStepInstaller.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\SPStub.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\ToolbarHelper.exe =>Toolbar.Conduit^
C:\Users\MariVin's\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
C:\Users\MariVin's\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch^
C:\Users\MariVin's\AppData\Local\Temp\Vid-SaverUninstaller_1373827396.log =>Adware.VidSaver
~ Additionnel Scan: 324562 Items scanned in 00mn 23s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/32816468-adware-bonanzadeals =>Adware.BonanzaDeals
~ http://nicolascoolman.webs.com/apps/blog/show/32729139-toolbar-forumer =>Toolbar.Forumer
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss =>Rootkit.TDSS
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ MSI: 15 link(s) detected in 00mn 23s
~ 1201 Legitimates filtered by white list
End of the scan (505 lines in 04mn 48s)(0)