cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.15.37 - Nicolas Coolman (15/10/2013)
~ Lanc� par julie (15/10/2013 19:18:33)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 24.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy 1.5.2.20

---\\ Logiciels d'optimisation du syst�me

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 40

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2039 MB (64% free)
System Restore: Activ� (Enable)
System drive C: has 174 GB (71%) free of 244 GB

---\\ Mode de connexion au syst�me
~ Computer Name: THUILLIE-7F047D
~ User Name: julie
~ All Users Names: SUPPORT_388945a0, julie, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\julie\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\julie\Application Data\
~ %Desktop% : C:\Documents and Settings\julie\Bureau\
~ %Favorites% : C:\Documents and Settings\julie\Favoris\
~ %LocalAppData% : C:\Documents and Settings\julie\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\julie\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 174 Go of 244 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 117 Go of 128 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
~ Security Center: 33 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/2534
~ Mes musiques (My Musics) : 6/2339
~ Mes Videos (My Videos) : 2/27
~ Mes Favoris (My Favorites) : 1/41
~ Mes Documents (My Documents) : 2/7033
~ Mon Bureau (My Desktop) : 1/2218
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 25s



---\\ Processus lanc�s
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [45248] [PID.1904]
[MD5.7E94E567C1AA5ABE6174032B3DAB6C23] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712] [PID.828]
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.868]
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.892]
[MD5.A5937B2A94424CF1B13A4AD503AF6B2E] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1648]
[MD5.74B11ED06396C932FCC49519CA3D08EE] - (.Pas de propri�taire - Printer Communication System.) -- C:\WINDOWS\system32\lxebcoms.exe [598696] [PID.1984]
[MD5.EFEF22B9577E5051057FDE1AE381B50C] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.496]
[MD5.935471EC43505CB23DA16600562EE19A] - (.Tablet Driver - Tablet Service Driver.) -- C:\WINDOWS\System32\Drivers\WTSRV.exe [73728] [PID.1396]
[MD5.074FAE0B816FBA78F667B116303D31EB] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16844800] [PID.1208]
[MD5.F2E2AAD0EE3E886161A907F473A10B20] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [813912] [PID.2000]
[MD5.F4E7979D8ADEBEEDEAD33019A5BD52BF] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [849280] [PID.1340]
[MD5.4C784423B8F0DAE1392398356C9BE1FC] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [198160] [PID.180]
[MD5.F0431C490F124A8CC874163E6A38DD28] - (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe [221184] [PID.1616]
[MD5.FE6E15CC578C3278755CDDFF70C2787D] - (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe [217088] [PID.1936]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4767304] [PID.2052]
[MD5.AD64ADB9C72FCAB8E4C992528A9215FE] - (.Tablet Driver - Tablet Client Driver.) -- C:\WINDOWS\system32\WTClient.exe [32768] [PID.2192]
[MD5.4C53C44E7C20E65445037954DC3A6BA4] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.2352]
[MD5.D8F3B455D3FA4B40C9BF544F55647C19] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.2364]
[MD5.5574337F2FDCDEF9F32902FEBA1BEDEC] - (.Pas de propri�taire - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728] [PID.2384]
[MD5.F56197D5CBDCC6A87C242DC8B8EEEE34] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.2416]
[MD5.CE4AC8EF66F4622370FB3BE02F5AC2F4] - (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280] [PID.2432]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.2492]
[MD5.B9B7084F7DB3D1B036C0B9178472E96A] - (.Logicool - Logicool Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [20480] [PID.2580]
[MD5.A847B258D12B6D1BB124BD5DEBB05162] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728] [PID.2636]
[MD5.615B7F5A566FAE1755AEA828B427746E] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe [505152] [PID.2804]
[MD5.FE4F7AADAB104194D899E5B8B8B51CF0] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe [2363392] [PID.2824]
[MD5.A1E80D64FCD01CD6AD83CCC46051366F] - (.OpenOffice.org - OpenOffice.org 2.4.) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN [2580480] [PID.2844]
[MD5.70B68620C41C40580886B808FD7265DA] - (.Logitech Inc. - QuickCam Framework Server.) -- C:\Program Files\Logitech\Video\FxSvr2.exe [192512] [PID.3068]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [274840] [PID.3620]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17816] [PID.2008]
[MD5.72BE75AADEB890AE5BD8DEC30508F992] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8091648] [PID.3488]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] - (.Total Immersion - D'Fusion @Home Web Plug-In (2.20.10609.0).) -- C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Lexmark Barre d'outils - [HKLM]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} . (...) -- C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{1017A80C-6F09-4548-A84D-EDD6AC9525F0} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Bayam 3-7.lnk . (...) -- C:\Program Files\Bayam 3-7\Bayam 3-7.exe
O4 - GS\Program [AllUsers]: Installation du Contr�le Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Controle Parental\Controle_parental.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [julie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 18 Legitimates Filtered in 00mn 01s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Program [AllUsers]: Adobe Gamma Loader.lnk . (.Adobe Systems, Inc. - Adobe Gamma Loader.) -- C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - GS\Program [AllUsers]: Logitech Desktop Messenger.lnk . (.Logitech - LDM Configuration Application.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - GS\Program [AllUsers]: Wireless Connection Manager.lnk . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-131 revA\wirelesscm.exe
O4 - GS\Program [julie]: OpenOffice.org 2.4.lnk . (...) -- C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [Google Quick Search Box] . (.Google Inc. - Google Quick Search Box.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\WINDOWS\system32\LVCOMSX.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] . (.Logitech Inc. - Logitech QuickCam Startup Application.) -- C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] . (.Logitech Inc. - ImageStudio Tray Application.) -- C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [WTClient] . (.Tablet Driver - Tablet Client Driver.) -- C:\WINDOWS\system32\WTClient.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxebmon.exe] . (.Pas de propri�taire - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
O4 - HKLM\..\Run: [EzPrint] . (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] . (.Logicool - Logicool Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [LDM] . (.Logicool - Logicool Desktop Messenger.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [LogitechSoftwareUpdate] . (.Logitech Inc. - Logitech Software Update.) -- C:\Program Files\Logitech\Video\ManifestEngine.exe
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-1960408961-299502267-839522115-1003\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Cl� orpheline
O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Cl� orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.mappy.com
O15 - Trusted Zone: [HKCU\...\Domains] http.orange.fr
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ((no name)) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} ((no name)) - http://cid-4b1172761a07bf58.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} ((no name)) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} ((no name)) - http://www.starwarscomics.editionsatlas.fr/starwarscomics-realite-augmentee-2/plugin/DFusionHomeWebPlugIn.InstallerFull.exe
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A30098E-645F-4A05-88CF-21977E43F488}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A30098E-645F-4A05-88CF-21977E43F488}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{71DC724F-2594-43B4-AB3C-7336B83EFF11}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{4A30098E-645F-4A05-88CF-21977E43F488}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: lxeb_device (lxeb_device) . (.Pas de propri�taire - Printer Communication System.) - C:\WINDOWS\system32\lxebcoms.exe
O23 - Service: WinTab Service (WinTabService) . (.Tablet Driver - Tablet Service Driver.) - C:\WINDOWS\system32\Drivers\WTSRV.exe
~ Services: 12 Legitimates Filtered in 00mn 05s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\julie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\julie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: PixelToolbox 1.1 - (...) [HKLM] -- PixelToolbox 1.1
O42 - Logiciel: Remembrall - (...) [HKLM] -- Remembrall
~ Logic: 154 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\SkillEmpire]
[HKCU\Software\ToolbarCleaner]
[HKCU\Software\Yamago]
[HKCU\Software\Yves Ramon]
[HKCU\Software\yahoo]
[HKLM\Software\One Voice Technologies]
[HKLM\Software\blaxxun interactive]
~ Key Software: 302 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/01/2010 - 18:43:40 - [7,795] ----D C:\Program Files\AxiomX
O43 - CFD: 21/08/2010 - 16:27:22 - [0,088] ----D C:\Program Files\BGroom
O43 - CFD: 10/08/2011 - 14:42:15 - [0,022] ----D C:\Program Files\DinerDash2_at
O43 - CFD: 19/11/2008 - 20:59:17 - [1,617] ----D C:\Program Files\EuroThink
O43 - CFD: 22/02/2009 - 20:56:13 - [0,285] ----D C:\Program Files\NaviCave
O43 - CFD: 21/08/2010 - 16:26:41 - [0,377] ----D C:\Program Files\Play65
O43 - CFD: 11/10/2013 - 20:11:38 - [6,987] ----D C:\Program Files\Remembrall
O43 - CFD: 14/02/2008 - 18:07:01 - [31,486] ----D C:\Program Files\Yamago
O43 - CFD: 03/04/2010 - 13:17:57 - [0] ----D C:\Documents and Settings\julie\Application Data\iShell
~ Program Folder: 236 Legitimates Filtered in 00mn 37s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.0887AEE16267FB0285EB5C522D6A4C76] - 09/10/2013 - 19:51:46 ---A- . (...) -- C:\WINDOWS\cdplayer.ini [21307]
O44 - LFC:[MD5.F4320E41E90D36A9092191B9D96F15E7] - 10/10/2013 - 19:33:58 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1393]
O44 - LFC:[MD5.DC1E3D7F325BBA413C8BC216FFAEE8CF] - 10/10/2013 - 19:34:14 ---A- . (...) -- C:\WINDOWS\updspapi.log [3666]
O44 - LFC:[MD5.69E416E049218CE91A80E9A53D6602BE] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [37100]
O44 - LFC:[MD5.D0EFB0496A39315CE438DCEEA6C4690D] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [2550]
O44 - LFC:[MD5.A4A054695E60E2BBA4C295B29D1127E1] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\comsetup.log [12347]
O44 - LFC:[MD5.3BD40B9EE7DD1A7115C26602F17DD08A] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\iis6.log [40792]
O44 - LFC:[MD5.8C8CA3D7EB239F61D2D45DF95C6A87FD] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\imsins.log [1393]
O44 - LFC:[MD5.247512968CD1F1FAF7CC90F670790085] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1854]
O44 - LFC:[MD5.237C422B14696F0AE187E7F4E0B74014] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\msmqinst.log [11652]
O44 - LFC:[MD5.25F19C821DED640AC9966CA424F1443F] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\netfxocm.log [6498]
O44 - LFC:[MD5.2CFE66D0A3A9F1AD6D62243C37F15A51] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [7464]
O44 - LFC:[MD5.522B5677426AFEBC5B34EFBAE2E233DE] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\ocgen.log [17736]
O44 - LFC:[MD5.CE265E25BE87768AD44851B05B71ADE6] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\ocmsn.log [2052]
O44 - LFC:[MD5.00D0DD39C296D8791A857DB73622D3FB] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1866]
O44 - LFC:[MD5.FDEE5C39F2B72196CB7290EF30FA2637] - 10/10/2013 - 19:34:15 ---A- . (...) -- C:\WINDOWS\tsoc.log [16926]
O44 - LFC:[MD5.EAA79141BB09ECA37C36F1E764436CE9] - 15/10/2013 - 18:08:35 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.3C99C6F2CB200835096D85A7768DB04A] - 15/10/2013 - 18:08:35 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 43 Legitimates Filtered in 00mn 14s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\WINDOWS\Temp\NavBrowser.exe" [Enabled] .(...) -- C:\WINDOWS\Temp\NavBrowser.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dllcache\spoolms.exe" [Enabled] .(...) -- C:\WINDOWS\system32\dllcache\spoolms.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\InCrEG\pgsql\bin\postgres.exe" [Disabled] .(...) -- C:\InCrEG\pgsql\bin\postgres.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\InCrEG\jdk\bin\java.exe" [Enabled] .(...) -- C:\InCrEG\jdk\bin\java.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\julie\Local Settings\Temporary Internet Files\Content.IE5\A533JWDQ\PDFConverterSetup[1].exe" [Enabled] .(...) -- C:\Documents and Settings\julie\Local Settings\Temporary Internet Files\Content.IE5\A533JWDQ\PDFConverterSetup[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Warcraft III\Warcraft III.exe" [Enabled] .(...) -- C:\Program Files\Warcraft III\Warcraft III.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Warcraft III\War3.exe" [Enabled] .(...) -- C:\Program Files\Warcraft III\War3.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Diablo III\Diablo III.exe" [Enabled] .(...) -- C:\Program Files\Diablo III\Diablo III.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" [Enabled] .(...) -- C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe (.not file.)
~ Keys Export: 34 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.657A61979F40D67CA29716149766FFA7] - 06/03/2013 - 23:33:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 15/10/2013 - D:\NTACCESS.sys (NTACCESS) .(...) - LEGACY_NTACCESS
O64 - Services: CurCS - 15/10/2013 - D:\NTGLM7X.sys (SetupNTGLM7X) .(...) - LEGACY_SETUPNTGLM7X
O64 - Services: CurCS - 23/09/2009 - C:\WINDOWS\system32\Drivers\WTSRV.exe (WinTabService) .(.Tablet Driver - Tablet Service Driver.) - LEGACY_WINTABSERVICE
~ Legacy: 142 Legitimates Filtered in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {88e710b5-783d-49d1-8e26-4674d090a941} - (Searcheo) - http://www.searcheo.fr =>Hijacker.Searcheo
O69 - SBI: SearchScopes [HKCU] {9B6103C1-F818-48a8-9683-314055BE6075} - (MyStart Rechercher) - http://mystart.hiyo.com =>Spyware.VMNToolbar
O69 - SBI: SearchScopes [HKCU] {B65D0A39-C666-46BD-9434-041B346515E4} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D23A21D3-1852-4061-BC2B-38FBF99BF2EE} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {20F031AD-3E85-422C-80EB-3F5FC675F00D} - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {20F031AD-3E85-422C-80EB-3F5FC675F00D} - (Live Search) - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.32EF0E3BEE85EC7ED86C9EB6A63E28CD] [SPRF][29/11/2009] (...) -- C:\Documents and Settings\julie\Application Data\mdbu.bin [278275]
[MD5.026854E15A2ABBE797BB37FC21DE93E7] [SPRF][07/10/2013] (.Visicom Media Inc. - Toolbar Cleaner installer..) -- C:\Documents and Settings\julie\Bureau\toolbarcleaner_setup.exe [763744] =>Adware.ToolbarCleaner
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][07/12/2004] (...) -- C:\WINDOWS\Downloaded Program Files\bdcore.dll [32]
[MD5.298068536300DA6DC163E394797A7C50] [SPRF][25/05/2006] (...) -- C:\WINDOWS\Downloaded Program Files\bdupd.dll [118784]
[MD5.A2B9047463F1297403DEC0DE4DF2298A] [SPRF][26/09/2008] (.eBay, Inc. - EPUWALControl Module.) -- C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll [3204368]
[MD5.1CAB87DE6638846FBF51F32B5D95E482] [SPRF][25/05/2006] (...) -- C:\WINDOWS\Downloaded Program Files\ipsupd.dll [53248]
[MD5.18075B2C9F0F300BEE209744A8BEC353] [SPRF][07/12/2004] (...) -- C:\WINDOWS\Downloaded Program Files\libfn.dll [32]
~ Files: 11 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.629C803BFBCE95AC1D8BEB3EB5EFED36] [WIS][05/08/2013] (.Bayard Presse S.A - Bayam 3-7.) -- C:\Windows\Installer\383b9.msi [35328]
[MD5.59A9088E0A06A807D66BF0A71690692C] [WIS][19/11/2009] (.Madison Media Software - Vegas Movie Studio Platinum 7.0.) -- C:\Windows\Installer\55fb05.msi [5285888]
~ WIS: 56 Legitimates Filtered in 00mn 02s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 14/02/2008 68096 | (Adobe LM Service) . (...) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/06/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.exe
SS - | Auto 24/10/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 24/10/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 24/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 24/09/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Auto 14/04/2010 193192 | (lxebCATSCustConnectService) . (.Lexmark International, Inc..) - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxebserv.exe
SR - | Auto 14/04/2010 598696 | (lxeb_device) . (...) - C:\WINDOWS\system32\lxebcoms.exe
SS - | Demand 10/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 08/06/2006 208896 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 22/04/2011 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 23/09/2009 73728 | (WinTabService) . (.Tablet Driver.) - C:\WINDOWS\system32\Drivers\WTSRV.exe
~ Services: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : 12948 - (15/10/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

[HKLM\Software\Classes\CLSID\{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{88e710b5-783d-49d1-8e26-4674d090a941}] =>Hijacker.YouGoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Documents and Settings\julie\Bureau\toolbarcleaner_setup.exe =>Adware.ToolbarCleaner^
~ Additionnel Scan: 251612 Items scanned in 00mn 24s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/30956590-hijacker-searcheo =>Hijacker.Searcheo
~ http://nicolascoolman.webs.com/apps/blog/show/27985391-spyware-vmntoolbar =>Spyware.VMNToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/33105275-adware-toolbarcleaner =>Adware.ToolbarCleaner
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/28911851-hijacker-yougoo =>Hijacker.YouGoo
~ MSI: 6 link(s) detected in 00mn 25s



~ 1166 Legitimates filtered by white list
End of the scan (536 lines in 02mn 08s)(0)

Publicité


Signaler le contenu de ce document

Publicité