cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.18.46 - Nicolas Coolman (18/10/2013)
~ Lanc� par karen (18/10/2013 17:59:31)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC):


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v30.0.1599.69 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
avast! Free Antivirus v8.0.1497.0
Spybot - Search & Destroy v2.1.19

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.06 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 13 Stepping 8, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (55% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 33 GB (45%) free of 72 GB

---\\ Mode de connexion au syst�me
~ Computer Name: ACER-D18848DB56
~ User Name: karen
~ All Users Names: SUPPORT_388945a0, karen, HelpAssistant, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\karen\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\karen\Application Data\
~ %Desktop% : C:\Documents and Settings\karen\Bureau\
~ %Favorites% : C:\Documents and Settings\karen\Favoris\
~ %LocalAppData% : C:\Documents and Settings\karen\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\karen\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
C: Hard drive, Flash drive, Thumb drive (Free 33 Go of 72 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de S�curit� Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.1A5B88015B3823D31C5842DE0DBFE842] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/05/2012 - 16:06:36.) -- C:\WINDOWS\system32\wininet.dll [916992]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/6374
~ Mes musiques (My Musics) : 80/171
~ Mes Videos (My Videos) : 1/18
~ Mes Favoris (My Favorites) : 1/181
~ Mes Documents (My Documents) : 5/7618
~ Mon Bureau (My Desktop) : 2/72
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 06s



---\\ Processus lanc�s
[MD5.9330941C8F6DF417F6DBBE998DB6687E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1968]
[MD5.7B3F06CA6F927402D27EA6C64558E021] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [300544] [PID.176]
[MD5.7C98936A023F8F8EEC7A2926D070C684] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [169984] [PID.200]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.460]
[MD5.DFCBA58A26C6540CB398418A050FFFC3] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [155648] [PID.488]
[MD5.E278BA143188E6029555D70F291DDB6B] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [126976] [PID.512]
[MD5.46695588DB7A33DD7CA9D57E364311B3] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Arcade\PCMService.exe [49152] [PID.660]
[MD5.AB4B38078636325D076080ADD4F27727] - (.Pas de propri�taire - LaunchAp MFC Application.) -- C:\Program Files\Launch Manager\LaunchAp.exe [32768] [PID.668]
[MD5.288C5AD21FAB073B8BD8D1A825AEF85D] - (.Pas de propri�taire - Powerkey.) -- C:\Program Files\Launch Manager\PowerKey.exe [94208] [PID.684]
[MD5.B010BE710607359A5F763759563E27FF] - (.Wistron - HotkeyApp.) -- C:\Program Files\Launch Manager\HotkeyApp.exe [69632] [PID.692]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.712]
[MD5.D6236303D3B07127B3F13CCF012B3C39] - (.Pas de propri�taire - OSD MFC Application.) -- C:\Program Files\Launch Manager\OSDCtrl.exe [241664] [PID.724]
[MD5.A9DD91AACAC785A357E1616A5E8BFD1C] - (.acer Inc. - Monitor.) -- C:\Program Files\Acer\eRecovery\Monitor.exe [352256] [PID.748]
[MD5.D5D0CD6A04617A15C2DF76CD668FF540] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [77824] [PID.764]
[MD5.B325B814DF5668DE9C5304E87F1141A5] - (.Lexmark International Inc. - Supplies Monitor.) -- C:\WINDOWS\system32\LXSUPMON.exe [900096] [PID.840]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421776] [PID.1328]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.1312]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968] [PID.1400]
[MD5.09E9425AD8C61664A37ED84B8B58BDCF] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224] [PID.1512]
[MD5.D31398D4BB4907B517B6E784C2100C4A] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688] [PID.2696]
[MD5.BC0EA61246F8D940FBC5F652D337D6BD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [821648] [PID.3264]
[MD5.92D21BFA29BD6142BB8901576B23FF9B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099840] [PID.3184]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (D�sactiv�) =>Toolbar.Wajam
G2 - GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.25.10, (Activ�) =>PUP.CrossRider
~ Google Browser: 11 Legitimates Filtered in 00mn 26s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\prefs.js
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{4982D40A-C53B-4615-B15B-B5B5E98D167C} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
~ Global Startup: 10 Legitimates Filtered in 00mn 00s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Program [AllUsers]: Lancement rapide de Microsoft Office OneNote 2003.lnk . (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.exe
O4 - HKLM\..\Run: [preload] . (.Wistron - RunXMLPL.) -- C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PCMService] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files\Arcade\PCMService.exe
O4 - HKLM\..\Run: [LaunchAp] . (.Pas de propri�taire - LaunchAp MFC Application.) -- C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] . (.Pas de propri�taire - Powerkey.) -- C:\Program Files\Launch Manager\PowerKey.exe
O4 - HKLM\..\Run: [LManager] . (.Wistron - HotkeyApp.) -- C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] . (.Wistron - CtrlVol.) -- C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] . (.Pas de propri�taire - OSD MFC Application.) -- C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [eRecoveryService] . (.acer Inc. - Monitor.) -- C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [LXSUPMON] . (.Lexmark International Inc. - Supplies Monitor.) -- C:\WINDOWS\system32\LXSUPMON.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-79355474-364743085-55346321-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} ((no name)) - http://office.microsoft.com/sites/production/ieawsdc32.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} ((no name)) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342190180343
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_2_1_1.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ((no name)) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} ((no name)) - http://www.extrafilm.fr/ExtraFilmUploader6.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A198ECFC-48DA-4B72-BD5C-ADF7A74B6148}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A198ECFC-48DA-4B72-BD5C-ADF7A74B6148}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{A198ECFC-48DA-4B72-BD5C-ADF7A74B6148}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: LexBce Server (LexBceS) . (.Lexmark International, Inc. - LexBce Service.) - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 7 Legitimates Filtered in 00mn 05s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\karen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\karen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Pilotes lanc�s au d�marrage du syst�me (O41)
O41 - Driver: (Wbutton) . (. - .) - C:\WINDOWS\system32\drivers\Wbutton.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Shop-Up - (.Winportal.) [HKLM] -- Shop-Up =>PUP.CrossRider
O42 - Logiciel: SoftV90 Data Fax Modem with SmartCP - (...) [HKLM] -- CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025
~ Logic: 120 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AOLToolbar]
[HKCU\Software\FalcoAlaTalk]
[HKCU\Software\Kazaa]
[HKCU\Software\Shop-Up] =>PUP.CrossRider
[HKCU\Software\iPass]
[HKLM\Software\SurfExpress]
~ Key Software: 221 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/09/2013 - 11:54:32 - [3,800] ----D C:\Program Files\tuto4pc_fr_68 =>PUP.Eorezo
O43 - CFD: 16/10/2007 - 22:53:40 - [0,143] ----D C:\Program Files\TELE2
O43 - CFD: 19/01/2007 - 17:39:54 - [0,881] ----D C:\Program Files\Duran
O43 - CFD: 12/12/2005 - 19:42:40 - [0,010] ----D C:\Program Files\Talkway
O43 - CFD: 12/12/2005 - 20:50:22 - [1,228] ----D C:\Program Files\iPass
O43 - CFD: 29/12/2005 - 18:55:22 - [0,051] ----D C:\Program Files\REGSHAVE
O43 - CFD: 12/12/2005 - 19:42:42 - [0,059] ----D C:\Program Files\Fichiers communs\Talkway
O43 - CFD: 27/05/2011 - 20:34:42 - [0,003] ----D C:\Documents and Settings\All Users\Application Data\28148
O43 - CFD: 27/09/2013 - 22:58:40 - [27,641] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 12/12/2005 - 19:42:04 - [8,792] ----D C:\Documents and Settings\karen\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}
O43 - CFD: 16/10/2007 - 22:53:44 - [0] ----D C:\Documents and Settings\karen\Menu D�marrer\Programmes\TELE2
~ Program Folder: 175 Legitimates Filtered in 00mn 29s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.68C10E5C9EB82E9ED5026F8602B9E38B] - 13/10/2013 - 11:38:24 ---A- . (...) -- C:\WINDOWS\wmsetup.log [404]
O44 - LFC:[MD5.1560610AF8BC08938E7C59A0383441EA] - 18/10/2013 - 16:42:50 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.68374CA113D7B10C30DF600A834F57FF] - 18/10/2013 - 16:44:08 ---A- . (...) -- C:\WINDOWS\ComponentList.xml [97]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/10/2013 - 16:44:24 ----- . (...) -- C:\WINDOWS\system32\eRLog.ini [0]
O44 - LFC:[MD5.D61F9ABB1015C6F82759882D41DFBFED] - 18/10/2013 - 16:44:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 27 Legitimates Filtered in 00mn 41s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.EECB77E1FD078CCBC05A5F4EBB1E26BF] - 07/10/2013 - 22:47:02 ---A- - C:\WINDOWS\Prefetch\SHOP-UP-ENABLER.EXE-26C3DC57.pf =>PUP.CrossRider
O45 - LFCP:[MD5.50B8C4FF7FEA2715F425FF326937EE8F] - 13/10/2013 - 12:16:10 ---A- - C:\WINDOWS\Prefetch\CTRLVOL.EXE-2EC214AF.pf
O45 - LFCP:[MD5.D0ACD1D0CB9E2104F15EBFF015258B26] - 17/10/2013 - 22:46:04 ---A- - C:\WINDOWS\Prefetch\SHOP-UP-FIREFOXINSTALLER.EXE-07348188.pf =>PUP.CrossRider
O45 - LFCP:[MD5.4449D90560080A5E1AFDCBEA5B9DFB68] - 18/10/2013 - 16:40:26 ---A- - C:\WINDOWS\Prefetch\CHOICE.DAT-1E20B7B9.pf
O45 - LFCP:[MD5.706F8860160F5C9ECB97AA948C901886] - 18/10/2013 - 16:40:26 ---A- - C:\WINDOWS\Prefetch\JRT.EXE-27D7A3F1.pf
O45 - LFCP:[MD5.0AB780E0467F9111E402E553F077075E] - 18/10/2013 - 16:45:24 ---A- - C:\WINDOWS\Prefetch\MBRWRWIN.EXE-116CF276.pf
O45 - LFCP:[MD5.60F110E167158ECA180400939C280EB5] - 18/10/2013 - 16:45:56 ---A- - C:\WINDOWS\Prefetch\JRT(1).EXE-2A5DB743.pf
O45 - LFCP:[MD5.BB524D8C8F0C2547C6A8FE2419DD8160] - 18/10/2013 - 16:46:10 ---A- - C:\WINDOWS\Prefetch\WGET.DAT-3451320E.pf
O45 - LFCP:[MD5.E8C2E225F57FF9201322AAF9D0419C3C] - 18/10/2013 - 16:53:52 ---A- - C:\WINDOWS\Prefetch\NIRCMD.DAT-033E1832.pf
O45 - LFCP:[MD5.6E0F92DF426B4C3DF51ECB4DFB1225A9] - 18/10/2013 - 16:53:54 ---A- - C:\WINDOWS\Prefetch\FIND.EXE-0EEAD1A7.pf
O45 - LFCP:[MD5.9A6B7BC95DFAE0725560AACD9A3971DA] - 18/10/2013 - 16:55:12 ---A- - C:\WINDOWS\Prefetch\CUT.DAT-2146F048.pf
O45 - LFCP:[MD5.BF780844B711EA66BD31FFD7D57B029C] - 18/10/2013 - 16:55:12 ---A- - C:\WINDOWS\Prefetch\FC.EXE-077B7FB3.pf
O45 - LFCP:[MD5.4072BF5B43AF0AB52B3D686A34A3C4BF] - 18/10/2013 - 16:55:38 ---A- - C:\WINDOWS\Prefetch\SED.DAT-287EB831.pf
O45 - LFCP:[MD5.7DC645D21BCDE827099A2409A3339565] - 18/10/2013 - 16:55:38 ---A- - C:\WINDOWS\Prefetch\SHORTCUT.DAT-002E7949.pf
~ Prefetcher: 98 Legitimates Filtered in 00mn 01s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\32nd America's Cup\VskAC32.exe" [Disabled] .(...) -- C:\Program Files\32nd America's Cup\VskAC32.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\System32\dmwu.exe" [Enabled] .(...) -- C:\WINDOWS\System32\dmwu.exe (.not file.)
~ Keys Export: 29 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Cl� de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{88837b57-c4ea-11e1-acb5-0014a44d6810}\AutoRun\command. (...) -- D:\MicroLauncher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 04:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 18/10/2013 - 18:01:40 -SHA- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-79355474-364743085-55346321-1005\Credentials [7770]
O61 - LFC: 18/10/2013 - 18:02:00 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 18/10/2013 - 18:02:00 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [108544]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [1063936]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [210852]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [55428]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [2443264]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\CURRENT [16]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\LOG [145]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\LOG.old [145]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000041 [140]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\History [3002368]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [468070]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [103424]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [49152]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [2862]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_kigpmgkoelepakabiliblldhdpnidcod_0\6 [18432]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfeggemggokijeahnacacopejaabljl_0\7 [159744]
O61 - LFC: 18/10/2013 - 18:02:01 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences [140844]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [264]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [142]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [139923]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [959680]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kigpmgkoelepakabiliblldhdpnidcod\CURRENT [16]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kigpmgkoelepakabiliblldhdpnidcod\LOG [267]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kigpmgkoelepakabiliblldhdpnidcod\LOG.old [262]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\kigpmgkoelepakabiliblldhdpnidcod\MANIFEST-000032 [293]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\CURRENT [16]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG [262]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\LOG.old [262]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\mpfeggemggokijeahnacacopejaabljl\MANIFEST-000032 [221]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_secure.shared.live.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_secure.shared.live.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [13312]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [19456]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal [6704]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [262]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [672]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000036 [159]
O61 - LFC: 18/10/2013 - 18:02:02 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ib.adnxs.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_ib.adnxs.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.booking.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.booking.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.dailymotion.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.dailymotion.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_halc.iadvize.com_0.localstorage [3072]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_halc.iadvize.com_0.localstorage-journal [3608]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Local State [53837]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 18/10/2013 - 18:02:03 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 18/10/2013 - 18:02:14 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\startupCache\startupCache.4.little [587000]
O61 - LFC: 18/10/2013 - 18:02:18 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\_CACHE_CLEAN_ [1]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\active-update.xml [1520]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates.xml [13384]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\update.manifest [49091]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\update.mar [14910267]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status [16]
O61 - LFC: 18/10/2013 - 18:02:19 ---A- . (...) -- C:\Documents and Settings\karen\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\update.version [5]
O61 - LFC: 18/10/2013 - 18:03:14 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\ZHPDiag.lnk [1431] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:14 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\ZHPFix.lnk [1536] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:14 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\adwcleaner(1).exe [1050644]
O61 - LFC: 18/10/2013 - 18:03:15 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\Voyage californie\AdwCleaner[S1].txt [2473]
O61 - LFC: 18/10/2013 - 18:03:15 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\Voyage californie\JRT.txt [2097]
O61 - LFC: 18/10/2013 - 18:03:15 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\Voyage californie\ZHPDiag-rapport.txt [35513] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:15 ---A- . (...) -- C:\Documents and Settings\karen\Bureau\Voyage californie\ZHPDiag2.txt [103559] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:15 -SHA- . (...) -- C:\Documents and Settings\karen\Application Data\Microsoft\Credentials\S-1-5-21-79355474-364743085-55346321-1005\Credentials [484]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\blocklist.xml [81809]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\extensions.sqlite [589824]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\healthreport\state.json [89]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\parent.lock [0]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\permissions.sqlite [98304]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\places.sqlite [10485760]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\prefs.js [42132]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\webapps\webapps.json [2]
O61 - LFC: 18/10/2013 - 18:03:29 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\webappsstore.sqlite [688128]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\addons.sqlite [524288]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\bookmarkbackups\bookmarks-2013-10-18.json [9039]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\cert8.db [229376]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\cookies.sqlite [2097152]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\downloads.sqlite [98304]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\formhistory.sqlite [262144]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\healthreport.sqlite [1146880]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\indexedDB\chrome\idb\2365118515ab3d4l6afn1r5ebt-nfi7.sqlite [524288]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\key3.db [16384]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\localstore.rdf [7124]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\sessionstore.js [189185]
O61 - LFC: 18/10/2013 - 18:03:30 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\urlclassifierkey3.txt [154]
O61 - LFC: 18/10/2013 - 18:03:31 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\Mozilla\Firefox\Profiles\9kj1eks6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [915554]
O61 - LFC: 18/10/2013 - 18:03:32 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\ZHP\Log.txt [44668] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:32 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\ZHP\TestsZHPDiag.txt [3260] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:32 ---A- . (...) -- C:\Documents and Settings\karen\Application Data\ZHP\ZHPDiag.txt [103559] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:35 -SHA- . (...) -- C:\Documents and Settings\karen\IETldCache\index.dat [262144]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\AdwCleaner.lnk [301]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\AdwCleaner[R0].lnk [474]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\AdwCleaner[R1].lnk [659]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\AdwCleaner[S0].lnk [474]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\AdwCleaner[S1].lnk [659]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\JRT.lnk [592]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\Voyage californie.lnk [395]
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\ZHPDiag (2).lnk [379] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\ZHPDiag-rapport.lnk [427] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\ZHPDiag.lnk [416] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\ZHPDiag2.lnk [623] =>.Nicolas Coolman
O61 - LFC: 18/10/2013 - 18:03:36 ---A- . (...) -- C:\Documents and Settings\karen\Recent\ZHPScan.lnk [574] =>.Nicolas Coolman
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 217 Legitimates Filtered in 01mn 57s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\asc3550.sys (asc3550) .(.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) - LEGACY_ASC3550
O64 - Services: CurCS - 19/12/2000 - C:\Program Files\Launch Manager\POWERKEY.sys (POWERKEY) .(...) - LEGACY_POWERKEY
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (SDScannerService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - LEGACY_SDSCANNERSERVICE
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (SDUpdateService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - LEGACY_SDUPDATESERVICE
O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\sparrow.sys (Sparrow) .(.Adaptec, Inc. - Adaptec AIC-6x60 series SCSI miniport.) - LEGACY_SPARROW
O64 - Services: CurCS - 17/08/2001 - C:\WINDOWS\system32\DRIVERS\symc8xx.sys (symc8xx) .(.LSI Logic - Symbios 8XX SCSI Miniport Driver.) - LEGACY_SYMC8XX
~ Legacy: 233 Legitimates Filtered in 00mn 02s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {7A72A1CE-FA3B-46EE-AFFD-47D57DE8AD6B} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {AB75308E-C0FB-4BD5-9F8D-C07A310ECD6F} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.2084AC9305E20BE7141DAC46902C5427] [SPRF][18/10/2013] (...) -- C:\Documents and Settings\karen\Bureau\adwcleaner(1).exe [1050644]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/07/1658 0 | (4e591958-f557-4f1a-9f9d-0361006bfec1) . (...) - E:\Player\cds300.dll
SS - | Demand 13/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 29/08/2008 33752 | (getPlus(R) Helper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
SS - | Demand 07/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 08/03/2002 300544 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Demand 13/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by karen at 18/10/2013 18:04:54

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys PCIIDEX.SYS
C:\WINDOWS\System32\drivers\sdcplh.sys Macrovision Europe Ltd SDCPLH
1 ntkrnlpa!IofCallDriver[0x804EE140] >> \Device\Harddisk0\DR0[0x86D5B688]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by karen at 18/10/2013 18:04:56

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12949 - (18/10/2013)
Cl�s trouv�es (Keys found) : 7
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 3

[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam^
[HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop-Up] =>PUP.CrossRider^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}] =>Adware.EGDAccess
[HKCU\Software\AOLToolbar] =>Toolbar.AOL
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411281122}] =>PUP.CrossRider
C:\Program Files\tuto4pc_fr_68 =>PUP.Eorezo^
C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam^
C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod =>PUP.CrossRider^
[HKCU\Software\Shop-Up] =>PUP.CrossRider^
~ Additionnel Scan: 241812 Items scanned in 00mn 29s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27469224-pup-eorezo =>PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blog/show/26746746-adware-egdaccess =>Adware.EGDAccess
~ MSI: 4 link(s) detected in 00mn 29s



~ 1396 Legitimates filtered by white list
End of the scan (664 lines in 05mn 56s)(0)

Publicité


Signaler le contenu de ce document

Publicité