Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013 Run by direction at 16/04/2013 23:55:45 State : WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 20.0.1 v20.0.1 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Business Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : WRMG7 Windows License : OK Windows Automatic Updates : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.24 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3035.6 MB (55% free) System Restore: Activé (Enable) System drive C: has 35 GB (16%) free of 218 GB ---\\ Logged in mode ~ Computer Name: PORTABLE-MARC ~ User Name: direction ~ All Users Names: Marc, Emilie, Administrateur, admin, ~ Unselected Option: O45,O61,O62 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\direction\AppData\Roaming\ ~ %Desktop% : C:\Users\direction\Desktop\ ~ %Favorites% : C:\Users\direction\Favorites\ ~ %LocalAppData% : C:\Users\direction\AppData\Local\ ~ %StartMenu% : C:\Users\direction\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 35 Go of 218 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 15 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:24:09.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:24:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:44.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:51.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:25:21.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 05:52:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/1742 ~ Mes musiques (My Musics) : 1/1160 ~ Mes Videos (My Videos) : 1/4 ~ Mes Favoris (My Favorites) : 1/105 ~ Mes Documents (My Documents) : 18/1974 ~ Mon Bureau (My Desktop) : 1/71 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 07s ---\\ Processus lancés [MD5.59B49E9134A69D298A54E3E9896FE2F0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268056] [PID.4532] [MD5.939620D76BF4ED02B774B7577DBD4854] - (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Security Agent\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe [238928] [PID.4916] [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.4936] [MD5.5AE639FA1E99F674AF4881E259D2848F] - (.Jeff L. Williams - Subliminal Messages.) -- C:\Program Files\Subliminal Visuel Concentration\SUBLIM.exe [253952] [PID.4972] [MD5.2F85658D6EE33B94180B888E63E4575E] - (.Trend Micro Inc. - Trend Micro Client Session Agent.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe [1076904] [PID.5100] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5536] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4048] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5412] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.792] [MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3248] [MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.3168] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1332] [MD5.3E21BB223AA6054FF27ABEF6781E0B67] - (...) -- C:\Windows\System32\WLTRYSVC.exe [24064] [PID.1708] [MD5.52481F9537954D23D188CDE1FB13AE62] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Co.) -- C:\Windows\System32\bcmwltry.exe [2654208] [PID.1724] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1732] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1896] [MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1968] [MD5.A119A4AEB0E23884C4A92BE3F5F5AB12] - (.Trend Micro Inc. - Trend Micro Anti-Malware Solution Platform.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [196320] [PID.504] [MD5.D2A192256968B6868BE5B3D9FE8DB874] - (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe [121064] [PID.600] [MD5.75484573B1B3732AEA01368251ED3962] - (.Trend Micro Inc. - Trend Micro Anti-Malware Solution Platform.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe [138640] [PID.588] [MD5.ABDD5AD016AFFD34AD40E944CE94BF59] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208] [PID.920] [MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.2080] [MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.2096] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.2112] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2140] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2208] [MD5.EA4300E53E5D4D1912AD04985F6264F0] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624] [PID.2248] [MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\Windows\system32\EscSvc.exe [122000] [PID.2304] [MD5.82F0F3554CE07CEDB749D79CBC5A599E] - (.Freemake - FreemakeUtilsService.) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864] [PID.2320] [MD5.48163641260104C0606D49A2577C7A91] - (.Microsoft - CaptureLibService.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [8704] [PID.2428] [MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.2524] [MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2632] [MD5.40DBA03782BCC10685A8C200C5EBDCD0] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528] [PID.2788] =>Toolbar.AVGSearch [MD5.3AD1E72748978D8B0B3B674741E4C3E2] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880] [PID.2788] =>Toolbar.AVGSearch [MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.3008] [MD5.41335396339DD3C1B74527B187F6AE79] - (.Vodafone - VMCService.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336] [PID.3076] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3492] [MD5.EEC232F5CB69323B75D948265A2615D2] - (.Trend Micro Inc. - TmListen Application.) -- C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [681488] [PID.2768] ~ Processes Running: Scanned in 00mn 02s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\direction\AppData\Roaming\Mozilla\Firefox\Profiles\ubm65zg3.default\prefs.js M2 - MFEP: prefs.js [direction - ubm65zg3.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v (..) M2 - MFEP: prefs.js [direction - ubm65zg3.default\{e001c731-5e37-4538-a5cb-8168736a2360}] [] Bitdefender QuickScan v0.9.9.119 (..) P2 - FPN: [HKLM] [@Nero.com/KM] - (.Nero AG - Plug-in for detecting Nero Kwik Media..) -- C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.18] - (...) -- C:\Program Files\Veetle\plugins\npVeetle.dll (.not file.) P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (...) -- C:\Program Files\Veetle\Player\npvlc.dll (.not file.) ~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 870 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0027096 - {11111111-1111-1111-1111-110211701196} . (.Corporate Inc - Services x86 BHO.) -- C:\Program Files\Services x86\Services x86.dll =>PUP.CrossRider ~ BHO: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Trend Micro Toolbar - [HKLM]{CCAC5586-44D7-4c43-B64A-F042461A97D2} . (.Trend Micro Inc. - Trend Micro TrendSecure.) -- C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe O4 - HKLM\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Security Agent\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\System32\WFS.exe O4 - GS\SendTo: Format Factory.lnk . (...) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe (.not file.) O4 - GS\Desktop: Documents - Raccourci.lnk . (...) -- C:\Users\direction\Documents O4 - GS\Desktop: Documents_Marc_TOULON.lnk - Clé orpheline O4 - GS\Desktop: Format Factory.lnk . (...) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe (.not file.) O4 - GS\Desktop: General.lnk . (...) -- D:\Documents O4 - GS\Desktop: Marc - fREJUS.lnk - Clé orpheline O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Zattoo.lnk . (.Zattoo Inc. - Zattoo4.) -- C:\Program Files\Zattoo4\Zattoo.exe ~ Global Startup: Scanned in 00mn 06s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Clé orpheline O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = charlemagne-frejus.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (vToolbarUpdater12.2.6) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: (vToolbarUpdater14.2.0) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe ~ Services: 18 Legitimates Filtered in 00mn 11s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\direction\Documents\abondance.jpg O24 - Desktop General: WallPaper - .(...) - C:\Users\direction\Documents\abondance.jpg ~ Desktop Component: 1 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\liilsg.job [320] [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask [MD5.00000000000000000000000000000000] [APT] [Updater27096.exe] (...) -- C:\Users\direction\AppData\Local\Updater27096\Updater27096.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3207E4BA-FB79-4454-814E-B537B3E53F6D}] (...) -- C:\Windows\Temp\Wofie\BinarySupport\vcredistX86.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7C96FF68-3CED-4176-95D9-49F7F025FF35}] (...) -- C:\Users\direction\Downloads\setup_MBPDualFinance (2).exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D9637702-C959-43C7-B073-531439D92D6E}] (...) -- C:\Users\direction\Downloads\setup_MBPDualFinance (1).exe (.not file.) [0] ~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s ---\\ Logiciels installés (O42) O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai O42 - Logiciel: Ellipses version 7.09.147 - (.Tmic Ellipses.) [HKLM] -- {A283F808-D41D-4060-8401-75EFE8B56BD6}_is1 O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {FCEBAFF1-1A10-437E-9282-47A0024D18AF} =>Adware.IMBooster O42 - Logiciel: Services x86 - (.Corporate Inc.) [HKLM] -- Services x86 O42 - Logiciel: Snap.Do - (.ReSoft Ltd..) [HKLM] -- {88F1349A-4F67-4DC4-9F09-F4C46323632A} =>Hijacker.SmartBar O42 - Logiciel: Subliminal Visuel Concentration 1.5 - (...) [HKLM] -- Subliminal Visuel Concentration_is1 O42 - Logiciel: Testez et entraînez votre mémoire - (.SBT.) [HKLM] -- Testez et entraînez votre mémoire O42 - Logiciel: Toolbar 4.7 by SweetPacks - (.SweetIM Technologies Ltd..) [HKLM] -- {96E2E493-C484-43E3-9B95-D62EE7D40D3A} =>PUP.SweetIM O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM] -- uTorrent ~ Logic: 151 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\AppDataLow\Software\Services x86] [HKCU\Software\BitTorrent] [HKCU\Software\DeterministicNetworks] [HKCU\Software\Parisprog] [HKCU\Software\TMIC Ellipses] [HKCU\Software\iExpertSoft] [HKCU\Software\txmqsuspjj] [HKLM\Software\DeterministicNetworks] [HKLM\Software\Ellipses] [HKLM\Software\Happyneuron] [HKLM\Software\PIP] [HKLM\Software\txmqsuspjj] ~ Key Software: 213 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 16/12/2012 - 13:55:17 - [7.474] ----D C:\Program Files\Animated Wallpaper Maker O43 - CFD: 24/03/2013 - 18:55:52 - [54.852] ----D C:\Program Files\Happyneuron O43 - CFD: 02/03/2013 - 21:39:24 - [5.855] ----D C:\Program Files\Services x86 O43 - CFD: 09/01/2012 - 18:12:50 - [0.857] ----D C:\Program Files\ShowMyPCService O43 - CFD: 29/03/2013 - 19:57:59 - [5.606] ----D C:\Program Files\Subliminal Visuel Concentration O43 - CFD: 09/12/2012 - 18:16:42 - [138.809] ----D C:\Program Files\UltraMixer O43 - CFD: 23/11/2012 - 20:13:45 - [0.924] ----D C:\Program Files\uTorrent O43 - CFD: 07/12/2011 - 15:30:11 - [0.537] ----D C:\Program Files\Common Files\Deterministic Networks O43 - CFD: 23/11/2012 - 20:07:19 - [0.000] ----D C:\Users\direction\AppData\Roaming\FreeTorrentViewer O43 - CFD: 16/04/2013 - 23:15:04 - [5.401] ----D C:\Users\direction\AppData\Roaming\uTorrent O43 - CFD: 03/03/2013 - 19:32:43 - [0.039] ----D C:\Users\direction\AppData\Roaming\WebPlayerBdd O43 - CFD: 24/10/2012 - 15:35:13 - [35.166] ----D C:\Users\direction\AppData\Local\Akamai O43 - CFD: 26/02/2013 - 22:08:49 - [0.010] ----D C:\Users\direction\AppData\Local\Services x86 O43 - CFD: 16/04/2013 - 17:59:03 - [0] ----D C:\Users\direction\AppData\Local\Updater27096 O43 - CFD: 16/12/2012 - 13:55:19 - [0.005] ----D C:\Users\direction\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animated Wallpaper Maker ~ Program Folder: 229 Legitimates Filtered in 00mn 31s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.82F425E68090F7D2A38AD4CA5643ADCD] - 16/04/2013 - 22:06:02 ---A- . (...) -- C:\AdwCleaner[S34].txt [4742] O44 - LFC:[MD5.3C790BEDC39F7596CCA4A9000AEC6BE1] - 16/04/2013 - 21:41:26 ---A- . (...) -- C:\AdwCleaner[S33].txt [4681] O44 - LFC:[MD5.4F63B3B1177FDE3D247EFCEE83CB3097] - 16/04/2013 - 20:36:32 ---A- . (...) -- C:\AdwCleaner[S32].txt [4620] O44 - LFC:[MD5.D07D984A4BBA9C4476196FD110AE93B0] - 16/04/2013 - 14:59:53 ---A- . (...) -- C:\AdwCleaner[S31].txt [4559] O44 - LFC:[MD5.4EE55676C680095885F006CEAD2A7E72] - 16/04/2013 - 14:58:34 ---A- . (...) -- C:\AdwCleaner[R33].txt [4667] O44 - LFC:[MD5.EA391461590DA418F92F28DFF82266E3] - 14/04/2013 - 17:17:25 ---A- . (...) -- C:\AdwCleaner[S30].txt [4682] O44 - LFC:[MD5.46BAAD424FEF3B337ED0CDF6A1D89D98] - 14/04/2013 - 17:15:58 ---A- . (...) -- C:\AdwCleaner[R32].txt [4787] ~ Files: 46 Legitimates Filtered in 00mn 58s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{047e88fd-35fe-11e1-924c-002556be7f73}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) O51 - MPSK:{bad9ea99-3d04-11e1-942b-002556be7f73}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{bad9eaa4-3d04-11e1-942b-002556be7f73}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{bad9eab0-3d04-11e1-942b-00a0c6000000}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{fe3d85e6-1666-11e2-886d-002556be7f73}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Akamai NetSession Interface [Key] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\direction\AppData\Local\Akamai\netsession_win.exe O53 - SMSR:HKLM\...\startupreg\Broadcom Wireless Manager UI [Key] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Windows\system32\WLTRAY.exe O53 - SMSR:HKLM\...\startupreg\DriverFinder [Key] . (...) -- C:\Program Files\DriverFinder\DriverFinder.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Freebie Notes [Key] . (...) -- C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\MobileConnect [Key] . (.Vodafone - MobileConnect.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe O53 - SMSR:HKLM\...\startupreg\ROC_ROC_NT [Key] . (...) -- C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe (.not file.) =>Toolbar.AVGSearch O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files\AVG Secure Search\vprot.exe (.not file.) =>Toolbar.AVGSearch ~ SMSR Keys: 27 Legitimates Filtered in 00mn 02s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWelcomeScreen"=1 ~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:45 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 23/08/2009 - C:\Windows\system32\Drivers\CVPNDRVA.sys (CVPNDRVA) .(.Cisco Systems, Inc. - Cisco Systems VPN Client IPSec Driver.) - LEGACY_CVPNDRVA ~ Legacy: 93 Legitimates Filtered in 00mn 02s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [direction - ubm65zg3.default] user_pref("extensions.crossrider.bic", "13d7dd4f26ac479ed4e1e5a01e8255bb"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {D66725E5-7BEA-4767-A126-41076DCA7A69} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {FC6F725F-8F9B-47DF-BC78-2F7CAE3A775D} - (FileConverter 1.5 Customized Web Search) - http://search.conduit.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\direction\Downloads\Registry.Clean.Expert.v4.88.Cracked-BRD\Setup\registry-clean-expert.exe C:\Users\direction\Downloads\Registry.Clean.Expert.v4.88.Cracked-BRD\Setup\registry-clean-expert.exe ~ Files: Scanned in 00mn 32s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.49E025674987A82E7AD27FEB8372BD30] [SPRF][17/01/2013] (...) -- C:\Users\direction\AppData\Local\d3d9caps.dat [680] [MD5.04F80866AA0D12731CE6209AF7784EEE] [SPRF][25/09/2012] (...) -- C:\Users\direction\Desktop\adwcleaner.exe [513501] [MD5.2FE97CDB50736828955376C6D39C1C1F] [SPRF][09/12/2012] (.UltraMixer Digitial Audio Solutions - UltraMixer Professional Digital DJ Solutions.) -- C:\Users\direction\Desktop\UltraMixer-2.4.6-win.exe [55785649] [MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616] [MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648] [MD5.A54F3D88767BB8C7DC18D8263385DED2] [SPRF][16/05/2007] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [483328] ~ Files: Scanned in 00mn 02s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{FDAE6EEF-0D8B-4015-A534-7A14664477A8}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe O87 - FAEL: "{81B6DE09-C8A4-436E-84FA-3C6ABA7ADDCA}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe O87 - FAEL: "{B290C884-896B-4D32-BE3A-DB2C31290062}" |In - Public - P6 - TRUE | .(...) -- E:\Network\EpsonNetSetup\ENEasyApp.exe (.not file.) O87 - FAEL: "{CDDFD9D9-4EAD-46FC-94C9-1FC771652D38}" |In - Public - P17 - TRUE | .(...) -- E:\Network\EpsonNetSetup\ENEasyApp.exe (.not file.) ~ Firewall: 190 Legitimates Filtered in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.11560 - (16/04/2013) Clés trouvées (Keys found) : 46 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip [HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip [HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip [HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{88F1349A-4F67-4DC4-9F09-F4C46323632A}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] =>PUP.CrossRider [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKLM\Software\Classes\AppID\PricePeep.DLL] =>Toolbar.PricePeep [HKCU\Software\APN PIP] =>Toolbar.Ask [HKLM\Software\PIP] =>Toolbar.Ask [HKCU\Software\AppDataLow\Software\Services x86] =>PUP.CrossRider [HKLM\Software\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}] =>PUP.Datamngr [HKLM\Software\Classes\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}] =>Toolbar.TrendMicro [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222702296}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ C:\Program Files\Services x86 =>PUP.CrossRider C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\Users\direction\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz C:\Users\direction\AppData\Local\Services x86 =>PUP.CrossRider C:\Users\direction\AppData\Local\\Updater27096 =>PUP.CrossRider^ ~ Additionnel: Scanned in 00mn 28s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1FFABECF01A1E7342928740A20D481FA" . (.Iminent.) -- C:\Windows\Installer\{FCEBAFF1-1A10-437E-9282-47A0024D18AF}\imbooster.ico =>Adware.IMBooster O90 - PUC: "394E2E69484C3E34B9596DE27E4DD0A3" . (.Toolbar 4.7 by SweetPacks.) -- C:\Windows\Installer\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}\ARPPRODUCTICON.exe =>PUP.SweetIM ~ Update Products: 134 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 18/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/01/2011 196320 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe SR - | Auto 16/04/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 16/04/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 23/08/2009 1528624 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe SR - | Auto 12/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc.exe SR - | Auto 06/06/2012 100864 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe SR - | Auto 21/08/2012 8704 | (FreemakeVideoCapture) . (.Microsoft.) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe SS - | Disabled 10/09/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 10/09/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 21/01/2008 21504 | C:\Windows\system32\XAudio32.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe SS - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 11/07/2007 69632 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe SR - | Demand 01/04/2011 681488 | (TmListen) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe SR - | Auto 22/09/2008 14336 | (VMCService) . (.Vodafone.) - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe SR - | Auto 722528 | (vToolbarUpdater12.2.6) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch SR - | Auto 968880 | (vToolbarUpdater14.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch SS - | Disabled 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 24064 | (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by direction at 16/04/2013 23:59:26 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 1 ntkrnlpa!IofCallDriver[0x82252926] >> \Device\Harddisk0\DR0[0x85704AC8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 12 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by direction at 16/04/2013 23:59:28 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1213 Legitimates filtered by white list End of the scan (612 lines in 03mn 43s)(2)