Rapport de ZHPDiag v2013.4.14.81 par Nicolas Coolman, Update du 14/04/2013
Run by salon at 15/04/2013 21:20:50
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : 


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Ultimate Edition, 32-bit  (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v3.16

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 120 GB (25%) free of 466 GB

---\\ Logged in mode
~ Computer Name: SALON-PC
~ User Name: salon
~ All Users Names: salon, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\salon\AppData\Roaming\
~ %Desktop% : C:\Users\salon\Desktop\
~ %Favorites% : C:\Users\salon\Favorites\
~ %LocalAppData% : C:\Users\salon\AppData\Local\
~ %StartMenu% : C:\Users\salon\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 120 Go of 466 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 53 Go of 149 Go)
F:\ Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 02:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:16:19.) -- C:\Windows\System32\wininet.dll [977920]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/07/2009 - 00:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/07/2009 - 00:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2009 - 00:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/37
~ Mes musiques (My Musics) : 10/60
~ Mes Favoris (My Favorites) : 1/33
~ Mes Documents (My Documents) : 3/1113
~ Mon Bureau (My Desktop) : 1/2770
~ Menu demarrer (Programs) : 1/82
~ Hidden Files:  Scanned in 00mn 08s



---\\ Processus lancés
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe   [345312] [PID.2800]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [252848] [PID.2808]
[MD5.A09CF77498EE461B79773DD05BDD4C94] - (.Samsung - KiesPDLR.) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe   [844144] [PID.2824]
[MD5.312FC312F84305E10828FDBF92CE4300] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [920472] [PID.3060]
[MD5.DCBEFF88C66216530634390C697CE001] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe   [17304] [PID.5480]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe   [1822424] [PID.3816]
[MD5.7877E187C52912F43703D0C806F2BEE4] - (.SAMSUNG - SAMSUNG PC Share Manager MFC ?? ????.) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\SAMSUNG PC Share Manager.exe   [7313920] [PID.4144]
[MD5.BC431F556635C1096B9AAD8A1736C034] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [6750720] [PID.6264]
[MD5.C713B2A2DF90C60463E983274176F2B1] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe   [172032] [PID.804]
[MD5.F17E0F320FA73EDA1506214B9D385D4E] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe   [360448] [PID.1208]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe   [86752] [PID.1460]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe   [65192] [PID.1800]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe   [110816] [PID.1884]
[MD5.20F6F19FE9E753F2780DC2FA083AD597] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [37664] [PID.1980]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe   [345376] [PID.240]
[MD5.15AB846886C225FFF0376F3CEF21188F] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe   [233472] [PID.332]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe   [213384] [PID.576]
[MD5.F0F6BEE889236BB6D6A94560D7EEA2AC] - (.RealNetworks, Inc. - Online Games Manager.) -- C:\Program Files\Online Games Manager\ogmservice.exe   [559168] [PID.768]
[MD5.A4D2CE94B028EF1E437CF4AC3D8FF26C] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe   [2666880] [PID.1664]
[MD5.EFEF22B9577E5051057FDE1AE381B50C] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe   [92592] [PID.1656]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe   [79584] [PID.2308]
[MD5.AAA1F9D4CF4C976C21BCA8AFA2BAE6A4] - (...) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe   [6638080] [PID.1440]
[MD5.461EACD0992036129F4E6D6BD1CE333C] - (...) -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe   [417906] [PID.1808]
~ Processes Running:  Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\salon\AppData\Roaming\Mozilla\Firefox\Profiles\dyzwtecp.default\prefs.js
M3 - MFPP: Plugins - [salon] -- C:\Users\salon\AppData\Roaming\Mozilla\Firefox\Profiles\dyzwtecp.default\searchplugins\SearchResults.xml
M3 - MFPP: Plugins - [salon] -- C:\Program Files\Mozilla FireFox\searchplugins\fcmdSrch.xml
M3 - MFPP: Plugins - [salon] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchResults.xml
M3 - MFPP: Plugins - [salon] -- C:\Program Files\Mozilla FireFox\searchplugins\Yahooober3978415.xml
M2 - MFEP: prefs.js [salon - dyzwtecp.default\gamesbar@oberon-media.com] [] Oberon GamesBar v1.2.1.98 (..)
M2 - MFEP: prefs.js [salon - dyzwtecp.default\info@youtube-mp3.org] [] YouTube mp3 v1.0.4 (..)
M2 - MFEP: prefs.js [salon - dyzwtecp.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.8 (..)
P2 - FPN:Firefox Plugin Navigator . (.Pando Networks - Pando Web Installer.) -- C:\Program Files\Mozilla Firefox\Plugins\npPandoWebInst.dll
~ Firefox Browser: 51 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com  =>Adware.Facemoods
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe 
O4 - HKLM\..\RunOnce: [RAInstaller C:\Users\salon\Alexander the Great - Secrets of Power Premium Edition] . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\System32\cmd.exe 
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - Global Startup: C:\Users\salon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zylom - Have Fun..url . (...)  -- C:\Users\salon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zylom - Have Fun..url
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.)  -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe 
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch: PhotoScape.lnk . (...)  -- C:\Program Files\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (.Samsung - Kies.)  -- C:\Program Files\Samsung\Kies\Kies.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\Desktop: Autumn's Treasures - The Jade Coin.lnk . (...)  -- C:\Users\salon\Autumn's Treasures - The Jade Coin\autumnstreasures.exe
O4 - GS\Desktop: Cooking Academy.lnk . (...)  -- C:\Users\salon\Cooking Academy\ZY-CookingAcademy.exe
O4 - GS\Desktop: Documents - Raccourci.lnk . (...)  -- C:\Users\salon\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 
O4 - GS\Desktop: Downloads.lnk . (...)  -- C:\Users\salon\Downloads 
O4 - GS\Desktop: Forgotten Places - Lost Circus.lnk . (...)  -- C:\Users\salon\Forgotten Places - Lost Circus\lostcircus.exe
O4 - GS\Desktop: Free 3GP Video Converter.lnk . (.DVDVideoSoft Limited. - Free 3GP Video Converter.)  -- C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\Free3GPVideoConverter.exe 
O4 - GS\Desktop: Gardenscapes Deluxe.lnk . (...)  -- C:\Users\salon\AppData\Local\Zylom Games\Gardenscapes Deluxe\Gardenscapes.exe
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.)  -- C:\Program Files\Glary Utilities\Integrator.exe 
O4 - GS\Desktop: Letters from Nowhere.lnk . (...)  -- C:\Users\salon\Letters from Nowhere\LettersFromNowhere.exe
O4 - GS\Desktop: MAX by Wikango.lnk . (.Wikango - SelfUpgrade.)  -- C:\Program Files\Wikango\MAX\SelfUpgrade.exe 
O4 - GS\Desktop: Microsoft Office Outlook 2007.lnk . (...)  -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
O4 - GS\Desktop: Microsoft Office Publisher 2007.lnk . (...)  -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Panique au Supermarché.lnk . (...)  -- C:\Program Files\Micro Application\Panique au Supermarché\SupermarketMania.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.)  -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe 
O4 - GS\Desktop: Samsung Kies (Lite).lnk . (...)  -- C:\Program Files\Samsung\Kies\KiesAgent.exe
O4 - GS\Desktop: Start Unlocker.lnk . (...)  -- C:\Program Files\Unlocker\Unlocker.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.)  -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
~ Global Startup:  Scanned in 00mn 01s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0152E692-C50D-4876-B590-38BF73295AE7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0152E692-C50D-4876-B590-38BF73295AE7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0152E692-C50D-4876-B590-38BF73295AE7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Online Games Manager (ogmservice) . (.RealNetworks, Inc. - Online Games Manager.) - C:\Program Files\Online Games Manager\ogmservice.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 12 Legitimates Filtered in 00mn 08s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{3B43518D-14BA-44F2-B79F-8D819A165197}] (...) -- D:\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{A2E9EAB6-73BA-43CF-8C58-1F706BF429AF}] (...) -- C:\Users\salon\Downloads\jre-6u21-windows-i586-iftw-rv.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{B1D198FD-6DE2-462B-A818-B0D6CC40AD96}] (...) -- C:\Users\salon\Downloads\DriverSetup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{C96F26D5-8AF6-431E-BD68-1154F5856F3B}] (...) -- C:\Users\salon\Downloads\SteamInstall_CS1.6.exe (.not file.)   [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 10s



---\\ Logiciels installés (O42)
O42 - Logiciel: Autumn's Treasures - The Jade Coin - (...) [HKLM] -- b55dd6486f6fcb2393c7314c5157ea77
O42 - Logiciel: Avenue Flo(TM) - Special Delivery - (...) [HKLM] -- 776a8019a6c5df9b2552a01946d2b94f
O42 - Logiciel: Campfire Legends - The Hookman - (...) [HKLM] -- Campfire Legends - The Hookman
O42 - Logiciel: Cooking Academy - (.zylom.) [HKLM] -- a5bade3eac9190e57392b9823775083e
O42 - Logiciel: Forgotten Places - Lost Circus - (...) [HKLM] -- 38013ceeb25e6e5d59588fba08536738
O42 - Logiciel: Gardenscapes Deluxe - (.Zylom Games.) [HKCU] -- Gardenscapes Deluxe
O42 - Logiciel: Legends of the Wild West - (...) [HKLM] -- {C5EE0721-FEBC-4993-9122-B1AE647A9964}
O42 - Logiciel: Letters from Nowhere - (...) [HKLM] -- ed0e05c3d6f3043c4632b93b87cf7b4c
O42 - Logiciel: MAX by Wikango - (...) [HKCU] -- MAX by Wikango
O42 - Logiciel: Online Games Manager v1.20 - (.Real Networks, Inc..) [HKLM] -- Online Games Manager
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: Panique au Supermarché - (...) [HKLM] -- {6EB03C54-E273-4051-BCD6-0A78BA8AC157}
O42 - Logiciel: Picto Cross - (...) [HKLM] -- {A162BEE2-4183-4F02-ADDC-B362ABC68B09}
O42 - Logiciel: StealthNet 0.8.7.9 - (.The StealthNet Team.) [HKLM] -- StealthNet_is1
O42 - Logiciel: Uninstall 1.0.0.1 - (...) [HKLM] -- Uninstall_is1
O42 - Logiciel: eMule - (...) [HKLM] -- eMule
~ Logic: 140 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\Smartbar]  =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\searchqutoolbar]  =>PUP.Datamngr
[HKCU\Software\BigBlueBubble]
[HKCU\Software\BooRee-USB]
[HKCU\Software\EasySystems]
[HKCU\Software\MLSync]
[HKCU\Software\Pando Networks]
[HKCU\Software\SIComponents]
[HKCU\Software\SearchCore for Browsers]
[HKCU\Software\Softonic]
[HKCU\Software\eMule]
[HKLM\Software\Boonty]
[HKLM\Software\GamesBarSetup]
[HKLM\Software\PIP]
[HKLM\Software\Pando Networks]
[HKLM\Software\Trymedia Systems]  =>Adware.Trymedia
~ Key Software: 265 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/03/2013 - 14:25:12 - [0,009] ----D C:\Program Files\BoontyGames
O43 - CFD: 12/06/2010 - 12:16:55 - [0,646] ----D C:\Program Files\BooRee-USB
O43 - CFD: 17/01/2012 - 21:12:14 - [115,730] ----D C:\Program Files\Campfire Legends - The Hookman
O43 - CFD: 10/04/2010 - 15:10:20 - [10,401] ----D C:\Program Files\eMule
O43 - CFD: 28/09/2010 - 11:44:04 - [109,458] ----D C:\Program Files\FinePixViewer
O43 - CFD: 31/01/2012 - 11:46:18 - [0,002] ----D C:\Program Files\GamesBar
O43 - CFD: 10/04/2010 - 14:52:41 - [0,001] ----D C:\Program Files\MSI Afterburner
O43 - CFD: 08/11/2012 - 14:53:53 - [0,577] ----D C:\Program Files\Online Games Manager
O43 - CFD: 11/05/2010 - 16:58:22 - [6,896] ----D C:\Program Files\Pando Networks
O43 - CFD: 13/11/2011 - 21:18:16 - [1,561] ----D C:\Program Files\SearchCore for Browsers
O43 - CFD: 03/07/2012 - 18:46:27 - [-1877,901] ----D C:\Program Files\StealthNet
O43 - CFD: 23/08/2011 - 12:00:57 - [4,580] ----D C:\Program Files\U.B. Funkeys
O43 - CFD: 20/04/2011 - 19:29:44 - [35,341] ----D C:\Program Files\Wikango
O43 - CFD: 12/01/2012 - 12:52:36 - [0] ----D C:\Program Files\Common Files\BOONTY Shared
O43 - CFD: 05/12/2012 - 14:03:48 - [30,478] ----D C:\ProgramData\Ashtons Family Resort
O43 - CFD: 13/11/2011 - 20:55:10 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 08/06/2010 - 11:32:02 - [0,784] ----D C:\ProgramData\incredible express
O43 - CFD: 16/05/2011 - 14:03:44 - [0,042] ----D C:\ProgramData\Islands
O43 - CFD: 09/04/2011 - 14:33:40 - [0] ----D C:\ProgramData\SiComponents
O43 - CFD: 20/07/2011 - 18:55:12 - [0,023] ----D C:\ProgramData\The Game Equation
O43 - CFD: 08/11/2012 - 16:58:47 - [55,993] ----D C:\ProgramData\Trymedia  =>Adware.Trymedia
O43 - CFD: 20/07/2011 - 18:53:03 - [22,948] --H-D C:\ProgramData\{589802B2-1BF3-4609-9ADE-CF6E6608D06D}
O43 - CFD: 08/03/2012 - 14:38:06 - [0,031] ----D C:\Users\salon\AppData\Roaming\Arkadium
O43 - CFD: 05/12/2012 - 14:03:47 - [0] ----D C:\Users\salon\AppData\Roaming\Ashtons Family Resort
O43 - CFD: 16/06/2010 - 12:57:46 - [0,082] ----D C:\Users\salon\AppData\Roaming\Curious Sense
O43 - CFD: 20/07/2011 - 19:07:04 - [0,298] ----D C:\Users\salon\AppData\Roaming\Dreamsdwell Stories 2
O43 - CFD: 27/07/2011 - 15:24:33 - [0,011] ----D C:\Users\salon\AppData\Roaming\GestaltGames
O43 - CFD: 05/12/2011 - 14:27:06 - [0,104] ----D C:\Users\salon\AppData\Roaming\iWin
O43 - CFD: 02/02/2011 - 14:25:08 - [0,009] ----D C:\Users\salon\AppData\Roaming\Jane s Hotel 3
O43 - CFD: 03/06/2010 - 11:19:45 - [0,019] ----D C:\Users\salon\AppData\Roaming\MastersOfMystery2
O43 - CFD: 02/04/2013 - 17:34:59 - [0,006] ----D C:\Users\salon\AppData\Roaming\Nitreal Games
O43 - CFD: 09/01/2011 - 19:45:10 - [0,018] ----D C:\Users\salon\AppData\Roaming\PeaceCraft2
O43 - CFD: 20/12/2011 - 15:15:01 - [0,018] ----D C:\Users\salon\AppData\Roaming\PeaceCraft3
O43 - CFD: 03/04/2013 - 13:39:00 - [0,179] ----D C:\Users\salon\AppData\Roaming\Shape games
O43 - CFD: 04/05/2011 - 12:43:51 - [0,003] ----D C:\Users\salon\AppData\Roaming\Skip-Bo
O43 - CFD: 10/04/2010 - 16:50:19 - [0,200] ----D C:\Users\salon\AppData\Local\eMule
O43 - CFD: 08/06/2010 - 18:02:59 - [0,077] ----D C:\Users\salon\AppData\Local\The_StealthNet_Team
O43 - CFD: 11/05/2010 - 15:14:44 - [0] ----D C:\Users\salon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiaa
O43 - CFD: 20/04/2011 - 19:30:03 - [0,008] ----D C:\Users\salon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wikango
~ Program Folder: 342 Legitimates Filtered in 00mn 33s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5DAB08C57F0897DE4F6C2DF82C20EAF7] - 13/04/2013 - 23:03:42 ---A- . (...) -- C:\Windows\System32\http_ss.log   [800602748]
O44 - LFC:[MD5.AFE4C2A17E52166E793C7BA8B5315909] - 12/04/2013 - 13:51:45 ---A- . (...) -- C:\Windows\System32\log.log   [74]
O44 - LFC:[MD5.9984D1210EB8C39B08F7C000DE3AE960] - 24/03/2013 - 17:17:33 RSH-- . (...) -- C:\winx.ld   [20]
O44 - LFC:[MD5.48DA2945EFDCCA4BD69D5B31B1A35C2B] - 24/03/2013 - 17:17:32 RSH-- . (...) -- C:\NZTWC   [205098]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 19/03/2013 - 19:11:49 ---A- . (...) -- C:\Windows\diagerr.xml   [1908]
O44 - LFC:[MD5.4BD285801F6F9720B3750C00F6FBFA52] - 19/03/2013 - 19:11:49 ---A- . (...) -- C:\Windows\diagwrn.xml   [2562]
O44 - LFC:[MD5.AA576663AB0BF6FB66A0AFBB79F4130E] - 19/03/2013 - 18:09:14 ---A- . (...) -- C:\ACT_Rapport.log   [3527]
~ Files: 27 Legitimates Filtered in 02mn 19s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4DB1F1973F9F1A8A79761E5966EFECB5] - 11/04/2013 - 15:40:02 ---A- - C:\Windows\Prefetch\BRCTRCEN.EXE-E5EA9ED8.pf
O45 - LFCP:[MD5.1D60250163D41741AE10F4992CD1E2AF] - 12/04/2013 - 13:27:34 ---A- - C:\Windows\Prefetch\FLASHGOT.EXE-EA88DEAE.pf
O45 - LFCP:[MD5.DC41E87DCAD2CEAFB41E20E2FF48AF70] - 12/04/2013 - 13:51:55 ---A- - C:\Windows\Prefetch\HTTP_SS_WIN_PRO.EXE-67852775.pf
O45 - LFCP:[MD5.1962BD882B339465CB556845856A9ECC] - 12/04/2013 - 13:51:55 ---A- - C:\Windows\Prefetch\WISELINKPRO.EXE-FCD4C8EE.pf
O45 - LFCP:[MD5.CAC3D912FDF25418BDF86A37305792BD] - 12/04/2013 - 14:50:10 ---A- - C:\Windows\Prefetch\ESETSMARTINSTALLER_ENU.EXE-0BF74C89.pf
O45 - LFCP:[MD5.3B778167F9E03200357B3CF2A724BFCF] - 12/04/2013 - 14:50:20 ---A- - C:\Windows\Prefetch\ONLINESCANNERAPP.EXE-47AF3687.pf
O45 - LFCP:[MD5.78F9560C1F49CD62FAEF4EE20AC43283] - 12/04/2013 - 17:29:26 ---A- - C:\Windows\Prefetch\ONLINECMDLINESCANNER.EXE-8ADAC576.pf
O45 - LFCP:[MD5.F679748CF0416E6914F9DC060BC585A7] - 15/04/2013 - 19:23:40 ---A- - C:\Windows\Prefetch\SAMSUNG PC SHARE MANAGER.EXE-E1FC6346.pf
O45 - LFCP:[MD5.BE6EF3F4E7AB54BF566F2010B72347BF] - 15/04/2013 - 19:23:52 ---A- - C:\Windows\Prefetch\MTN.EXE-B58B5246.pf
O45 - LFCP:[MD5.1F38C7ED81252443E7F841A9D97D789D] - 15/04/2013 - 19:40:40 ---A- - C:\Windows\Prefetch\RTMPDUMP.EXE-4DA07361.pf
~ Prefetcher: 100 Legitimates Filtered in 00mn 01s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e7c5a386-0e28-11e1-9805-40618687794c}\AutoRun\command. (...) -- I:\SamsungKiesInstaller.exe (.not file.)
~ Keys:  Scanned in 45mn 44s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
~ Drivers:  Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Lbd)  .(...) - LEGACY_LBD
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (NTACCESS)  .(...) - LEGACY_NTACCESS
~ Legacy: 79 Legitimates Filtered in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\System32\NOTEPAD.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\System32\NOTEPAD.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [salon - dyzwtecp.default] user_pref("browser.search.order.1", "Searchqu Web Search");  =>PUP.Datamngr
O69 - SBI: prefs.js [salon - dyzwtecp.default] user_pref("extensions.facemoods.aflt", "_#ddrnw");  =>Adware.Facemoods
O69 - SBI: prefs.js [salon - dyzwtecp.default] user_pref("extensions.facemoods.firstRun", false);  =>Adware.Facemoods
O69 - SBI: prefs.js [salon - dyzwtecp.default] user_pref("extensions.facemoods.lastActv", "19");  =>Adware.Facemoods
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0D7562AE-8EF6-416d-A838-AB665251703A} - (Facemoods Search) - http://start.facemoods.com  =>Adware.Facemoods
O69 - SBI: SearchScopes [HKCU] {36377DD7-B3EB-42f5-986F-680BAF59BA9D} [DefaultScope] - (Yahoo!) - http://start.yahoofr.iplay.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.E8D3E34FFDAF21DF7C09CBBBA5763237] [SPRF][12/04/2013] (.ESET - ESET Smart Installer.) -- C:\Users\salon\Desktop\esetsmartinstaller_enu.exe   [2347384]
[MD5.7D52C0157969270551EAEB4B48615DED] [SPRF][08/05/2012] (.Mooii - PhotoScape Setup.) -- C:\Users\salon\Desktop\PhotoScape_V3.6.2.exe   [18376624]
[MD5.8DFD745CD2289DB0FCC120DBE3304BE4] [SPRF][23/06/2012] (.TeamViewer GmbH - Pas de description.) -- C:\Users\salon\Desktop\TeamViewerQS.exe   [3440024]
[MD5.2F1F3154D6D8B70E71CD52AA55CD9C83] [SPRF][08/01/2009] (.Macrovision Corporation - Setup.exe.) -- C:\Users\salon\Desktop\W541U V2.0.exe   [11272794]
[MD5.690F38FFF2B83022EDB1E4C32DC3F652] [SPRF][15/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\salon\Desktop\ZHPDiag2.exe   [5566486]
[MD5.702C6FCE1912C41A086A0A8D4419211F] [SPRF][06/05/2012] (...) -- C:\Users\salon\Desktop\Zylom-Installer_4ElementsiiPremiumEdition_FR.exe   [1775968]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{155C40B6-BFED-4C01-BEB8-F0ABA255E698}C:\program files\emule\emule.exe" | In - Private - P6 - TRUE | .(.http://www.emule-project.net - eMule.) -- C:\program files\emule\emule.exe
O87 - FAEL: "UDP Query User{B47A0A9D-A277-499D-9E78-50903331BF9B}C:\program files\emule\emule.exe" | In - Private - P17 - TRUE | .(.http://www.emule-project.net - eMule.) -- C:\program files\emule\emule.exe
O87 - FAEL: "{71A7D8C7-15CC-4D0D-83C2-F5A9191184D4}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{1CFB2963-7E2A-4095-8899-4EB21A08722B}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{F48EFE4B-A1D5-49A8-B06D-299FBF9AF66D}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{75F1D880-C93D-4131-B2EA-42F692B54537}C:\program files\stealthnet\stealthnet.exe" | In - Private - P6 - TRUE | .(.The StealthNet Team - StealthNet.) -- C:\program files\stealthnet\stealthnet.exe
O87 - FAEL: "UDP Query User{B7DAB7A0-9590-4B7D-9F95-C3AF31A8B40B}C:\program files\stealthnet\stealthnet.exe" | In - Private - P17 - TRUE | .(.The StealthNet Team - StealthNet.) -- C:\program files\stealthnet\stealthnet.exe
O87 - FAEL: "TCP Query User{61060088-73B1-4BDF-BB92-857246B5A68E}C:\program files\wikango\max\selfupgrade.exe" | In - Private - P6 - TRUE | .(.Wikango - SelfUpgrade.) -- C:\program files\wikango\max\selfupgrade.exe
O87 - FAEL: "UDP Query User{D0A7C884-ACAC-44D4-8C54-6A0CE8153D85}C:\program files\wikango\max\selfupgrade.exe" | In - Private - P17 - TRUE | .(.Wikango - SelfUpgrade.) -- C:\program files\wikango\max\selfupgrade.exe
O87 - FAEL: "TCP Query User{37529420-C41A-4864-A651-ECAC7D1A56F2}C:\program files\wikango\max\wikangomax.exe" | In - Private - P6 - TRUE | .(.Wikango - WikangoMax.) -- C:\program files\wikango\max\wikangomax.exe
O87 - FAEL: "UDP Query User{CFA466B7-38BB-4F58-9C73-619AA74C1CC9}C:\program files\wikango\max\wikangomax.exe" | In - Private - P17 - TRUE | .(.Wikango - WikangoMax.) -- C:\program files\wikango\max\wikangomax.exe
~ Firewall: 236 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11536 - (14/04/2013)
Clés trouvées (Keys found) : 41
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 5
Fichiers trouvés  (Files found) : 2

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}]   =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]   =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}]   =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]   =>Adware.RecordNRip
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]   =>Adware.Facemoods
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]   =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}]   =>Adware. BullseyeToolbar
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]   =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}]   =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\escort.dll]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\GIFAnimator.DLL]   =>PUP.BearShare
[HKCU\Software\APN PIP]   =>Toolbar.Ask
[HKLM\Software\GamesBarSetup]   =>Adware.GamesBar
[HKLM\Software\PIP]   =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\searchqutoolbar]   =>Adware.Bandoo
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\SearchquMediaBar_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\SearchquMediaBar_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}]   =>Toolbar.Babylon
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}]   =>Adware.Facemoods
[HKLM\Software\Classes\AppID\secman.DLL]   =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\IEPLUGIN.DLL]   =>PUP.MediaFinder
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]   =>Toolbar.Bing
[HKLM\Software\Microsoft\Tracing\Setup_RASAPI32]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Setup_RASMANCS]   =>Toolbar.Conduit
[HKLM\Software\Classes\facemoods.facemoodsHlpr]   =>Toolbar.Facemoods
[HKLM\Software\Classes\facemoods.facemoodsHlpr.1]   =>Toolbar.Facemoods
[HKLM\Software\Classes\AppID\escort.DLL]   =>PUP.Funmoods
C:\Program Files\GamesBar   =>Adware.GamesBar
C:\Program Files\SearchCore for Browsers   =>Adware.SearchCore
C:\ProgramData\Trymedia   =>Adware.Trymedia
C:\Users\salon\AppData\Roaming\iWin   =>Adware.BHO
C:\Users\salon\AppData\LocalLow\searchquband   =>Adware.Bandoo
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml   =>Toolbar.Agent
C:\Users\salon\AppData\Roaming\Mozilla\Firefox\Profiles\dyzwtecp.default\SearchPlugins\SearchResults.xml   =>Toolbar.Agent
~ Additionnel:  Scanned in 00mn 21s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Demand  6638080 |  (AllShare) . (...) - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
SR - | Auto 14/09/2009 172032 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 29/03/2013 86752 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 29/03/2013 110816 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 18/02/2011 37664 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/10/2010 345376 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 24/06/2010 233472 |  (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 10/04/2010 135664 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/04/2010 135664 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 08/09/2011 194104 |  (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 07/03/2011 820520 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 03/04/2013 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 03/05/2010 3604720 |  (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SR - | Auto 12/03/2013 559168 |  (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe
SS - | Demand 11/05/2010 390952 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SR - | Auto 19/03/2012 2666880 |  (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
SR - | Auto 22/04/2011 92592 |  (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 03s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by salon at 16/04/2013 12:45:28

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR 
~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by salon at 16/04/2013 12:45:30

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 1441 Legitimates filtered by white list
End of the scan (595 lines in 35mn 19s)(0)