cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.29.177 par Nicolas Coolman, Update du 29/04/2013
Run by ANTOINE at 30/04/2013 17:04:00
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 20.0.1

---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System Protection
avast! Free Antivirus v8.0.1483.0
PC Tools Firewall Plus 7.0 v7.0
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.50

---\\ System Optimizer
CCleaner v4.01

---\\ Peer To Peer (P2P)
�Torrent v3.3.0.29544

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (67% free)
System Restore: Activ� (Enable)
System drive C: has 48 GB (16%) free of 295 GB

---\\ Logged in mode
~ Computer Name: TOUTOUNE
~ User Name: ANTOINE
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, ANTOINE, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\ANTOINE\Application Data\
~ %Desktop% : C:\Documents and Settings\ANTOINE\Bureau\
~ %Favorites% : C:\Documents and Settings\ANTOINE\Favoris\
~ %LocalAppData% : C:\Documents and Settings\ANTOINE\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\ANTOINE\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 295 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 28 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/2086
~ Mes musiques (My Musics) : 1/776
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/20697
~ Mon Bureau (My Desktop) : 1/12553
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 39s



---\\ Processus lanc�s
[MD5.43E17DA549BC8219EEE90AA9C6480AAA] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [643072] [PID.1300]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.2000]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1840]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1860]
[MD5.F7D68D8E70EA376713A39395664793CA] - (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752] [PID.1916]
[MD5.E6A2593AD58D205535F5BA0AEB231DC1] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.1932]
[MD5.54C5FCD5500F862B4572C4960265C9F1] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.1992]
[MD5.6A8BC204BC31E7CFDD1373CDB247A36C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16132608] [PID.2016]
[MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.136]
[MD5.7599B51C870EE3A1B26789FF40BF28D7] - (.PC Tools - PC Tools Firewall GUI.) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2672600] [PID.244]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304] [PID.2028]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.444]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.460]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.628]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.640]
[MD5.02B1721DA59C382F6F1C206B38E354C0] - (...) -- C:\Program Files\media center Bouygues Telecom\MediaServer.exe [1437480] [PID.692]
[MD5.7D384D0F31CB8854F50677599A041774] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Documents and Settings\ANTOINE\Application Data\Spotify\Data\SpotifyWebHelper.exe [1199000] [PID.796]
[MD5.F2267077187908ECF75B594EB2B7BDBE] - (...) -- C:\Program Files\media center Bouygues Telecom\media center\external\MediaServerTray.exe [638312] [PID.1352]
[MD5.386F3F1AD783F3312C057FB8699AE09B] - (.Intel Corporation - Intel� PROSet Monitoring Service.) -- C:\WINDOWS\system32\IProsetMonitor.exe [132768] [PID.3344]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.3496]
[MD5.86D511370A217B554916E3A45D091042] - (.PC Tools - PC Tools Firewall Plus service.) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe [286000] [PID.1680]
[MD5.6BF6E5FAD331DF37728A234DAC17FE34] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587472] [PID.2528]
[MD5.E46B17060D3962A384AE484094614788] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.824]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.3136]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe [920472] [PID.3968]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe [17304] [PID.3600]
[MD5.76B5DBAFD3E49DF607D0556018336AEF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7089152] [PID.2972]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3232]
~ Processes Running: Scanned in 00mn 01s



---\\ Opera, Plugins,D�marrage,Recherche (P1,B0,B1)
B1 - OSP: search.ini [ANTOINE] URL=http://www.bing.com/search?q=%s&form=OPRTSD&pc=OPER
B1 - OSP: search.ini [ANTOINE] URL=http://redir.opera.com/amazon
B1 - OSP: search.ini [ANTOINE] URL=http://redir.opera.com/ebay
B1 - OSP: search.ini [ANTOINE] URL=http://redir.opera.com/ask
B1 - OSP: search.ini [ANTOINE] URL=http://yahoo.opera.com/search
B1 - OSP: search.ini [ANTOINE] URL=http://fr.wikipedia.org/wiki/Special:Search?search=%s
B1 - OSP: search.ini [ANTOINE] URL=
B1 - OSP: search.ini [ANTOINE] URL=
~ Opera Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\prefs.js
M2 - MFEP: prefs.js [ANTOINE - p4un91ma.default\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}] [] Forecastfox v2.2.2 (..)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Amazon.com, Inc. - Amazon MP3 Downloader Plugin 1.0.17.) (No version) -- (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 15330



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [USBToolTip] . (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe
O4 - HKLM\..\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [00PCTFW] . (.PC Tools - PC Tools Firewall GUI.) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Documents and Settings\ANTOINE\Application Data\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1004336348-1284227242-839522115-1004\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1004336348-1284227242-839522115-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-1284227242-839522115-1004\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Documents and Settings\ANTOINE\Application Data\Spotify\Data\SpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Bridge.lnk . (.Adobe Systems, Inc. - Adobe Bridge.) -- C:\Program Files\Adobe\Adobe Bridge\Bridge.exe
O4 - GS\Programs: Adobe Help Center.lnk . (.Adobe Systems Incorporated - Pas de description.) -- C:\Program Files\Adobe\Adobe Help Center\ahc.exe
O4 - GS\Programs: Adobe ImageReady CS2.lnk . (.Adobe Systems Incorporated - ImageReady CS2.) -- C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Audacity.lnk . (.The Audacity Team - Audacity�, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity\audacity.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\QuickLaunch: Free FLV Converter.lnk . (.Koyote Soft - Tube Finder - Free FLV Converter.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Documents and Settings\ANTOINE\Application Data\Spotify\spotify.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290891324625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347281343312
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} ((no name)) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE81E6C6-9814-45AB-A98A-219824B7CBD5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DE81E6C6-9814-45AB-A98A-219824B7CBD5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{DE81E6C6-9814-45AB-A98A-219824B7CBD5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: media center Bouygues Telecom (BytelMediaServer) . (...) - C:\Program Files\media center Bouygues Telecom\MediaServer.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) . (.PC Tools - PC Tools Firewall Plus service.) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield (ST2012_Svc) . (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) - C:\Program Files\Spyware Terminator\st_rsser.exe
~ Services: 13 Legitimates Filtered in 00mn 18s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
~ Drivers: 60 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: 32 bit Windows Card Reader Driver - (.TEAC.) [HKLM] -- {CE6DEE87-1C87-42ED-A108-7369BFE9076F}
O42 - Logiciel: Artisteer 3 - (.Extensoft.) [HKLM] -- Artisteer 3
O42 - Logiciel: Free Video to Flash Converter version 4.1 - (.DVD Video Soft Limited..) [HKLM] -- Free Video to Flash Converter_is1
O42 - Logiciel: MultiRes (remove only) - (...) [HKLM] -- MultiRes (remove only)
O42 - Logiciel: The Hat 2.4 - (...) [HKLM] -- The Hat_is1
~ Logic: 150 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amazon]
[HKCU\Software\Harmony Hollow]
[HKCU\Software\PCTools]
[HKLM\Software\Amazon]
[HKLM\Software\PCTools]
[HKLM\Software\TEAC]
~ Key Software: 271 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/02/2013 - 18:56:13 - [6,585] ----D C:\Program Files\Amazon
O43 - CFD: 26/10/2012 - 23:06:45 - [133,055] ----D C:\Program Files\Artisteer 3
O43 - CFD: 29/11/2010 - 01:54:14 - [0,113] ----D C:\Program Files\MultiRes
O43 - CFD: 29/05/2011 - 21:28:00 - [0,000] ----D C:\Program Files\Nimblesoft
O43 - CFD: 01/01/2011 - 16:14:50 - [3,012] ----D C:\Program Files\The Hat
O43 - CFD: 15/03/2012 - 19:55:53 - [0,138] ----D C:\Program Files\UltraMixer
O43 - CFD: 16/09/2012 - 18:30:47 - [3,479] ----D C:\Program Files\uTIPu
O43 - CFD: 29/05/2011 - 21:25:25 - [0] ----D C:\Program Files\XBList
O43 - CFD: 30/04/2011 - 12:51:55 - [0,016] ----D C:\Documents and Settings\All Users\Kamzy
O43 - CFD: 19/02/2013 - 18:56:33 - [0,010] ----D C:\Documents and Settings\ANTOINE\Application Data\Amazon
O43 - CFD: 18/06/2012 - 19:13:32 - [20,611] ----D C:\Documents and Settings\ANTOINE\Application Data\Artisteer
O43 - CFD: 08/10/2011 - 21:56:20 - [0,000] ----D C:\Documents and Settings\ANTOINE\Application Data\com.bytel.mediacenter
O43 - CFD: 07/01/2011 - 01:33:50 - [0,000] ----D C:\Documents and Settings\ANTOINE\Application Data\PCToolsFirewallPlus
O43 - CFD: 16/09/2012 - 17:56:13 - [0] ----D C:\Documents and Settings\ANTOINE\Application Data\TVRR
O43 - CFD: 29/05/2011 - 21:24:28 - [0,012] ----D C:\Documents and Settings\ANTOINE\Application Data\XBList
O43 - CFD: 15/12/2010 - 23:34:39 - [0,005] ----D C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Eggiz
O43 - CFD: 16/09/2012 - 18:26:48 - [0,004] ----D C:\Documents and Settings\ANTOINE\Local Settings\Application Data\uTIPu
O43 - CFD: 29/05/2011 - 21:22:38 - [0] ----D C:\Documents and Settings\ANTOINE\Local Settings\Application Data\XBList
~ Program Folder: 235 Legitimates Filtered in 02mn 01s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.4903519291F81515CBEE8531ACBCB374] - 30/04/2013 - 15:31:18 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.0950479FD62026CAED8C0B708C16F455] - 30/04/2013 - 15:31:17 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.FA898436A6A1492AA4FE66C73CB38A35] - 30/04/2013 - 12:32:07 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [135]
O44 - LFC:[MD5.C26409F2E8624B6EFDE4EC33F7273314] - 30/04/2013 - 11:58:21 ---A- . (...) -- C:\WINDOWS\system32\BytelMediaCenter.log [747881]
O44 - LFC:[MD5.C4B903B4439323CD167AD0BF05CB0696] - 21/04/2013 - 08:30:01 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_21-b11.log [4043]
~ Files: 18 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.45455BC65AAA82BE8892F7C9B4D74F0A] - 28/04/2013 - 09:44:57 ---A- - C:\WINDOWS\Prefetch\FLVEXTRACT.EXE-2ADB455E.pf
O45 - LFCP:[MD5.EED31CEB512CA324DD33963D721F831D] - 28/04/2013 - 10:00:04 ---A- - C:\WINDOWS\Prefetch\STUDIO.EXE-1AA45BD6.pf
O45 - LFCP:[MD5.33AB414EA0FF72463A17732E7C21617F] - 28/04/2013 - 10:00:14 ---A- - C:\WINDOWS\Prefetch\PIXIETOOL.EXE-01605E34.pf
O45 - LFCP:[MD5.9AF273FCC8362D3F16E597DD00FFBA28] - 28/04/2013 - 10:00:19 ---A- - C:\WINDOWS\Prefetch\PER.EXE-0789D0CD.pf
O45 - LFCP:[MD5.76B16C2E525B3C5BC04480EE81CEAD3B] - 28/04/2013 - 10:00:23 ---A- - C:\WINDOWS\Prefetch\UMI.EXE-11F2005F.pf
O45 - LFCP:[MD5.4BA256E90922084A59232D674248001D] - 28/04/2013 - 10:00:33 ---A- - C:\WINDOWS\Prefetch\IMPORTER.EXE-129E5BE2.pf
O45 - LFCP:[MD5.32A1CA8FBF78C02DF14C1CFFF2C22CF5] - 28/04/2013 - 10:01:02 ---A- - C:\WINDOWS\Prefetch\UMI.EXE-073973FA.pf
O45 - LFCP:[MD5.5F85DC195714B4D536E2EAB3B202F861] - 30/04/2013 - 14:27:58 ---A- - C:\WINDOWS\Prefetch\NS17C.TMP-017A796B.pf
O45 - LFCP:[MD5.DF204DFF1CF8E767C056DD6B574E437B] - 30/04/2013 - 14:39:21 ---A- - C:\WINDOWS\Prefetch\STREAMTRANSPORT.EXE-2D4228E3.pf
O45 - LFCP:[MD5.27D3BEB9004742087F5C79EBF8AE607E] - 30/04/2013 - 14:39:46 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-1A4A29DE.pf
O45 - LFCP:[MD5.C7A0BE5CA4DB7C01A84F356EBB3F5D01] - 30/04/2013 - 15:31:24 ---A- - C:\WINDOWS\Prefetch\FWSERVICE.EXE-072A5ECF.pf
O45 - LFCP:[MD5.27059B678A1A2F05E1E0EE47C97DBC54] - 30/04/2013 - 15:31:25 ---A- - C:\WINDOWS\Prefetch\ST_RSSER.EXE-2E416919.pf
~ Prefetcher: 89 Legitimates Filtered in 00mn 00s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Spyware Terminator\SpywareTerminator.exe" [Enabled] .(.Crawler.com.) -- C:\Program Files\Spyware Terminator\SpywareTerminator.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" [Enabled] .(.Crawler.com.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O47 - AAKE:Key Export SP - "C:\Program Files\media center Bouygues Telecom\MediaServer.exe" [Enabled] .(.Pas de propri�taire.) -- C:\Program Files\media center Bouygues Telecom\MediaServer.exe
O47 - AAKE:Key Export SP - "C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe" [Enabled] .(...) -- C:\Program Files\uvnc bvba\UltraVNC\winvnc.exe (.not file.)
~ Keys Export: 31 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.FE3EA6E9AFC1A78E6EDCA121E006AFB7] - 10/11/2006 - 14:05:00 ---A- . (.Arcsoft, Inc. - Arcsoft(R) ASPI Shell.) -- C:\WINDOWS\system32\Drivers\afc.sys [18688]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 11:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 27/04/2013 - 23:02:50 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\bookmarkbackups\bookmarks-2013-04-28.json [56115]
O61 - LFC: 28/04/2013 - 10:02:31 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\pluginreg.dat [17495]
O61 - LFC: 28/04/2013 - 10:27:46 ---A- C:\Documents and Settings\ANTOINE\Bureau\BOURGES-MWS\Mika-PDB-France4-MonteLeSon-Celebrate-MWS HD.mp4 [186508140]
O61 - LFC: 28/04/2013 - 23:22:02 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\bookmarkbackups\bookmarks-2013-04-29.json [56115]
O61 - LFC: 29/04/2013 - 10:28:05 ---A- C:\Documents and Settings\ANTOINE\Bureau\BOURGES-MWS\MIKA_-_Popular_Song_ft._Ariana_Grande.mp4 [65765098]
O61 - LFC: 29/04/2013 - 19:27:32 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\addons.sqlite [524288]
O61 - LFC: 29/04/2013 - 19:29:31 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\blocklist.xml [62756]
O61 - LFC: 29/04/2013 - 22:45:16 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\permissions.sqlite [1833984]
O61 - LFC: 30/04/2013 - 12:35:04 ---A- C:\Documents and Settings\ANTOINE\Application Data\vlc\ml.xspf [304]
O61 - LFC: 30/04/2013 - 12:35:04 ---A- C:\Documents and Settings\ANTOINE\Application Data\vlc\vlcrc [83601]
O61 - LFC: 30/04/2013 - 13:40:12 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\bookmarkbackups\bookmarks-2013-04-30.json [56115]
O61 - LFC: 30/04/2013 - 14:30:07 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\places.sqlite [294912]
O61 - LFC: 30/04/2013 - 14:31:17 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\signons.sqlite [327680]
O61 - LFC: 30/04/2013 - 14:31:24 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\downloads.sqlite [98304]
O61 - LFC: 30/04/2013 - 14:37:40 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\formhistory.sqlite [196608]
O61 - LFC: 30/04/2013 - 15:01:33 -SHA- C:\Documents and Settings\ANTOINE\IECompatCache\index.dat [65536]
O61 - LFC: 30/04/2013 - 15:01:33 -SHA- C:\Documents and Settings\ANTOINE\PrivacIE\index.dat [3457024]
O61 - LFC: 30/04/2013 - 15:01:33 -SHA- C:\Documents and Settings\ANTOINE\UserData\index.dat [16384]
O61 - LFC: 30/04/2013 - 15:28:03 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\cert8.db [360448]
O61 - LFC: 30/04/2013 - 15:28:03 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\cookies.sqlite [524288]
O61 - LFC: 30/04/2013 - 15:28:03 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\dh-media-lists.rdf [520]
O61 - LFC: 30/04/2013 - 15:28:03 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\dh-smart-names.rdf [198]
O61 - LFC: 30/04/2013 - 15:28:03 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\key3.db [16384]
O61 - LFC: 30/04/2013 - 15:30:06 -SHA- C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1004336348-1284227242-839522115-1004\Credentials [402]
O61 - LFC: 30/04/2013 - 15:30:22 ---A- C:\Documents and Settings\ANTOINE\Application Data\PCToolsFirewallPlus\FirewallPlugin.dll.txt [0]
O61 - LFC: 30/04/2013 - 15:31:56 ---A- C:\Documents and Settings\ANTOINE\Application Data\PCToolsFirewallPlus\FirewallGUI.exe.txt [248]
O61 - LFC: 30/04/2013 - 15:32:02 ---A- C:\Documents and Settings\ANTOINE\Application Data\PCToolsFirewallPlus\FirewallSDK.dll.gui.txt [0]
O61 - LFC: 30/04/2013 - 15:32:27 ---A- C:\Documents and Settings\ANTOINE\Application Data\PCToolsFirewallPlus\PPManager.txt [2]
O61 - LFC: 30/04/2013 - 15:34:16 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\places.sqlite-shm [32768]
O61 - LFC: 30/04/2013 - 15:34:16 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\webapps\webapps.json [2]
O61 - LFC: 30/04/2013 - 15:34:18 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\cookies.sqlite-shm [32768]
O61 - LFC: 30/04/2013 - 15:34:27 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\urlclassifierkey3.txt [154]
O61 - LFC: 30/04/2013 - 15:34:31 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\webappsstore.sqlite-shm [32768]
O61 - LFC: 30/04/2013 - 15:34:31 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\webappsstore.sqlite-wal [0]
O61 - LFC: 30/04/2013 - 15:34:54 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\prefs.js [38560]
O61 - LFC: 30/04/2013 - 15:47:12 ---A- C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\_CACHE_CLEAN_ [1]
O61 - LFC: 30/04/2013 - 15:48:12 ---A- C:\Documents and Settings\ANTOINE\Recent\dfd289111cd7d6080353febd867ac7e5.lnk [609]
O61 - LFC: 30/04/2013 - 15:48:14 ---A- C:\Documents and Settings\ANTOINE\Bureau\dfd289111cd7d6080353febd867ac7e5.jpeg [13749]
O61 - LFC: 30/04/2013 - 15:48:56 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\places.sqlite-wal [115392]
O61 - LFC: 30/04/2013 - 15:49:09 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\localstore.rdf [22533]
O61 - LFC: 30/04/2013 - 15:51:41 ---A- C:\Documents and Settings\ANTOINE\Local Settings\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\startupCache\startupCache.4.little [81195]
O61 - LFC: 30/04/2013 - 16:03:25 -SHA- C:\Documents and Settings\ANTOINE\IETldCache\index.dat [262144]
O61 - LFC: 30/04/2013 - 16:05:34 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\cookies.sqlite-wal [2128]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcMultiRatingStorage.json [2]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcPhishingStorage.json [2]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcRatingStorage.json [2]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcUserStorage.json [156]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcVotingStorage.json [401]
O61 - LFC: 30/04/2013 - 16:14:35 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\wrcWarningStorage.json [2]
O61 - LFC: 30/04/2013 - 16:19:37 ---A- C:\Documents and Settings\ANTOINE\Application Data\Mozilla\Firefox\Profiles\p4un91ma.default\forecastfox.sqlite [196608]
~ 4 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 132 Legitimates Filtered in 22mn 03s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 07/09/2012 - C:\Program Files\Spyware Terminator\st_rsser.exe (ST2012_Svc) .(.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) - LEGACY_ST2012_SVC
O64 - Services: CurCS - 13/05/2012 - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (wampapache) .(.Apache Software Foundation - Apache HTTP Server.) - LEGACY_WAMPAPACHE
O64 - Services: CurCS - 19/04/2012 - Pas de propri�taire (wampmysqld) .(...) - LEGACY_WAMPMYSQLD
~ Legacy: 164 Legitimates Filtered in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Console Based Script Host.) -- C:\WINDOWS\system32\CScript.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Console Based Script Host.) -- C:\WINDOWS\system32\CScript.exe
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.2432CC35A8EDDDC657CA279A4E24EA19] [SPRF][09/12/2011] (...) -- C:\Documents and Settings\ANTOINE\Local Settings\Application Data\fusioncache.dat [130]
[MD5.FA4B58943C3A031DD0F09618C67AA406] [SPRF][30/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\ANTOINE\Bureau\ZHPDiag2.exe [5618780]
~ Files: Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11773 - (29/04/2013)
Cl�s trouv�es (Keys found) : 3
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
~ Additionnel Scan: 300759 Items scanned in 00mn 21s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "C99A8346E73A85740AEA598F6AA3FA5F" . (..) -- C:\WINDOWS\Installer\{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}\ARPPRODUCTICON.exe
~ Update Products: 115 Legitimates Filtered in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Demand 28/11/2010 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 15/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/11/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Auto 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 1437480 | (BytelMediaServer) . (...) - C:\Program Files\media center Bouygues Telecom\MediaServer.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 28/11/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/11/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 09/11/2011 132768 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) - C:\WINDOWS\system32\IProsetMonitor.exe
SR - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 04/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 13/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 24/01/2011 286000 | (PCToolsFirewallPlus) . (.PC Tools.) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 07/09/2012 587472 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SS - | Demand 13/05/2012 18432 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
SS - | Demand 8177664 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by ANTOINE at 30/04/2013 17:31:46

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1362 Legitimates filtered by white list
End of the scan (596 lines in 27mn 45s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !