cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.2.8 par Nicolas Coolman, Update du 03/04/2013
Run by Mika�l at 03/04/2013 23:15:40
State : Version � jour.
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 19.0.2 v19.0.2
GCIE: Google Chrome v23.0.1271.97 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : G27FY
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4090 MB (65% free)
System Restore: Activ� (Enable)
System drive C: has 489 GB (71%) free of 685 GB

---\\ Logged in mode
~ Computer Name: UTILISATEUR-PC
~ User Name: Mika�l
~ All Users Names: Mika�l, lolulou, carla, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Mika�l\AppData\Roaming\
~ %Desktop% : C:\Users\Mika�l\Desktop\
~ %Favorites% : C:\Users\Mika�l\Favorites\
~ %LocalAppData% : C:\Users\Mika�l\AppData\Local\
~ %StartMenu% : C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 489 Go of 685 Go)
D:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 8 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/14178
~ Mes musiques (My Musics) : 1/74
~ Mes Videos (My Videos) : 1/76
~ Mes Favoris (My Favorites) : 1/98
~ Mes Documents (My Documents) : 1/9006
~ Mon Bureau (My Desktop) : 0/270
~ Menu demarrer (Programs) : 1/92
~ Hidden Files: Scanned in 00mn 09s



---\\ Processus lanc�s
[MD5.42A126A24F0E0A7E1E3966740E37F112] - (...) -- C:\Users\Mika�l\AppData\Local\tuto4pc_fr_5\upt4pc_fr_5.exe [719720] [PID.3036] =>PUP.Eorezo
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4297136] [PID.2920]
[MD5.77D8E2219CA86043DBCFD9223F2CCF18] - (...) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\HSSModule.exe [285696] [PID.2648]
[MD5.95FB55B85D0AFC0962443808383C5588] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6396416] [PID.1984]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808] [PID.1140]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1528]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.2548]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Mika�l\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G1 - GCS: Preference [User Data\Default] None
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Premier utilisateur" v.ahfgeienlihckogmohjhadlkjgocpleb: { (Activ�)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activ�)
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.7.0.1474, (Activ�)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activ�)
G2 - GCE: Preference [User Data\Default] [bkomkajifikmkfnjgphkjcfeepbnojok] PriceGong v.5.6.2 (Activ�) =>Adware.PriceGong
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.7 (Activ�) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.7.0.1426 (Activ�)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Premier utilisateur" v.ahfgeienlihckogmohjhadlkjgocpleb: { (Activ�)
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.5 (Activ�)
G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activ�)
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.7.0.1474, (Activ�)
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activ�)
G2 - GCE: Preference [User Data\Default] [bkomkajifikmkfnjgphkjcfeepbnojok] PriceGong v.5.6.2 (Activ�) =>Adware.PriceGong
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.7 (Activ�) =>Toolbar.Babylon
G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.7.0.1426 (Activ�)
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Mika�l\AppData\Roaming\Mozilla\Firefox\Profiles\6k6k616d.default\prefs.js
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\search-with-eazelbar.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Mika�l] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Mika�l - 6k6k616d.default] http://www.aol.fr
M2 - MFEP: prefs.js [Mika�l - 6k6k616d.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130402 (.WOT Services Oy.)
M2 - MFEP: prefs.js [Mika�l - 6k6k616d.default\{faf13420-5e24-11e0-80e3-0800200c9a66}] [] Noia 4 v1.8.0 (.Aris.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_29 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\Mika�l\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R3 - URLSearchHook: (no name) [64Bits] - {16CC3586-3547-4025-9E2F-F04C365D8B90} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 07s
~ Nombre de lignes (Lines number): 15363



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Enhancer [64Bits] - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Smart BHO Class [64Bits] - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ BHO: 14 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Mika�l\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Update] . (.Pas de propri�taire - Orange Updater.) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\UpdteApp.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_HSSModule] . (...) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\HSSModule.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [upt4pc_fr_5.exe] . (...) -- C:\Users\Mika�l\AppData\Local\tuto4pc_fr_5\upt4pc_fr_5.exe =>PUP.Eorezo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3683875760-1945671734-1569256913-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Mika�l\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: DAEMON Tools Lite (2).lnk . (...) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (.not file.)
O4 - GS\TaskBar: DAEMON Tools Lite.lnk . (...) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (.not file.)
O4 - GS\TaskBar: Internet Explorer (64-bit) (2).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Adobe Digital Editions 2.0.lnk . (.Adobe Systems Incorporated - Adobe Digital Editions 2.0.) -- C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe
O4 - GS\QuickLaunch: Adobe Digital Editions.lnk . (.Adobe Systems, Inc. - Adobe Digital Editions.) -- C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe
O4 - GS\QuickLaunch: Contenta Converter PREMIUM.lnk . (...) -- C:\Program Files (x86)\ContentaConverter-PREMIUM\contenta-converter.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: SRWare Iron.lnk . (.SRWare - SRWare Iron.) -- C:\Program Files (x86)\SRWare Iron\iron.exe
O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (...) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (.not file.)
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Adobe Digital Editions.lnk . (.Adobe Systems, Inc. - Adobe Digital Editions.) -- C:\Program Files (x86)\Adobe\Adobe Digital Editions\digitaleditions.exe
O4 - GS\Desktop: Bail commercial - Raccourci.lnk . (...) -- C:\Users\Mika�l\Desktop\Bail commercial.wps (.not file.)
O4 - Global Startup: C:\Users\Mika�l\Desktop\Bienvenue sur le site de ColiPoste.url . (...) -- C:\Users\Mika�l\Desktop\Bienvenue sur le site de ColiPoste.url
O4 - Global Startup: C:\Users\Mika�l\Desktop\Blind Valet - Calculateur de structures de blinds et horloge de torurnoi de poker.url . (...) -- C:\Users\Mika�l\Desktop\Blind Valet - Calculateur de structures de blinds et horloge de torurnoi de poker.url
O4 - GS\Desktop: Calculette Orplan.LNK . (...) -- C:\Program Files (x86)\Calculette Orplan\Orpcalc.exe (.not file.)
O4 - GS\Desktop: Enveloppe sans titre.lnk . (...) -- C:\Users\Mika�l\Desktop\Demolition_Company_English\Enveloppe sans titre.wps
O4 - GS\Desktop: EverestPoker.fr.lnk . (...) -- C:\Poker\EverestPoker.fr\casino.exe (.not file.)
O4 - GS\Desktop: Farming Simulator 2011 (2).lnk . (.GIANTS Software GmbH - GIANTS Launcher.) -- C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
O4 - GS\Desktop: Farming Simulator 2011 .lnk . (.GIANTS Software GmbH - GIANTS Launcher.) -- C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
O4 - GS\Desktop: HP ePrintCenter - HP Deskjet 3050A J611 series.lnk . (...) -- C:\Program Files (x86)\HP\HP Deskjet 3050A J611 series\ePrintCenterShortcut.url (.not file.)
O4 - GS\Desktop: HP ePrintCenter - HP Photosmart 5510 series.lnk . (...) -- C:\Program Files (x86)\HP\HP Photosmart 5510 series\ePrintCenterShortcut.url (.not file.)
O4 - GS\Desktop: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop: Logiciel de Connexion Orange.lnk . (...) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\InternetEverywhere.exe
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\photofiltre.exe
O4 - GS\Desktop: SRWare Iron.lnk . (.SRWare - SRWare Iron.) -- C:\Program Files (x86)\SRWare Iron\iron.exe
O4 - GS\Desktop: VirginMega DownloadManager v3.lnk . (...) -- C:\Program Files (x86)\VirginMega DownloadManager v3\VirginMega DownloadManager v3.exe
O4 - GS\Desktop: Winamax Poker.lnk . (...) -- C:\Program Files (x86)\Winamax Poker\Winamax Poker.exe
O4 - GS\Desktop: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
O4 - GS\Desktop: Woodcutter Simulator 2011.lnk . (.ActaLogic - auto update.) -- C:\Program Files (x86)\Woodcutter Simulator 2011\woodcutter2011.exe
O4 - GS\Desktop: Works - Traitement de texte.lnk . (.Microsoft� Corporation - Traitement de texte Microsoft� Works.) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
O4 - GS\Desktop: ?mars ?2013 - Raccourci.lnk - Cl� orpheline
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: SCANIA Truck Driving Simulator.lnk . (.SCS Software - SCANIA Truck Driving Simulator.) -- C:\Program Files (x86)\SCANIA Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 8 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A410FFCE-29FE-42FD-AD23-310A30070882}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F7ACC7-63A1-4CDE-81B9-9F23F7ADF9DF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A410FFCE-29FE-42FD-AD23-310A30070882}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{C3F7ACC7-63A1-4CDE-81B9-9F23F7ADF9DF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A410FFCE-29FE-42FD-AD23-310A30070882}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{C3F7ACC7-63A1-4CDE-81B9-9F23F7ADF9DF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
~ Services: 5 Legitimates Scanned in 00mn 08s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector_startup] (...) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [DealPly] (...) -- C:\Users\Mika�l\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Mika�l\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.5E885A8475F9EB11038C1AFF6036525C] [APT] [HPCustParticipation HP Photosmart 5510 series] (.Hewlett-Packard Co..) -- C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [4238184]
[MD5.00000000000000000000000000000000] [APT] [{0C802213-899E-4949-B0B0-4C628A76B37D}] (...) -- C:\Users\Mika�l\Desktop\Combatarms_eu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FF5B5D8C-2ABC-4685-9A4D-0A8589B4440B}] (...) -- C:\Users\Mika�l\Desktop\Combatarms_eu.exe (.not file.) [0]
~ Scheduled Task: 70 Legitimates Scanned in 00mn 02s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 12 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 63 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD} =>Adware.Boxore
O42 - Logiciel: Calcul mensualisation - (.nounous-infos.) [HKLM][64Bits] -- DreamShield_7293b9b3-b2b7-45f4-8654-2e0569aafbfb
O42 - Logiciel: EUROCLIC - (...) [HKCU][64Bits] -- EUROCLIC
O42 - Logiciel: Hunting Unlimited 2011 - (.Valusoft.) [HKLM][64Bits] -- {8C05030F-1265-4D80-B9A6-F4A7C86ACC61}
O42 - Logiciel: Java(TM) 6 Update 29 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86416029FF}
O42 - Logiciel: McDonald's Fairies - (.Name of your company.) [HKLM][64Bits] -- McDonald's Fairies
O42 - Logiciel: Paie Assistante Maternelle 6.10 - (...) [HKCU][64Bits] -- Paie Assistante Maternelle 6.10
O42 - Logiciel: Protection Civile Simulator 2013 - (...) [HKLM][64Bits] -- THW-Simulator
O42 - Logiciel: SCANIA Truck Driving Simulator 1.0.0 - (.SCS Software.) [HKLM][64Bits] -- SCANIA Truck Driving Simulator
O42 - Logiciel: SRWare Iron 5.0.381 - (.SRWare.) [HKLM][64Bits] -- {C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1
O42 - Logiciel: SkyMonk 2 - (.Skymonk Solutions Limited.) [HKCU][64Bits] -- Skymonk2
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: Woodcutter Simulator 2011 - (...) [HKLM][64Bits] -- Woodcutter Simulator 2011
O42 - Logiciel: Youda Camper - (...) [HKLM][64Bits] -- BFG-Youda Camper
O42 - Logiciel: Youda Farmer 2 Sauver le Village - (...) [HKLM][64Bits] -- Youda Farmer 2 Sauver le Village
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
~ Logic: 147 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\InjectIE]
[HKCU\Software\AppDataLow\Software\addlyrics]
[HKCU\Software\BPama]
[HKCU\Software\Boonty]
[HKCU\Software\Calcul Mensualisation]
[HKCU\Software\Crenetic GmbH Studios]
[HKCU\Software\Lazy Turtle Games]
[HKCU\Software\MicroApp]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Tutorials]
[HKCU\Software\Yummy Interactive, Inc.]
[HKLM\Software\IB Updater]
[HKLM\Software\LKSoft]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\WNLT]
[HKLM\Software\Wow6432Node\Crenetic GmbH Studios]
[HKLM\Software\Wow6432Node\FirstSearch]
[HKLM\Software\Wow6432Node\GameInstaller]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Installation de ASA 8.02]
[HKLM\Software\Wow6432Node\Name of your company]
[HKLM\Software\Wow6432Node\SoftwareUpdater]
[HKLM\Software\Wow6432Node\Software]
[HKLM\Software\Wow6432Node\Trymedia Systems] =>Adware.Trymedia
[HKLM\Software\Wow6432Node\Valusoft]
~ Key Software: 274 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/02/2013 - 16:46:56 - [0] ----D C:\Program Files (x86)\GUM3B13.tmp
O43 - CFD: 06/02/2013 - 09:49:46 - [0] ----D C:\Program Files (x86)\GUM4C4A.tmp
O43 - CFD: 23/11/2012 - 22:49:55 - [940,486] ----D C:\Program Files (x86)\Hunting Unlimited 2011
O43 - CFD: 18/02/2013 - 19:36:09 - [29,989] ----D C:\Program Files (x86)\McDonaldsFairies
O43 - CFD: 25/04/2012 - 09:37:26 - [376,368] ----D C:\Program Files (x86)\Picture It! Premium 10
O43 - CFD: 07/04/2012 - 14:00:51 - [3,767] ----D C:\Program Files (x86)\RealArcade
O43 - CFD: 02/03/2013 - 13:05:22 - [1854,639] ----D C:\Program Files (x86)\SCANIA Truck Driving Simulator
O43 - CFD: 13/03/2013 - 21:12:19 - [56,092] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 03/12/2011 - 10:20:22 - [47,206] ----D C:\Program Files (x86)\SRWare Iron
O43 - CFD: 06/01/2013 - 16:27:22 - [950,435] ----D C:\Program Files (x86)\Tradewest
O43 - CFD: 27/11/2012 - 19:14:01 - [623,944] ----D C:\Program Files (x86)\Woodcutter Simulator 2011
O43 - CFD: 13/05/2012 - 16:53:29 - [13,498] ----D C:\Program Files (x86)\Youda Camper
O43 - CFD: 28/04/2012 - 11:56:24 - [110,232] ----D C:\Program Files (x86)\Youda Farmer 2 Sauver le Village
O43 - CFD: 13/03/2013 - 23:25:59 - [0,025] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 23/11/2012 - 23:00:49 - [0,035] ----D C:\Users\Mika�l\AppData\Roaming\HU2011
O43 - CFD: 03/12/2011 - 02:33:39 - [0,001] ----D C:\Users\Mika�l\AppData\Roaming\Lazy Turtle Games
O43 - CFD: 03/12/2011 - 03:34:40 - [0,033] ----D C:\Users\Mika�l\AppData\Roaming\LKSoft
O43 - CFD: 03/12/2011 - 03:34:41 - [0,027] ----D C:\Users\Mika�l\AppData\Roaming\SecretIslandFranc
O43 - CFD: 03/12/2011 - 02:35:09 - [0,005] ----D C:\Users\Mika�l\AppData\Roaming\SunRay Games
O43 - CFD: 13/10/2012 - 16:39:00 - [0,007] ----D C:\Users\Mika�l\AppData\Roaming\SUPERAntiSpyware.com
O43 - CFD: 28/02/2013 - 21:35:40 - [32,176] ----D C:\Users\Mika�l\AppData\Local\Skymonk2
O43 - CFD: 06/01/2013 - 16:29:56 - [0] ----D C:\Users\Mika�l\AppData\Local\THW-Simulator
O43 - CFD: 03/04/2013 - 23:00:02 - [13,938] ----D C:\Users\Mika�l\AppData\Local\tuto4pc_fr_5 =>PUP.Eorezo
O43 - CFD: 03/12/2011 - 02:32:55 - [0,000] ----D C:\Users\Mika�l\AppData\Local\Yummy
O43 - CFD: 07/10/2012 - 13:57:36 - [0,008] ----D C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calcul mensualisation
O43 - CFD: 03/12/2011 - 02:35:05 - [0,003] ----D C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eternity
O43 - CFD: 03/12/2011 - 02:35:05 - [0,004] ----D C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystic Diary - Le Frere Perdu
O43 - CFD: 03/12/2011 - 02:35:05 - [0,004] ----D C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paie Assistante Maternelle
O43 - CFD: 06/01/2013 - 16:28:51 - [0,004] ----D C:\Users\Mika�l\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tradewest
~ 1305 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1711 Legitimates Scanned in 00mn 07s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.A82023B07161EB6D583991BB3A6B8A0B] - 03/04/2013 - 11:26:38 ---A- . (...) -- C:\AdwCleaner[S7].txt [2850]
O44 - LFC:[MD5.67D65828216B4A19762FDC3B98ADB238] - 02/04/2013 - 20:28:11 ----- . (...) -- C:\bootsqm.dat [3536]
O44 - LFC:[MD5.999B66F18520EEF12E44EAD5198E8C12] - 02/04/2013 - 15:26:35 ---A- . (...) -- C:\AdwCleaner[S6].txt [2789]
O44 - LFC:[MD5.EF806D212D34B0E173BAEB3564D53E37] - 27/03/2013 - 14:45:19 RSHAD . (.MCCI - SAMSUNG USB Mobile Device.) -- C:\Windows\System32\Drivers\ss_bbus.sys [127488]
O44 - LFC:[MD5.0C755B4A7F133222F85EDDD54B8CDA37] - 20/03/2013 - 11:10:36 ---A- . (...) -- C:\AdwCleaner[S5].txt [2123]
O44 - LFC:[MD5.293FC4FD3FDA3A745C6CF8A23D18877E] - 19/03/2013 - 19:31:00 ---A- . (...) -- C:\AdwCleaner[S4].txt [2606]
O44 - LFC:[MD5.38C7E535F9AADAF764808112061E1294] - 14/03/2013 - 16:37:24 ---A- . (...) -- C:\AdwCleaner[S3].txt [2026]
O44 - LFC:[MD5.BD68B008ED5D0EE842D3664E45B8F57B] - 14/03/2013 - 00:13:15 ---A- . (...) -- C:\AdwCleaner[S2].txt [2965]
O44 - LFC:[MD5.42203F0C1B2D17AA5F4D4AB11321CEA3] - 13/03/2013 - 17:07:18 ---A- . (...) -- C:\AdwCleaner[S1].txt [99537]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 08/03/2013 - 12:08:24 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.5A018959B7488BE4AC3811F44B864B9E] - 08/03/2013 - 12:08:24 ---A- . (...) -- C:\Windows\diagwrn.xml [2562]
~ Files: 69 Legitimates Scanned in 00mn 03s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.B42611E84EB66D1327407B583524C2E4] - 02/04/2013 - 15:00:32 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-5883DBFB.pf
O45 - LFCP:[MD5.2E8665FC1BCCB598F32EFA0FC4FDC0E3] - 02/04/2013 - 15:31:43 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-91BA0D18.pf
O45 - LFCP:[MD5.4B00838273A933C562A861B9FDB673BC] - 02/04/2013 - 16:26:11 ---A- - C:\Windows\Prefetch\MESSAGECHECK.EXE-0A4C5507.pf
O45 - LFCP:[MD5.F391DBC41E3DA9E175654DFD50149E3B] - 02/04/2013 - 17:27:46 ---A- - C:\Windows\Prefetch\HD-TUNE_HD_TUNE_2.55_ANGLAIS_-C93724D9.pf
O45 - LFCP:[MD5.E9C37BB0F57F19942D98DF8D26CCC45F] - 02/04/2013 - 17:27:47 ---A- - C:\Windows\Prefetch\IS-0M7I3.TMP-E4FD4FF9.pf
O45 - LFCP:[MD5.14C11B3E22E757CC9D6826EA80730BF6] - 02/04/2013 - 17:29:53 ---A- - C:\Windows\Prefetch\PHOTOFILTRE.EXE-545D857E.pf
O45 - LFCP:[MD5.0BCA259907FCE71333A89CB2CEFD5791] - 02/04/2013 - 20:31:51 ---A- - C:\Windows\Prefetch\HDTUNE.EXE-1936DCFE.pf
O45 - LFCP:[MD5.575BC50153CBAF9B1A4CAA65198338CC] - 03/04/2013 - 16:09:49 ---A- - C:\Windows\Prefetch\UPDTEAPP.EXE-8F9042D2.pf
O45 - LFCP:[MD5.CB6BFB5C0C42ECFDC76614D0CB168D4E] - 03/04/2013 - 16:09:58 ---A- - C:\Windows\Prefetch\HSSMODULE.EXE-DBF1BBFF.pf
O45 - LFCP:[MD5.E86E34F88F16CA78E531E570289F2542] - 03/04/2013 - 21:59:55 ---A- - C:\Windows\Prefetch\UPT4PC_FR_5.EXE-2B1DA502.pf
O45 - LFCP:[MD5.7F1C9DB10C15E0919CF62EF2E39CE407] - 03/04/2013 - 22:00:02 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.EXE-3A37F491.pf
O45 - LFCP:[MD5.C54BB94BDD3988F20955F02B80BBD84C] - 28/03/2013 - 20:18:44 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-61C0235F.pf
O45 - LFCP:[MD5.7BC2A734520BC770E0D4BA38CC8E365C] - 28/03/2013 - 20:29:37 ---A- - C:\Windows\Prefetch\FACEBOOKVIDEOCALLING.EXE-EBA8441D.pf
O45 - LFCP:[MD5.B36028D01D7D9ACA338F67E77300BB53] - 29/03/2013 - 08:03:36 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-1A1640AB.pf
O45 - LFCP:[MD5.B20488129C69A98C987807F7EFCA33D6] - 29/03/2013 - 08:17:18 ---A- - C:\Windows\Prefetch\SERVICES.EXE-7FDA2469.pf
O45 - LFCP:[MD5.11059325E2CF05C154BAEFA0C91D0693] - 29/03/2013 - 19:15:22 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-F1A71D2C.pf
O45 - LFCP:[MD5.92A7FF5D85CB4013B1DF368DA45B2B85] - 29/03/2013 - 19:21:02 ---A- - C:\Windows\Prefetch\WKDSTORE.EXE-83BC2191.pf
O45 - LFCP:[MD5.FDA2B1697B4CB188C29FCF60CE1C93E1] - 29/03/2013 - 19:25:44 ---A- - C:\Windows\Prefetch\WKGDCACH.EXE-B4060CD6.pf
O45 - LFCP:[MD5.5E2EAAC28CC49C6A0CC2ECA862EDD8F1] - 29/03/2013 - 19:25:44 ---A- - C:\Windows\Prefetch\WKSWP.EXE-DC4AE736.pf
O45 - LFCP:[MD5.E4312481039464E52AB58723CC4CA6A9] - 30/03/2013 - 08:29:54 ---A- - C:\Windows\Prefetch\HPSWP_CLIPBOOK.EXE-54D7BE1C.pf
O45 - LFCP:[MD5.A0C186270EE80F0D0B2D75BBD4CD98F0] - 30/03/2013 - 15:51:34 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013PATCH1.4I-0DA8E558.pf
O45 - LFCP:[MD5.34D53A219FF471ACCC8CF7C853986455] - 30/03/2013 - 15:51:34 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013PATCH1.4I-93979B32.pf
O45 - LFCP:[MD5.A49A80399C433A62BCFD33689FA4B9EE] - 30/03/2013 - 15:51:39 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013PATCH1.4I-88766878.pf
O45 - LFCP:[MD5.3D0328E805DB940954F3535289EAC685] - 30/03/2013 - 15:51:40 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013PATCH1.4I-192689BD.pf
O45 - LFCP:[MD5.F0765999BB114E03CC4C20E31DC526BF] - 30/03/2013 - 16:29:34 ---A- - C:\Windows\Prefetch\MAJT4PC_FR.TMP-102D37E6.pf
O45 - LFCP:[MD5.4DBEFC0C62CDFA9BB2BA1D4F1BE0644A] - 31/03/2013 - 07:40:58 ---A- - C:\Windows\Prefetch\CDSTART.EXE-5975419D.pf
O45 - LFCP:[MD5.9B7F335316E92BFBF9BEBE4AD796BF7B] - 31/03/2013 - 07:41:02 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013GAME.EXE-A2D25C24.pf
O45 - LFCP:[MD5.0A309B83514A6D8864DD00640DE220AF] - 31/03/2013 - 07:41:04 ---A- - C:\Windows\Prefetch\FARMINGSIMULATOR2013.EXE-8C15D282.pf
O45 - LFCP:[MD5.9738E4F881D6EB2981480D267AA562F0] - 31/03/2013 - 09:54:58 ---A- - C:\Windows\Prefetch\YOUDA FARMER 2 - SAUVER LE VI-373C2F47.pf
~ Prefetcher: 156 Legitimates Scanned in 00mn 00s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{17d69ad6-e62b-11e1-a8eb-806e6f6e6963}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
O51 - MPSK:{2d1bd4cf-d4fb-11de-8f74-806e6f6e6963}\AutoRun\command. (...) -- D:\cdstart.exe (.not file.)
O51 - MPSK:{4f37b820-180b-11e1-9c92-00262d68407f}\AutoRun\command. (...) -- E:\cdstart.exe (.not file.)
O51 - MPSK:{64f50d90-1d2e-11e1-8c7a-806e6f6e6963}\AutoRun\command. (...) -- E:\cdstart.exe (.not file.)
O51 - MPSK:{ad68f1c2-0dd0-11e1-9099-00262d68407f}\AutoRun\command. (...) -- E:\cdstart.exe (.not file.)
O51 - MPSK:{ca786d0c-96ab-11e2-9bc3-00262d68407f}\AutoRun\command. (...) -- F:\VTP_Manager.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\PCSpeedUp [Key] . (...) -- C:\Program Files (x86)\Accelerer PC\PCSUNotifier.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Start_Icon225_IEWLauncher [Key] . (...) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\IEWLauncher.exe
O53 - SMSR:HKLM\...\startupreg\Start_SMSNotifier [Key] . (.Pas de propri�taire - Orange SMS.) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\SMSNotifier.exe
O53 - SMSR:HKLM\...\startupreg\Start_Statistics [Key] . (...) -- C:\Program Files (x86)\Orange\Logiciel de Connexion Orange\HuaweiE1752\OrangeStats.exe
O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (...) -- C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
~ SMSR Keys: 28 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.5D4529AC4156E16BEDB01441AE0CF984] - 08/07/2009 - 17:49:16 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athrx.sys [1484800]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 02/04/2013 - 17:27:23 ---A- C:\Users\Mika�l\Downloads\hd-tune_hd_tune_2.55_anglais_12775.exe [642632]
O61 - LFC: 03/04/2013 - 14:48:55 ---A- C:\Users\Mika�l\Downloads\ccsetup400.exe [4316280]
O61 - LFC: 03/04/2013 - 14:53:22 ---A- C:\Users\Mika�l\AppData\Local\Chromium\User Data\Default\History [110592]
O61 - LFC: 03/04/2013 - 14:55:02 ---A- C:\Users\Mika�l\Documents\save ccleaner\cc_20130403_155448.reg [9830]
O61 - LFC: 03/04/2013 - 21:59:51 ---A- C:\Users\Mika�l\AppData\Local\tuto4pc_fr_5\Download\majt4pc_fr.exe [2011848] =>PUP.Eorezo
O61 - LFC: 03/04/2013 - 22:00:02 ---A- C:\Users\Mika�l\AppData\Local\tuto4pc_fr_5\upt4pc_fr_5.cyp [0] =>PUP.Eorezo
O61 - LFC: 31/03/2013 - 09:55:15 ---A- C:\Users\Mika�l\AppData\Roaming\YoudaGames\YoudaFarmer_2\save\Storage_YoudaFarmer_2_v100.txt [772996]
~ 20 Fichiers temporaires (Temporary files)
~ Files: 30 Legitimates Scanned in 00mn 20s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 77 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Mika�l - 6k6k616d.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {BE28C22E-F666-424d-B5FD-125C4AFEE34E} - (Chercher) - http://search.myheritage.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.24CEEF8B33C9B234014C6A1F7634B5D5] [SPRF][25/03/2013] (...) -- C:\Users\Mika�l\AppData\Roaming\wklnhst.dat [25244]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{27F33210-2CDA-4062-B11E-A74F1E3618C2}" | In - Public - P6 - TRUE | .(.ActaLogic - auto update.) -- C:\Program Files (x86)\Woodcutter Simulator 2011\iupdate.dll
O87 - FAEL: "{B1C45D6C-2517-4176-BEAB-D38BF97A66FA}" | In - Public - P17 - TRUE | .(.ActaLogic - auto update.) -- C:\Program Files (x86)\Woodcutter Simulator 2011\iupdate.dll
O87 - FAEL: "{1E2B91A4-39D7-40C1-B833-3B1397D21993}" | In - Public - P6 - TRUE | .(.ActaLogic - Woodcutter Simulator 2011.) -- C:\Program Files (x86)\Woodcutter Simulator 2011\woodcutter2011.dll
O87 - FAEL: "{198D7351-75AD-451A-8032-E26BE8C61F6B}" | In - Public - P17 - TRUE | .(.ActaLogic - Woodcutter Simulator 2011.) -- C:\Program Files (x86)\Woodcutter Simulator 2011\woodcutter2011.dll
O87 - FAEL: "TCP Query User{1FB7A448-5A68-420C-8001-E7670A148FFD}C:\program files (x86)\macromedia\dreamweaver 2\dreamweaver.exe" | In - Public - P6 - TRUE | .(.Macromedia, Inc..) -- C:\program files (x86)\macromedia\dreamweaver 2\dreamweaver.exe
O87 - FAEL: "UDP Query User{8D96E0A8-7568-4513-9D67-7661974B0C2C}C:\program files (x86)\macromedia\dreamweaver 2\dreamweaver.exe" | In - Public - P17 - TRUE | .(.Macromedia, Inc..) -- C:\program files (x86)\macromedia\dreamweaver 2\dreamweaver.exe
O87 - FAEL: "TCP Query User{8EAAA86B-8725-4B0E-A80D-7230B50F83CF}C:\program files (x86)\sybase 8.02\win32\dbeng8.exe" | In - Public - P6 - TRUE | .(.iAnywhere Solutions, Inc..) -- C:\program files (x86)\sybase 8.02\win32\dbeng8.exe
O87 - FAEL: "UDP Query User{92AE2608-BFB9-41D4-94DB-85E15202C52D}C:\program files (x86)\sybase 8.02\win32\dbeng8.exe" | In - Public - P17 - TRUE | .(.iAnywhere Solutions, Inc..) -- C:\program files (x86)\sybase 8.02\win32\dbeng8.exe
O87 - FAEL: "TCP Query User{331F6468-134E-4B11-989F-F9EF75AF632A}C:\program files (x86)\thehunter\launcher\launcher.exe" | In - Public - P6 - TRUE | .(.Expansive Worlds - theHunter Launcher.) -- C:\program files (x86)\thehunter\launcher\launcher.exe
O87 - FAEL: "UDP Query User{DCDC661C-DADD-447C-AB4E-26D148682436}C:\program files (x86)\thehunter\launcher\launcher.exe" | In - Public - P17 - TRUE | .(.Expansive Worlds.) -- C:\program files (x86)\thehunter\launcher\launcher.exe
O87 - FAEL: "{4CC33074-92CD-4975-A8D1-EF1E54243E8E}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{260F50DF-6F52-44CD-9452-B485141C6676}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
~ Firewall: 207 Legitimates Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11367 - (03/04/2013)
Cl�s trouv�es (Keys found) : 25
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\AppDataLow\Software\AddLyrics] =>Trojan.AVKill
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Features\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore
[HKLM\Software\Classes\Installer\Products\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD}] =>Adware.Boxore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
~ Additionnel: Scanned in 00mn 25s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "9FEB8FB96CD4CF54A95AB4311193C2DA" . (.Boxore Client.) -- C:\Windows\Installer\{9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD}\boxore.ico =>Adware.Boxore
~ Update Products: 107 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SS - | Auto 03/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 07/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 28/07/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Mika�l at 03/04/2013 23:20:26

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 18 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Mika�l at 03/04/2013 23:20:28

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (764 lines in 04mn 47s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !