cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.3.12 par Nicolas Coolman, Update du 03/04/2013
Run by georges at 04/04/2013 08:04:14
State : Probl�me connexion internet
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Information
~ Processor: x86 Family 6 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 6 GB (44%) free of 15 GB

---\\ Logged in mode
~ Computer Name: GEORGES-42F7196
~ User Name: georges
~ All Users Names: SUPPORT_388945a0, HelpAssistant, georges, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\georges\Application Data\
~ %Desktop% : C:\Documents and Settings\georges\Bureau\
~ %Favorites% : C:\Documents and Settings\georges\Favoris\
~ %LocalAppData% : C:\Documents and Settings\georges\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\georges\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 6 Go of 15 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 21 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 19:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/74
Mes musiques (My Musics) : 2/2 (Modified)
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/82
~ Mon Bureau (My Desktop) : 0/9
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.B4837FE56D76B2E9EA90E5365CF6A2BE] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.1652]
[MD5.C983E62B6FB74457D173BA93F66F6068] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.1920]
[MD5.DF5A3016052755C910A206058B4A1729] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.196]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.300]
[MD5.0FEBE37DB6650FAA5965C00545009D1D] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) -- C:\WINDOWS\system32\nvsvc32.exe [159810] [PID.272]
[MD5.8C91BD35AE9AA8B628EEC5E637BB1D0F] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.1972]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.1864]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2724]
[MD5.C35DA74B42B017D19CBB02863DCAC6E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6440960] [PID.240]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\user.js
M3 - MFPP: Plugins - [georges] -- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\searchplugins\googlefrweb.xml
M3 - MFPP: Plugins - [georges] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M0 - MFSP: prefs.js [georges - 55yaddkr.default] google.fr
M2 - MFEP: prefs.js [georges - 55yaddkr.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 12.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.02.) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 3 Legitimates Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 3 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{3C39FC85-5814-48E7-B633-7A98AB72771D}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 4 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 93.71.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: 4 Legitimates Scanned in 00mn 06s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
~ IE Control Panel: 2 Legitimates Scanned in 00mn 00s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 20 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: NvMixer - (...) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 49 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitTorrent]
[HKCU\Software\InstallCore] =>PUP.InstallCore
~ Key Software: 116 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/08/2012 - 10:27:24 - [54,568] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 29/08/2012 - 10:59:28 - [0,764] ----D C:\Program Files\uTorrent
O43 - CFD: 31/08/2012 - 16:37:26 - [1,521] ----D C:\Program Files\TimeAdjuster
O43 - CFD: 29/08/2012 - 10:58:38 - [1,614] ----D C:\Documents and Settings\georges\Application Data\uTorrent
O43 - CFD: 31/08/2012 - 16:37:28 - [0,012] ----D C:\Documents and Settings\georges\Menu D�marrer\Programmes\TimeAdjuster
~ Program Folder: 81 Legitimates Scanned in 00mn 01s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.9E0D22B9A8B99749D0435577D2AB82ED] - 04/04/2013 - 05:17:22 ----- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.846B48B93D641D83793B6F240B195E9B] - 04/04/2013 - 05:17:16 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [88566]
O44 - LFC:[MD5.D2A9A87DD75EE300A7EDFA07E6D3BB15] - 03/04/2013 - 23:55:40 ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 02/04/2013 - 10:47:58 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [116]
~ Files: 19 Legitimates Scanned in 01mn 56s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.824F30AEF788F3AC8DDC413B15C48BBD] - 04/04/2013 - 06:53:16 ---A- - C:\WINDOWS\Prefetch\NS74.TMP-1F23EEE8.pf
O45 - LFCP:[MD5.46DB065972C1C4174AA9CDE127C05888] - 04/04/2013 - 06:56:24 ---A- - C:\WINDOWS\Prefetch\REGCLEANR.EXE-03D19C9C.pf
~ Prefetcher: 22 Legitimates Scanned in 00mn 00s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent Inc..) -- C:\Program Files\uTorrent\uTorrent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ma-config.com\maconfservice.exe" [Enabled] .(...) -- C:\Program Files\ma-config.com\maconfservice.exe (.not file.)
~ Keys Export: 7 Legitimates Scanned in 00mn 00s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 12 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\CTFMON.EXE [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O53 - SMSR:HKLM\...\startupreg\FlashPlayerUpdate [Key] . (...) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\NVMixerTray [Key] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O53 - SMSR:HKLM\...\startupreg\nwiz [Key] . (...) -- C:\WINDOWS\system32\nwiz.exe
~ SMSR Keys: 10 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
~ MWPS: 5 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
~ MWPE Keys: 4 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 06/09/2002 - 23:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 06/09/2002 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/04/2013 - 11:01:40 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\5280fda36dfc19bc0a061550bd2a36e4_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 11:02:44 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\21e2d60a365964b60ad658547159c963_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 11:38:10 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-01.json [21289]
O61 - LFC: 01/04/2013 - 11:56:54 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\276bba25de96fa7a69baf113223e4daa_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 13:53:08 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\19552a196d09ee7adc2a0e07925ee167_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 13:55:10 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\33a8ac8573ad2174f25989af23113bab_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 14:00:04 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\ceb0c4a7e776d8d3d9549f494d22aaf9_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 22:30:30 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\995058dfa1ee8f6b2369d9f7fd063ff5_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 22:30:56 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\607fac5babf99dfbb97409d852ecf05d_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 01/04/2013 - 23:41:58 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-02.json [21289]
O61 - LFC: 02/04/2013 - 00:45:32 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\35f4a87f38d38294bd81b4a4fe3fe7a9_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:45:48 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\76b7e4a330a0efb2a9df2ed5fedd9201_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:47:38 ----- C:\Documents and Settings\georges\Mes documents\T�l�chargements\Ze live 2DVD.torrent [50869]
O61 - LFC: 02/04/2013 - 00:47:44 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\2c24335c35f67fa9fe1beedc2486ac50_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 00:47:54 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\b467fece6ce3ab160806205bef72cb7a_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 08:50:58 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Media Player\03B3C69D.wpl [154]
O61 - LFC: 02/04/2013 - 10:49:50 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Movie Maker\MEDIATAB0.DAT [8704]
O61 - LFC: 02/04/2013 - 11:06:06 ---A- C:\Documents and Settings\georges\Application Data\Microsoft\Windows\Themes\Custom.theme [8137]
O61 - LFC: 02/04/2013 - 22:02:46 ---A- C:\Documents and Settings\georges\Local Settings\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\startupCache\startupCache.4.little [1637115]
O61 - LFC: 02/04/2013 - 23:18:10 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\6b10b15a27ced532d39c7b191dc6a5bb_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 02/04/2013 - 23:33:08 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-03.json [21289]
O61 - LFC: 03/04/2013 - 14:09:06 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\blocklist.xml [58746]
O61 - LFC: 03/04/2013 - 14:12:32 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\addons.sqlite [524288]
O61 - LFC: 03/04/2013 - 19:23:58 ---A- C:\Documents and Settings\georges\Application Data\dvdcss\CACHEDIR.TAG [203]
O61 - LFC: 03/04/2013 - 19:38:56 ---A- C:\Documents and Settings\georges\Application Data\vlc\ml.xspf [304]
O61 - LFC: 03/04/2013 - 19:38:56 ---A- C:\Documents and Settings\georges\Application Data\vlc\vlcrc [80077]
O61 - LFC: 03/04/2013 - 21:29:20 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\mimeTypes.rdf [32232]
O61 - LFC: 03/04/2013 - 21:29:22 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\86da4b0483db1143fc07644c2ed5fbdd_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 03/04/2013 - 23:55:26 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bookmarkbackups\bookmarks-2013-04-04.json [21289]
O61 - LFC: 04/04/2013 - 05:36:26 ----- C:\Documents and Settings\georges\Mes documents\T�l�chargements\[www.Cpasbien.me] Californication.S06E12.FiNAL.FASTSUB.VOSTFR.HDTV.XviD-TFTD.torrent [19866]
O61 - LFC: 04/04/2013 - 05:36:34 -S-A- C:\Documents and Settings\georges\Application Data\Microsoft\Crypto\RSA\S-1-5-21-602162358-484763869-682003330-1003\fc851e10b4c8bf2b34d8a35e07c32fd5_c618d82d-ab18-45f0-9a7b-71110769a3d1 [1305]
O61 - LFC: 04/04/2013 - 05:41:08 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\permissions.sqlite [1769472]
O61 - LFC: 04/04/2013 - 05:57:12 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht.dat [4378]
O61 - LFC: 04/04/2013 - 05:57:12 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\dht_feed.dat [2]
O61 - LFC: 04/04/2013 - 05:57:12 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\rss.dat [99]
O61 - LFC: 04/04/2013 - 05:57:12 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\settings.dat [122500]
O61 - LFC: 04/04/2013 - 05:57:20 ---A- C:\Documents and Settings\georges\Application Data\uTorrent\resume.dat [99]
O61 - LFC: 04/04/2013 - 06:53:36 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-media-lists.rdf [520]
O61 - LFC: 04/04/2013 - 06:53:36 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\dh-smart-names.rdf [61516]
O61 - LFC: 04/04/2013 - 06:53:40 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cert8.db [180224]
O61 - LFC: 04/04/2013 - 06:53:40 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\key3.db [16384]
O61 - LFC: 04/04/2013 - 06:53:42 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\content-prefs.sqlite [229376]
O61 - LFC: 04/04/2013 - 06:53:42 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite [1048576]
O61 - LFC: 04/04/2013 - 06:53:58 ---A- C:\Documents and Settings\georges\UserData\index.dat [32768]
O61 - LFC: 04/04/2013 - 06:53:58 -SHA- C:\Documents and Settings\georges\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat [32768]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\1cfw40a2.default-1364231546734\places.sqlite [10485760]
O61 - LFC: 04/04/2013 - 06:54:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr(2).default\places.sqlite [10485760]
O61 - LFC: 04/04/2013 - 06:59:38 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-shm [32768]
O61 - LFC: 04/04/2013 - 06:59:38 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\cookies.sqlite-wal [590288]
O61 - LFC: 04/04/2013 - 06:59:38 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-shm [32768]
O61 - LFC: 04/04/2013 - 06:59:38 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webapps\webapps.json [2]
O61 - LFC: 04/04/2013 - 06:59:40 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\urlclassifierkey3.txt [154]
O61 - LFC: 04/04/2013 - 06:59:48 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\webappsstore.sqlite [851968]
O61 - LFC: 04/04/2013 - 07:00:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\formhistory.sqlite [196608]
O61 - LFC: 04/04/2013 - 07:00:00 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\signons.sqlite [327680]
O61 - LFC: 04/04/2013 - 07:00:08 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\prefs.js [8129]
O61 - LFC: 04/04/2013 - 07:00:38 ---A- C:\Documents and Settings\georges\Bureau\scan.lnk [2451]
O61 - LFC: 04/04/2013 - 07:03:12 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\downloads.sqlite [98304]
O61 - LFC: 04/04/2013 - 07:03:12 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite [10485760]
O61 - LFC: 04/04/2013 - 07:03:12 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\places.sqlite-wal [295160]
O61 - LFC: 04/04/2013 - 07:03:18 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\sessionstore.js [154395]
O61 - LFC: 04/04/2013 - 07:03:26 ---A- C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\localstore.rdf [15161]
O61 - LFC: 04/04/2013 - 07:04:02 -SHA- C:\Documents and Settings\georges\IETldCache\index.dat [262144]
~ 1 Fichiers cookies (Cookies files)
~ Files: 86 Legitimates Scanned in 00mn 36s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 111 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\WINDOWS\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 40 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.1A790BCC6FC053C1891004F9C75CF3A9] [SPRF][04/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\georges\Bureau\ZHPDiag2.exe [5522970]
[MD5.3BDA066522997F22134E488ECC6A6CB0] [SPRF][29/08/2012] (.NVIDIA Corporation - Pas de description.) -- C:\Documents and Settings\georges\Bureau\nForce_5.10_WinXP2K_WHQL_international.exe [32064469]
~ Files: Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11376 - (03/04/2013)
Cl�s trouv�es (Keys found) : 4
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 1

[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Documents and Settings\georges\Application Data\Mozilla\Firefox\Profiles\55yaddkr.default\bprotector_extensions.sqlite =>PUP.BProtector
~ Additionnel: Scanned in 00mn 14s



---\\ Product Upgrade Codes (O90)
~ Update Products: 12 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 21/07/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 10/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 22/10/2006 159810 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
~ Services: Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by georges at 04/04/2013 08:07:47

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 nt!IofCallDriver[0x804E37D5] >> \Device\Harddisk0\DR0[0x8675CAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by georges at 04/04/2013 08:07:49

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (579 lines in 03mn 34s)(0)

Publicité


Signaler le contenu de ce document

Publicité