cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.4.17 par Nicolas Coolman, Update du 04/04/2013
Run by SANO at 05/04/2013 21:11:38
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 19.0 v19.0
GCIE: Google Chrome v26.0.1410.43

---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Ultimate Edition, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (67% free)
System Restore: Activ� (Enable)
System drive E: has 77 GB (33%) free of 233 GB

---\\ Logged in mode
~ Computer Name: SANO-PC
~ User Name: SANO
~ All Users Names: UpdatusUser, SANO, HomeGroupUser$, cedric test, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : E:\
~ %AppData% : E:\Users\SANO\AppData\Roaming\
~ %Desktop% : E:\Users\SANO\Desktop\
~ %Favorites% : E:\Users\SANO\Favorites\
~ %LocalAppData% : E:\Users\SANO\AppData\Local\
~ %StartMenu% : E:\Users\SANO\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : E:\Windows\
~ %System% : E:\Windows\System32\

---\\ DOS/Devices
D:\ Hard drive, Flash drive, Thumb drive (Free 510 Go of 586 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 77 Go of 233 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- E:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- E:\Windows\System32\Wininit.exe [96256]
[MD5.7FA3A810F383588D46220967DE8B64FF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/11/2012 - 02:57:37.) -- E:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- E:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- E:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- E:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- E:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- E:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- E:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- E:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- E:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- E:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- E:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- E:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- E:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.09/10/2012 - 22:09:33.) -- E:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- E:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- E:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- E:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- E:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- E:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- E:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/8
~ Mes musiques (My Musics) : 1/15
~ Mes Favoris (My Favorites) : 1/27
~ Mes Documents (My Documents) : 2/52
~ Mon Bureau (My Desktop) : 1/33
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- E:\Windows\system32\DllHost.exe [7168] [PID.5800]
[MD5.CC94B2146C58DBD29976AEE9F841E2BA] - (.Nicolas Coolman - ZHPDiag.) -- E:\Program Files\ZHPDiag\ZHPDiag.exe [6471680] [PID.3680]
[MD5.782945716AD010AC3D41758E8E52C735] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 301.4.) -- E:\Windows\system32\nvvsvc.exe [645440] [PID.848]
[MD5.C354621B6B94E10AE7F5CDBE745FEB86] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272] [PID.872]
[MD5.C1F19D2BACBEE9AB64D9AE69E9859AC0] - (.Microsoft Corporation - Antimalware Service Executable.) -- E:\Program Files\Microsoft Security Client\MsMpEng.exe [20456] [PID.984]
[MD5.37F929A6CC3EF6FFACC02F511DD6CBE5] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- E:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [857920] [PID.1544]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.2020]
[MD5.0EA3AE252A65F3DF2E167D0E5219225A] - (.Pas de propri�taire - AntiHacksService.) -- E:\Program Files\Anti-Hacks\AntiHacksService.exe [117248] [PID.2044]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2260]
[MD5.D1EA0584675FF4D15C6906866EEFB43F] - (.Microsoft Corp. - Bing Desktop updating service.) -- E:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [168536] [PID.2284]
[MD5.C96C52D0D80666AF585516FFA97B7C00] - (.Pas de propri�taire - app_filter Module.) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616] [PID.2328]
[MD5.B6C48D01147EC020DE7F1856734127F8] - (.Pas de propri�taire - NVIDIA Corporation.) -- E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720] [PID.2632]
[MD5.E570ECA850F30EB740C2E9699DF3D2BD] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Servi.) -- E:\Program Files\Microsoft Security Client\NisSrv.exe [295232] [PID.2964]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- E:\Windows\system32\sppsvc.exe [3179520] [PID.1848]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
E:\Users\SANO\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
E:\Users\SANO\AppData\Roaming\Mozilla\Firefox\Profiles\dyl2922a.default\prefs.js
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [SANO] -- E:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- E:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (...) -- E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=16.4.3505.0912] - (.Microsoft Corporation - NPWLPG.) -- E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- E:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- E:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- E:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) -- E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (.Adobe Systems - A plugin to detect whether the Adobe Application Manager is installed.) -- E:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- E:\Users\SANO\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- E:\Users\SANO\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [facebook.com/fbDesktopPlugin] - (.Facebook, Inc. - Facebook Desktop Plugin.) -- E:\Users\SANO\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Facebook, Inc. - Facebook Desktop Plugin.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=E:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=E:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=E:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 2 Legitimates Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- E:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- E:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2298646391-757493722-2707815433-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- E:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- E:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- E:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Anti-Hacks.lnk . (...) -- E:\Program Files\Anti-Hacks\AntiHacks.exe
O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- E:\Program Files\CCleaner\CCleaner.exe
O4 - GS\TaskBar: Cheat Engine.lnk . (...) -- E:\Program Files\Cheat Engine 6.1\Cheat Engine.exe
O4 - GS\TaskBar: GigaTribe.lnk . (.Gigatribe - Gigatribe.) -- E:\Program Files\GigaTribe\gigatribe.exe
O4 - GS\TaskBar: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- E:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- E:\Users\SANO\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Google�Earth.lnk . (.Google - Google Earth.) -- E:\Program Files\Google\Google Earth\client\googleearth.exe
O4 - GS\TaskBar: incredimail - Raccourci.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\Bin\IncMail.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: iTunes.lnk . (.Apple Inc. - iTunes.) -- E:\Program Files\iTunes\iTunes.exe
O4 - GS\TaskBar: Microsoft Security Essentials.lnk . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- E:\Program Files\Microsoft Security Client\msseces.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- E:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Personal Finances Free.lnk . (.Alzex software - Pas de description.) -- E:\Program Files\Personal Finances Free\PersonalFinances.exe
O4 - GS\TaskBar: PowerISO.lnk . (.PowerISO Computing, Inc. - PowerISO.) -- E:\Program Files\PowerISO\PowerISO.exe
O4 - GS\TaskBar: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- E:\Program Files\Skype\Phone\Skype.exe
O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-b�te.) -- E:\Windows\system32\StikyNot.exe
O4 - GS\TaskBar: SuperCopier2.lnk . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- E:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - GS\TaskBar: TeamViewer 8.lnk . (.TeamViewer GmbH - TeamViewer 8.) -- E:\Program Files\TeamViewer\Version8\TeamViewer.exe
O4 - GS\TaskBar: The KMPlayer FR.lnk . (.Pandora.TV - The KMPlayer.) -- E:\Program Files\The KMPlayer FR\KMPlayer.exe
O4 - GS\TaskBar: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- E:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\TaskBar: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Adobe Digital Editions.lnk . (.Adobe Systems, Inc. - Adobe Digital Editions.) -- E:\Program Files\Adobe\Adobe Digital Editions\digitaleditions.exe
O4 - GS\QuickLaunch: Anti-Hacks.lnk . (...) -- E:\Program Files\Anti-Hacks\AntiHacks.exe
O4 - GS\QuickLaunch: GigaTribe.lnk . (.Gigatribe - Gigatribe.) -- E:\Program Files\GigaTribe\gigatribe.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- E:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- E:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: E:\Users\SANO\Desktop\Internet Explorer - r�solution de probl�mes.url . (...) -- E:\Users\SANO\Desktop\Internet Explorer - r�solution de probl�mes.url
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- E:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- E:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 01s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @E:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 9 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{27CDBDBF-077F-4C6D-825C-534865171EF3}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{27CDBDBF-077F-4C6D-825C-534865171EF3}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{27CDBDBF-077F-4C6D-825C-534865171EF3}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- E:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- E:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: (Anti-Hacks Engine) . (.Pas de propri�taire - AntiHacksService.) - E:\Program Files\Anti-Hacks\AntiHacksService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
~ Services: 9 Legitimates Scanned in 00mn 06s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Game_Booster_Startup] (...) -- E:\Program Files\Razer\Razer Game Booster\GameBooster.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Razer_Game_Booster_AutoUpdate] (...) -- E:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe (.not file.) [0]
[MD5.AA864D437578664606D15D4CE06547E6] [APT] [{9A566084-7E5A-4F27-A242-CE0D1489DB65}] (.NVIDIA Corporation.) -- E:\Users\SANO\Downloads\15.49_nforce_winvista_win7_32bit_international_whql.exe [196846120]
~ Scheduled Task: 23 Legitimates Scanned in 00mn 07s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (MpKsl47f2efef) . (. - .) - E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACF03939-9B58-408D-B1C6-1AAE4517C49D}\MpKsl47f2efef.sys (.not file.)
~ Drivers: 66 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Anti-Hacks 2.1 - (.SafeMatter.) [HKLM] -- {4BA5D748-18CC-4B66-9363-D902D9ED05EB}_is1
O42 - Logiciel: GigaTribe 3.04.009 - (.GigaTribe SAS.) [HKLM] -- ShalSoft.GigaTribe_is1
O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {2CF22C94-1369-4C04-9A5F-A4BC6D91B508}
O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail
O42 - Logiciel: Personal Finances Free v5.2 - (.Alzex.) [HKLM] -- Personal Finances Free_is1
O42 - Logiciel: �Torrent - (...) [HKLM] -- uTorrent
~ Logic: 72 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitTorrent]
[HKCU\Software\GoforFiles]
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKLM\Software\AntiHacks]
[HKLM\Software\GoforFiles]
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Key Software: 127 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/03/2013 - 09:19:32 - [1,543] ----D E:\Program Files\Anti-Hacks
O43 - CFD: 14/03/2013 - 08:59:56 - [43,234] ----D E:\Program Files\GigaTribe
O43 - CFD: 13/02/2012 - 20:53:18 - [26,524] ----D E:\Program Files\IncrediMail
O43 - CFD: 13/05/2012 - 23:05:53 - [18,794] ----D E:\Program Files\Personal Finances Free
O43 - CFD: 10/12/2012 - 17:10:01 - [0,924] ----D E:\Program Files\uTorrent
O43 - CFD: 13/02/2012 - 20:53:52 - [0,000] ----D E:\ProgramData\IM
O43 - CFD: 13/02/2012 - 20:53:18 - [6,679] ----D E:\ProgramData\IncrediMail
O43 - CFD: 26/02/2013 - 13:35:59 - [0] ----D E:\Users\SANO\AppData\Roaming\Anti-Hacks
O43 - CFD: 27/02/2013 - 21:13:41 - [0,001] ----D E:\Users\SANO\AppData\Roaming\GoforFiles
O43 - CFD: 10/10/2012 - 21:42:48 - [0] ----D E:\Users\SANO\AppData\Roaming\PDAppFlex
O43 - CFD: 21/03/2013 - 21:19:54 - [21,803] ----D E:\Users\SANO\AppData\Roaming\uTorrent
O43 - CFD: 17/07/2012 - 17:54:40 - [1079,227] ----D E:\Users\SANO\AppData\Local\IM
~ Program Folder: 167 Legitimates Scanned in 00mn 29s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.466813B55DD2A3D1CBE02E0CCD4F0AC2] - 05/04/2013 - 19:10:24 ---A- . (...) -- E:\Windows\IE10_main.log [14364]
O44 - LFC:[MD5.F8ED216DB580A316CBAC4CACF64100FF] - 04/04/2013 - 20:54:16 ---A- . (...) -- E:\WinUpdateFix.txt [1210]
O44 - LFC:[MD5.617A7964403E34C04CCEBCFC6EB47BCF] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfc0404.dat [268110]
O44 - LFC:[MD5.60FD1F2F44159DA2C9B7169364D54790] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfc0416.dat [300986]
O44 - LFC:[MD5.8C4523174FFEA01D44B506D776DE394A] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfc0804.dat [273024]
O44 - LFC:[MD5.4275F57198D9BD299FE5C51295E4EF09] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfc0816.dat [306338]
O44 - LFC:[MD5.1066128A42E99F9E379D12D93712100F] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfh0404.dat [553100]
O44 - LFC:[MD5.3026F3D4CD64E717A4A9231CD0397E3B] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfh0416.dat [869412]
O44 - LFC:[MD5.58ECF53231CDBBF40B9DE6E800C6596E] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfh0804.dat [535734]
O44 - LFC:[MD5.AFD0C98FEFE47C848F8E9D5B60BA5129] - 03/04/2013 - 07:05:12 ---A- . (...) -- E:\Windows\System32\prfh0816.dat [884416]
O44 - LFC:[MD5.A51B3A45FBB0D0B929FA3430113A0665] - 02/04/2013 - 14:06:13 ---A- . (...) -- E:\ComboFix.txt [14116]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 02/04/2013 - 13:56:26 ---A- . (...) -- E:\Windows\system.ini [215]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 30/03/2013 - 07:54:55 ---A- . (...) -- E:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.EFF08DB1E5033E2812F67BFA1C2F3AA9] - 30/03/2013 - 07:54:55 ---A- . (...) -- E:\Windows\diagwrn.xml [2562]
O44 - LFC:[MD5.E13F489F0B1E52319A86BDD996263F4B] - 28/03/2013 - 16:17:11 ---A- . (...) -- E:\Windows\win.ini [478]
O44 - LFC:[MD5.14FA86D790A48D5DF52D81146283AE2E] - 25/03/2013 - 18:02:15 ---A- . (...) -- E:\UsbFix [Clean 5] SANO-PC.txt [8464]
O44 - LFC:[MD5.F7A89846E810F84283643E29059363C5] - 25/03/2013 - 17:03:50 ----- . (...) -- E:\UsbFix [Clean 4] SANO-PC.txt [4666]
O44 - LFC:[MD5.109DF9DF90AE6622493AF46A3885CB9C] - 25/03/2013 - 16:55:31 ----- . (...) -- E:\UsbFix [Clean 1] SANO-PC.txt [8651]
O44 - LFC:[MD5.59649D17E8BE2BA72B7DE27C933C81FC] - 25/03/2013 - 15:04:35 ----- . (...) -- E:\UsbFix [Scan 1] SANO-PC.txt [6652]
O44 - LFC:[MD5.A0314CB9A513FADFDE18D37A555E4FA8] - 25/03/2013 - 12:47:34 ----- . (...) -- E:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.B0887CC35E10975ACF8D29DB65D3E3F9] - 24/03/2013 - 21:01:17 ----- . (...) -- E:\AdwCleaner[S2].txt [1193]
O44 - LFC:[MD5.7E487CE428CEBFD1E6EF9A7BEBF00574] - 24/03/2013 - 15:22:21 ----- . (...) -- E:\AdwCleaner[S1].txt [17092]
O44 - LFC:[MD5.33BF177505290BEC3BD455C32B593B1C] - 24/03/2013 - 15:21:37 ----- . (...) -- E:\AdwCleaner[R1].txt [17178]
O44 - LFC:[MD5.26D3E11C8898A56CA9C58A9085079D05] - 23/03/2013 - 17:20:41 ---A- . (.Sysinternals - PsExec Service.) -- E:\Windows\PSEXESVC.EXE [99592]
O44 - LFC:[MD5.D8C0B2EB928D57C928522EFF500C4BA8] - 15/03/2013 - 21:40:28 ---A- . (.ManyCam LLC - ManyCam Virtual Webcam.) -- E:\Windows\System32\Drivers\mcvidrv.sys [34432]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 07:45:56 ---A- . (...) -- E:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 07/11/2010 - 18:20:24 ---A- . (...) -- E:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 01:00:00 ---A- . (...) -- E:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 01:00:00 ---A- . (...) -- E:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 01:00:00 ---A- . (...) -- E:\Windows\zip.exe [68096]
~ Files: 81 Legitimates Scanned in 00mn 07s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 9 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BingDesktop [Key] . (.Microsoft Corp. - Bing Desktop Application.) -- e:\program files\microsoft\bingdesktop\bingdesktop.exe
O53 - SMSR:HKLM\...\startupreg\CamserviceExchange [Key] . (.Guillemot Corporation S.A. - Hercules Xtra Controller Main Application.) -- e:\program files\hercules\dualpix exchange\xtrctrlex.exe
O53 - SMSR:HKLM\...\startupreg\EvtMgr6 [Key] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- e:\program files\logitech\setpointp\setpoint.exe
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\bin\IncMail.exe
~ SMSR Keys: 12 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 1 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ MWPE Keys: 6 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- E:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- E:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 98 Legitimates Scanned in 02mn 34s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- E:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- E:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- E:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- E:\Windows\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- E:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- E:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- E:\Users\SANO\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- E:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- E:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- E:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- E:\Users\SANO\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [DefaultScope] - (MyStart Rechercher) - http://mystart.incredimail.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 33 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][05/04/2013] (...) -- E:\Users\SANO\AppData\Local\Temp\~gu-ver.dat [112]
[MD5.F0B961119AC8002050956D5BBBBDD970] [SPRF][05/04/2013] (.Nicolas Coolman - ZHPDiag.) -- E:\Users\SANO\Desktop\ZHPDiag2.exe [5524649]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{28DE37EB-4727-47E6-B933-DDC056ED45F7}" | In - Domain - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{199A12B7-98C2-4309-9F6D-047CC134434E}" | In - Domain - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{87E6B293-98B6-44A2-9A86-BAA5CEC0EB14}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{EDDD1BB7-032E-4E80-B21E-56115E9CB7BA}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{E515D383-FC9C-462A-80A9-57A51915E1CF}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- E:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{DB03CC39-2EBF-41DB-8857-0C0160A99532}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- E:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "TCP Query User{23115636-273D-4841-B13F-BAD6AB5987AD}E:\program files\hercules\dualpix exchange\xtrctrlex.exe" | In - Private - P6 - TRUE | .(.Guillemot Corporation S.A..) -- E:\program files\hercules\dualpix exchange\xtrctrlex.exe
O87 - FAEL: "UDP Query User{C5E385CC-B730-45F3-9AE7-D1EEE298140C}E:\program files\hercules\dualpix exchange\xtrctrlex.exe" | In - Private - P17 - TRUE | .(.Guillemot Corporation S.A..) -- E:\program files\hercules\dualpix exchange\xtrctrlex.exe
O87 - FAEL: "{492900EE-C3D2-4953-9520-0725C4CAB1FE}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{24F5085D-5FA2-409C-986A-BB2BC4F1D6D9}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{AFCB2B4A-A607-4026-B689-3741BF6D9DC9}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{B1205CF3-5E1E-4EA9-B507-61D417019428}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{03532DAD-83BE-4936-8A95-D09B7013656A}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{0BAACE23-D23B-408F-B973-D58296B30AFB}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{FE804064-FCC9-4570-9A4A-C243127650DA}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- E:\Program Files\IncrediMail\Bin\ImpCnt.exe
O87 - FAEL: "{DE3AC9E7-8AF6-45DD-BE3C-59B528715417}" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{02475128-5416-42B7-8940-925DD05909ED}" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{C27DE657-C2AF-4AFA-AF84-17C19AB2250B}" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{9F5D39F3-D1C7-436F-9A9C-C749012BA488}" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- E:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{90925D48-8227-457D-BB0E-19BDCB771051}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{651DE15B-C43E-4054-954F-C3C680CD325C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- E:\Program Files\IncrediMail\Bin\IncMail.exe
O87 - FAEL: "{274325D2-2220-41E0-9135-5713529DA8BF}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- E:\Program Files\IncrediMail\Bin\ImApp.exe
O87 - FAEL: "{5D996FCA-794A-4433-8B62-9FF7B51D0BE6}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- E:\Program Files\IncrediMail\Bin\ImApp.exe
~ Firewall: 228 Legitimates Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11417 - (04/04/2013)
Cl�s trouv�es (Keys found) : 12
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\IncrediSpooler.DeltaSync] =>toolbar.DeltaSearch
[HKLM\Software\Classes\IncrediSpooler.DeltaSync.1] =>toolbar.DeltaSearch
~ Additionnel: Scanned in 00mn 28s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "49C22FC2963140C4A9F54ACBD6195B80" . (.IncrediMail.) -- E:\Windows\Installer\{2CF22C94-1369-4C04-9A5F-A4BC6D91B508}\ARPPRODUCTICON.exe
~ Update Products: 85 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 01/09/2011 169624 | (AdobeActiveFileMonitor10.0) . (.Adobe Systems Incorporated.) - E:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - E:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 06/03/2013 251248 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - E:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 117248 | (Anti-Hacks Engine) . (...) - E:\Program Files\Anti-Hacks\AntiHacksService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Disabled 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - E:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 387616 | (ForceWare Intelligent Application Manager (IAM)) . (...) - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SS - | Auto 13/10/2012 116648 | (gupdate) . (.Google Inc..) - E:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/10/2012 116648 | (gupdatem) . (.Google Inc..) - E:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - E:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 27/09/2011 295192 | (LBTServ) . (.Logitech, Inc..) - E:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
SS - | Disabled 16/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 178720 | (nSvcIp) . (...) - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 15/05/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - E:\Windows\system32\nvvsvc.exe
SS - | Disabled 15/05/2012 1262400 | (nvUpdatusService) . (.NVIDIA Corporation.) - E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - E:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 15/05/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - E:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 14/07/2009 20992 | E:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - E:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | E:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - E:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s



End of the scan (630 lines in 04mn 24s)(0)

Publicité


Signaler le contenu de ce document

Publicité