Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.9.51 par Nicolas Coolman, Update du 09/04/2013
Run by CELINE GRISTI at 10/04/2013 18:54:17
State : Probl�me connexion internet
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)
OBIE: Safari v5.31.22.7
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Protection
Antivirus : avast! Free Antivirus v7.0.1474.0
---\\ System Information
~ Processor: x86 Family 15 Model 76 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 894 MB (50% free)
System Restore: Activ� (Enable)
System drive C: has 25 GB (47%) free of 53 GB
---\\ Logged in mode
~ Computer Name: CELINE
~ User Name: CELINE GRISTI
~ All Users Names: SUPPORT_388945a0, HelpAssistant, CELINE GRISTI, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\CELINE GRISTI\Application Data\
~ %Desktop% : C:\Documents and Settings\CELINE GRISTI\Bureau\
~ %Favorites% : C:\Documents and Settings\CELINE GRISTI\Favoris\
~ %LocalAppData% : C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\CELINE GRISTI\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 53 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 54 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 19:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 3/9505
~ Mes musiques (My Musics) : 1/11
~ Mes Videos (My Videos) : 3/20
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/10522
~ Mon Bureau (My Desktop) : 1/58
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lanc�s
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1636]
[MD5.D3FACB34FFF5DB91ADB70987838F8BA7] - (.brother Industries Ltd - brsvc01a.) -- C:\WINDOWS\system32\brsvc01a.exe [57344] [PID.1696]
[MD5.9E646CD378D4D0C996BAF9BCB18237C7] - (.brother Industries Ltd - brss01a.exe.) -- C:\WINDOWS\system32\brss01a.exe [45056] [PID.1724]
[MD5.A7A071726A35955C05FCBF9ABDDBBD97] - (.Acer Inc. - Pas de description.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.1788]
[MD5.557F35D1CA42AEA14A6690E21887A31F] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712] [PID.1220]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888] [PID.248]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.292]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.524]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.624]
[MD5.86E8BCAA91FC2ACFACD99CF2BF9F1F47] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [49152] [PID.764]
[MD5.3A81CA261B031AD49D1E69C276CAA368] - (...) -- C:\Acer\Empowering Technology\eLock\LockServ.exe [520192] [PID.1412]
[MD5.5539FA7E969C332E4794316D5B840306] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336] [PID.1452]
[MD5.6D88C26BF33D2B8404F01CECBDD47D3A] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 86.02.) -- C:\WINDOWS\system32\nvsvc32.exe [143426] [PID.1484]
[MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2088]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.2812]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3580]
[MD5.9C69E6A25F5500501B14AF43311F8D8B] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [64512] [PID.3316]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RUNDLL32.exe [0] [PID.3436]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592] [PID.3784]
[MD5.10B0722C7203181B0C50C6CB974D2F2A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16261632] [PID.1236]
[MD5.DFAE0D430C5D2458340F67FD2841F3E7] - (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe [634880] [PID.3964]
[MD5.926CF712448FEA216DEB1D30E708275C] - (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe [335872] [PID.3976]
[MD5.A1FF818BDDFF23BC89F9C54DD467D857] - (.Pas de propri�taire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [438272] [PID.3928]
[MD5.C67E00C1DCA52FB369DC54E9EE653D47] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [413696] [PID.2648]
[MD5.72D78BD9AB1F457502F01832B07133CF] - (.HiTRUST - eDSloader.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [345088] [PID.4044]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152] [PID.2752]
[MD5.A2CFF52E175E823E86646E6097DAB57B] - (...) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe [348160] [PID.2232]
[MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400] [PID.2372]
[MD5.32F1A63C86D009D95994B543511D6E5C] - (.Pas de propri�taire - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480] [PID.548]
[MD5.D05D1BBCBA6C6843A7A96C5289DA22BE] - (.Pas de propri�taire - NsWrtProc Microsoft Base Clase Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe [24576] [PID.2572]
[MD5.741DCAEC21B5A9A1D068FE8692A30D68] - (.Apple Inc. - iTunesHelper Module.) -- D:\Program Files\iTunes\iTunesHelper.exe [292128] [PID.2576]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136] [PID.2480]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2988]
[MD5.C98EF7E083579C0D588D0E909F48A90A] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728] [PID.3084]
[MD5.E39574B471EF0B8719B13CC99AAFF0B8] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Documents and Settings\CELINE GRISTI\Local Settings\Temp\RtkBtMnt.exe [208896] [PID.3680]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [10376704] [PID.1500]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [10368512] [PID.3940]
[MD5.E8E568EA584973DFD99AAC7D00A16287] - (.Apple Inc. - iPodService Module.) -- C:\Program Files\iPod\bin\iPodService.exe [542496] [PID.2384]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.3988]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.1132]
[MD5.B93499B1D1058C86C1A60C026C334971] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6581760] [PID.3500]
[MD5.52404CC76E9D53843BDF97564BB16BED] - (.Microsoft Corporation - MCRD Device Service.) -- C:\WINDOWS\ehome\mcrdsvc.exe [99328] [PID.2164]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2932]
~ Processes Running: Scanned in 00mn 06s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\prefs.js
~ Firefox Browser: 25 Legitimates Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 11 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 08s
~ Nombre de lignes (Lines number): 15267
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 5 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] . (.Wistron - RunXMLPL.) -- C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [AzMixerSel] . (.Realtek Semiconductor Corp. - Azalia Mixer Selector.) -- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] . (...) -- C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [WD Button Manager] . (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe
O4 - HKLM\..\Run: [ePower_DMC] . (.Pas de propri�taire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eRecoveryService] . (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eLockMonitor] . (...) -- C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] . (.HiTRUST - eDSloader.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Boot] . (...) -- C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
O4 - HKLM\..\Run: [WrtMon.exe] . (.Pas de propri�taire - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-33194371-2589393498-2926583925-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-33194371-2589393498-2926583925-1005\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
~ Application: Scanned in 00mn 02s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Media Center.lnk . (.Microsoft Corporation - Media Center.) -- C:\WINDOWS\ehome\ehshell.exe
O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\Program Files\Microsoft Office\Office\EXCEL.exe
O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\Program Files\Microsoft Office\Office\WINWORD.exe
O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\Program Files\Microsoft Office\Office\POWERPNT.exe
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Cl� orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 4 Legitimates Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341348831414
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 5 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrSplService (Brother XP spl Service) . (.brother Industries Ltd - brsvc01a.) - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 86.02.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 13 Legitimates Scanned in 00mn 14s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
~ Scheduled Task: 8 Legitimates Scanned in 00mn 00s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 24 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 69 Legitimates Scanned in 00mn 01s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Chinese Traditional Fonts Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-2448-0000-800000000003}
O42 - Logiciel: Eudora - (...) [HKLM] -- Eudora
O42 - Logiciel: Handy Backup 6.0 - (...) [HKLM] -- Handy Backup 6.0
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Language pack for Ad-Aware SE - (.Lavasoft.) [HKLM] -- Language pack for Ad-Aware SE
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 179 Legitimates Scanned in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\FSPro Labs]
[HKCU\Software\FotoWire]
[HKCU\Software\High-Logic]
[HKCU\Software\IncrediMail]
[HKCU\Software\Novosoft]
[HKCU\Software\Qualcomm]
[HKCU\Software\WebMediaPlayer]
[HKCU\Software\newsoft]
[HKLM\Software\FSPro Labs]
[HKLM\Software\High-Logic]
[HKLM\Software\NewSoft]
[HKLM\Software\QUALCOMM Incorporated]
[HKLM\Software\WebUpdate]
~ Key Software: 246 Legitimates Scanned in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2007 - 11:49:16 - [0] ----D C:\Program Files\Dantz
O43 - CFD: 22/12/2008 - 12:15:44 - [187,824] ----D C:\Program Files\NewSoft
O43 - CFD: 10/02/2009 - 14:31:40 - [23,754] ----D C:\Program Files\Qualcomm
O43 - CFD: 10/02/2009 - 14:44:40 - [0,158] ----D C:\Program Files\IncrediMail
O43 - CFD: 16/07/2009 - 10:09:20 - [0,112] ----D C:\Program Files\INFORAD
O43 - CFD: 02/09/2012 - 20:04:06 - [0,001] ----D C:\Program Files\NexusFont
O43 - CFD: 22/12/2008 - 12:15:44 - [18,098] ----D C:\Program Files\Fichiers communs\PDFView
O43 - CFD: 22/12/2008 - 12:16:10 - [3,538] ----D C:\Program Files\Fichiers communs\NewSoft
O43 - CFD: 24/02/2009 - 09:11:44 - [0,001] ----D C:\Documents and Settings\All Users\SendTo
O43 - CFD: 22/12/2008 - 12:40:20 - [0,690] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\NewSoft
O43 - CFD: 10/02/2009 - 14:32:02 - [0,257] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\Qualcomm
O43 - CFD: 29/10/2009 - 15:07:38 - [3,339] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\Novosoft
O43 - CFD: 22/12/2008 - 12:40:16 - [0,752] ----D C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\NewSoft
~ Program Folder: 163 Legitimates Scanned in 00mn 23s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.68374CA113D7B10C30DF600A834F57FF] - 10/04/2013 - 11:19:10 ---A- . (...) -- C:\WINDOWS\ComponentList.xml [97]
O44 - LFC:[MD5.6AB0FD4BEE15FA1C35F74DFAFC09A68A] - 10/04/2013 - 11:19:08 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [51048]
O44 - LFC:[MD5.4145AC65B95D10B4EAEAB798764A68D0] - 10/04/2013 - 10:38:38 ---A- . (...) -- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [4212]
O44 - LFC:[MD5.9FF3DE12582C5FF22BC7E2C249453864] - 10/04/2013 - 09:33:00 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.23DEEFA092B90C4E610F0DD08B8CB915] - 10/04/2013 - 09:30:30 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.027C09DD474E31FD09C7BCC5458BB52D] - 09/04/2013 - 17:09:52 ---A- . (...) -- C:\AdwCleaner[S1].txt [2351]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2013 - 15:07:32 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
~ Files: 25 Legitimates Scanned in 00mn 41s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DDD2DB16609B9A10184C140AD18E2B0F] - 10/04/2013 - 09:31:34 ---A- - C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf
O45 - LFCP:[MD5.3BB2C220C26EA014AE656DC52D75EBC6] - 10/04/2013 - 09:32:26 ---A- - C:\WINDOWS\Prefetch\MEMCHECK.EXE-0A370B04.pf
O45 - LFCP:[MD5.82AE75BED1E8EB6A65D9D6BC1353ADAC] - 10/04/2013 - 11:19:10 ---A- - C:\WINDOWS\Prefetch\XMLAUNCH.EXE-086AA80B.pf
O45 - LFCP:[MD5.258F6DDF9565475EB666FA4E7AE0EE57] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\AZMIXERSEL.EXE-0057985F.pf
O45 - LFCP:[MD5.147610277384A38CA64CE926F3D928D6] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\IMJPMIG.EXE-32ABEE9A.pf
O45 - LFCP:[MD5.4CE8FF0E693C831E7F1D50BAF3B0FC53] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\LAUNAPP.EXE-1B5E2140.pf
O45 - LFCP:[MD5.149A485020F6A9CEADB160D55637640C] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\RUNXMLPL.EXE-2046072A.pf
O45 - LFCP:[MD5.89BE674B4C7D7D9CB37C3C93AC61342F] - 10/04/2013 - 11:19:22 ---A- - C:\WINDOWS\Prefetch\RTKBTMNT.EXE-0153D462.pf
O45 - LFCP:[MD5.626E3C0A5170156FBCDE1D08FC05F72E] - 10/04/2013 - 11:19:24 ---A- - C:\WINDOWS\Prefetch\CNSLMAIN.EXE-2B4A9454.pf
O45 - LFCP:[MD5.1868D6C17F5367E397A874D565DDDA4D] - 10/04/2013 - 11:19:24 ---A- - C:\WINDOWS\Prefetch\WDBTNMGR.EXE-2DAD3A0B.pf
O45 - LFCP:[MD5.A952582864941F80A5CEAE4439641D0D] - 10/04/2013 - 11:19:26 ---A- - C:\WINDOWS\Prefetch\EPOWER_DMC.EXE-0838B86A.pf
O45 - LFCP:[MD5.2318B16B02BF02F41ED5A88852E9A42C] - 10/04/2013 - 11:19:26 ---A- - C:\WINDOWS\Prefetch\LAUNCHMONITOR.EXE-284AF436.pf
O45 - LFCP:[MD5.F1F81E54FB4444E4957B199EC7ED093A] - 10/04/2013 - 11:19:28 ---A- - C:\WINDOWS\Prefetch\BOOT.EXE-358A5EE6.pf
O45 - LFCP:[MD5.707370DDDAAC4C8F757F2B8ADCF92311] - 10/04/2013 - 11:19:28 ---A- - C:\WINDOWS\Prefetch\EDSLOADER.EXE-2A914953.pf
O45 - LFCP:[MD5.3F02B6255AACC33F2143C6130C070B9E] - 10/04/2013 - 11:19:36 ---A- - C:\WINDOWS\Prefetch\LOCKMON.EXE-1474D755.pf
O45 - LFCP:[MD5.58D38F65E18C8CA437FBF46554DE59A1] - 10/04/2013 - 11:19:38 ---A- - C:\WINDOWS\Prefetch\OPWARESE4.EXE-34DF2E66.pf
O45 - LFCP:[MD5.84E72461A11507D5E8E65D15FB68B02C] - 10/04/2013 - 11:19:40 ---A- - C:\WINDOWS\Prefetch\WRTMON.EXE-0F5F7813.pf
O45 - LFCP:[MD5.AEE10C067CFE10C58642BDD6DD19A9E9] - 10/04/2013 - 12:37:48 ---A- - C:\WINDOWS\Prefetch\DFRGFAT.EXE-22605FE5.pf
~ Prefetcher: 87 Legitimates Scanned in 00mn 01s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [Enabled] .(...) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImApp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe (.not file.)
~ Keys Export: 17 Legitimates Scanned in 00mn 02s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{794275fe-9805-11db-8419-0016cfad7918}\AutoRun\command. (...) -- F:\setupSNK.exe (.not file.)
O51 - MPSK:{87ca094e-b95f-11dc-85dd-0016cfad7918}\AutoRun\command. (...) -- F:\loader.exe (.not file.)
O51 - MPSK:{a8eb5c07-7763-11dc-8598-0016cfad7918}\AutoRun\command. (...) -- F:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo� video Raw YVU9 by Intel" . (...) -- C:\WINDOWS\system32\iyvu9_32.dll
~ TDSD: 12 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 2 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 10/08/2004 - 04:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 10/08/2004 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 07/04/2013 - 13:30:38 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-07.json [46773]
O61 - LFC: 07/04/2013 - 15:04:36 -SHA- C:\Documents and Settings\CELINE GRISTI\Application Data\Microsoft\Internet Explorer\UserData\index.dat [16384]
O61 - LFC: 07/04/2013 - 19:58:18 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013-03-26 17.50.561.jpg.lnk [470]
O61 - LFC: 07/04/2013 - 21:53:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_02_26.lnk [346]
O61 - LFC: 07/04/2013 - 21:54:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0001.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:26 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0002.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:40 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0003.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:48 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_04.lnk [346]
O61 - LFC: 07/04/2013 - 21:54:48 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0004.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:55:02 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_10.lnk [346]
O61 - LFC: 07/04/2013 - 21:55:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_24.lnk [346]
O61 - LFC: 07/04/2013 - 21:55:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan.pdf.lnk [495]
O61 - LFC: 07/04/2013 - 21:56:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_25.lnk [346]
O61 - LFC: 07/04/2013 - 21:56:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\impot 2011.pdf.lnk [517]
O61 - LFC: 08/04/2013 - 07:19:34 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-08.json [46773]
O61 - LFC: 08/04/2013 - 09:05:24 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Comptabilit�.lnk [361]
O61 - LFC: 08/04/2013 - 09:05:24 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\compta salon celine 2013 .xls.lnk [587]
O61 - LFC: 08/04/2013 - 09:30:50 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\6958-A DIFFUSER TRES VITE avant interdiction(cord).pdf [213424]
O61 - LFC: 08/04/2013 - 09:48:06 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\startupCache\startupCache.4.little [1498723]
O61 - LFC: 08/04/2013 - 10:36:36 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\ACDSee 7.0.lnk [2533]
O61 - LFC: 08/04/2013 - 10:47:38 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0136.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:47:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0137.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:56:46 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0140.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:57:06 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0141.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:36 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0138.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0139.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\le bon coin.lnk [390]
O61 - LFC: 08/04/2013 - 14:02:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\6958-A DIFFUSER TRES VITE avant interdiction(cord).pdf.lnk [620]
O61 - LFC: 08/04/2013 - 14:06:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Bulletin d'inscription - 06.05.2012.pdf.lnk [545]
O61 - LFC: 09/04/2013 - 09:36:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-09.json [47905]
O61 - LFC: 09/04/2013 - 17:08:32 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\adwcleaner.exe [613083]
O61 - LFC: 09/04/2013 - 17:16:10 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\search.json [10826]
O61 - LFC: 09/04/2013 - 17:28:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\ACER (C).lnk [201]
O61 - LFC: 09/04/2013 - 17:28:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\AdwCleaner[S1].txt.lnk [353]
O61 - LFC: 09/04/2013 - 17:30:36 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\content-prefs.sqlite [7168]
O61 - LFC: 09/04/2013 - 18:43:00 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\blocklist.xml [58746]
O61 - LFC: 09/04/2013 - 19:26:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Bulletins de salaire.lnk [385]
O61 - LFC: 09/04/2013 - 19:26:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\camille.03.2013.pdf.lnk [597]
O61 - LFC: 09/04/2013 - 19:27:32 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\documentCouponPaiement.pdf [5420]
O61 - LFC: 10/04/2013 - 08:07:04 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\mbam-setup-1.70.0.1100.exe [10156344]
O61 - LFC: 10/04/2013 - 08:10:00 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-10.json [47285]
O61 - LFC: 10/04/2013 - 08:10:08 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\downloads.sqlite [98304]
O61 - LFC: 10/04/2013 - 11:18:48 -SHA- C:\Documents and Settings\CELINE GRISTI\Application Data\Microsoft\Credentials\S-1-5-21-33194371-2589393498-2926583925-1005\Credentials [340]
O61 - LFC: 10/04/2013 - 11:18:48 -SHA- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-33194371-2589393498-2926583925-1005\Credentials [362]
O61 - LFC: 10/04/2013 - 11:19:18 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse [0]
O61 - LFC: 10/04/2013 - 11:19:26 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\ApplicationHistory\LockMon.exe.7987f3da.ini.inuse [0]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\addons.sqlite [524288]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cert8.db [360448]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite [524288]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\key3.db [16384]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\localstore.rdf [8480]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\permissions.sqlite [1638400]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\OfflineCache\index.sqlite [262144]
O61 - LFC: 10/04/2013 - 17:44:16 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite-shm [32768]
O61 - LFC: 10/04/2013 - 17:44:18 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\webapps\webapps.json [2]
O61 - LFC: 10/04/2013 - 17:44:20 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite-shm [32768]
O61 - LFC: 10/04/2013 - 17:44:20 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite-wal [22040]
O61 - LFC: 10/04/2013 - 17:44:50 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\prefs.js [31866]
O61 - LFC: 10/04/2013 - 17:45:04 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite [10485760]
O61 - LFC: 10/04/2013 - 17:45:06 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite-wal [280192]
O61 - LFC: 10/04/2013 - 17:45:34 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\webappsstore.sqlite [4201472]
O61 - LFC: 10/04/2013 - 17:49:14 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\urlclassifierkey3.txt [154]
O61 - LFC: 10/04/2013 - 17:53:40 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\formhistory.sqlite [49152]
O61 - LFC: 10/04/2013 - 17:53:54 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\sessionstore.js [11258]
O61 - LFC: 10/04/2013 - 17:54:04 -SHA- C:\Documents and Settings\CELINE GRISTI\IETldCache\index.dat [262144]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcMultiRatingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcPhishingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcRatingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcUserStorage.json [156]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcVotingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcWarningStorage.json [2]
~ 5 Fichiers temporaires (Temporary files)
~ 23 Fichiers cookies (Cookies files)
~ Files: 236 Legitimates Scanned in 01mn 15s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 12/12/2008 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 11/04/2002 - C:\WINDOWS\system32\brsvc01a.exe (Brother XP spl Service) .(.brother Industries Ltd - brsvc01a.) - LEGACY_BROTHER_XP_SPL_SERVICE
O64 - Services: CurCS - 13/01/2006 - C:\WINDOWS\system32\drivers\epindd.sys (epindd) .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter PC.) - LEGACY_EPINDD
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - 06/11/2007 - C:\Program Files\FICHIE~1\SYMANT~1\SymcData\idsdefs\20071220.001\SymIDSCo.sys (SYMIDSCO) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_SYMIDSCO
~ Legacy: 222 Legitimates Scanned in 00mn 13s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 02s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {C21A9A0C-5FA9-40EC-B24F-CD6C916EE951} - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 42 Legitimates Scanned in 00mn 01s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.524F446FA6DE3C022EFB2E992422AF75] [SPRF][25/12/2006] (...) -- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\fusioncache.dat [136]
[MD5.2E7254D27C1E999390F29A65EB958BA5] [SPRF][09/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\ZHPDiag2.exe [5538030]
[MD5.02C4F6C257542FCB7C58B7164D674471] [SPRF][09/04/2013] (...) -- C:\Documents and Settings\CELINE GRISTI\Bureau\adwcleaner.exe [613083]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][10/04/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\mbam-setup-1.70.0.1100.exe [10156344]
[MD5.D02522EF74A48A276277BAF017548A22] [SPRF][07/03/2013] (...) -- C:\Documents and Settings\CELINE GRISTI\Bureau\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe [126019687]
[MD5.25D73A2BD775663A3294CD03C4D85630] [SPRF][28/04/2011] (.Microsoft Corporation - Pas de description.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\FileFormatConverters.exe [39060536]
[MD5.387804211A84DCA79A7238E4406A1F21] [SPRF][20/11/2007] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1523536]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 10s
---\\ Scan Additionnel (O88)
Database Version : v2.11496 - (09/04/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
[HKCU\Software\WebMediaPlayer] =>Rogue.Multiple
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WebMediaPlayer] =>Rogue.Multiple
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Scanned in 00mn 27s
---\\ Product Upgrade Codes (O90)
~ Update Products: 57 Legitimates Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2006 28672 | (AcerMemUsageCheckService) . (.Acer Inc..) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/07/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 12/12/2008 238888 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 11/04/2002 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\WINDOWS\system32\brsvc01a.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 97432 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 13/07/2009 542496 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 18/05/2006 49152 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 520192 | (LockServ) . (...) - C:\Acer\Empowering Technology\eLock\LockServ.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 20/07/2006 143426 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 23/01/2012 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by CELINE GRISTI at 10/04/2013 19:01:56
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
C:\WINDOWS\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1F0] >> \Device\Harddisk0\DR0[0x85498030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by CELINE GRISTI at 10/04/2013 19:01:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1338 Legitimates filtered by white list
End of the scan (726 lines in 07mn 40s)(0)
Run by CELINE GRISTI at 10/04/2013 18:54:17
State : Probl�me connexion internet
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)
OBIE: Safari v5.31.22.7
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Protection
Antivirus : avast! Free Antivirus v7.0.1474.0
---\\ System Information
~ Processor: x86 Family 15 Model 76 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 894 MB (50% free)
System Restore: Activ� (Enable)
System drive C: has 25 GB (47%) free of 53 GB
---\\ Logged in mode
~ Computer Name: CELINE
~ User Name: CELINE GRISTI
~ All Users Names: SUPPORT_388945a0, HelpAssistant, CELINE GRISTI, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\CELINE GRISTI\Application Data\
~ %Desktop% : C:\Documents and Settings\CELINE GRISTI\Bureau\
~ %Favorites% : C:\Documents and Settings\CELINE GRISTI\Favoris\
~ %LocalAppData% : C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\CELINE GRISTI\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 53 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 39 Go of 54 Go)
E:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 19:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 3/9505
~ Mes musiques (My Musics) : 1/11
~ Mes Videos (My Videos) : 3/20
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/10522
~ Mon Bureau (My Desktop) : 1/58
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 17s
---\\ Processus lanc�s
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1636]
[MD5.D3FACB34FFF5DB91ADB70987838F8BA7] - (.brother Industries Ltd - brsvc01a.) -- C:\WINDOWS\system32\brsvc01a.exe [57344] [PID.1696]
[MD5.9E646CD378D4D0C996BAF9BCB18237C7] - (.brother Industries Ltd - brss01a.exe.) -- C:\WINDOWS\system32\brss01a.exe [45056] [PID.1724]
[MD5.A7A071726A35955C05FCBF9ABDDBBD97] - (.Acer Inc. - Pas de description.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.1788]
[MD5.557F35D1CA42AEA14A6690E21887A31F] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712] [PID.1220]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888] [PID.248]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] - (.Microsoft Corporation - Media Center Receiver Service.) -- C:\WINDOWS\eHome\ehRecvr.exe [237568] [PID.292]
[MD5.980EEEA91776357518892C5544768E2B] - (.Microsoft Corporation - Service de planification Media Center.) -- C:\WINDOWS\eHome\ehSched.exe [103424] [PID.524]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.624]
[MD5.86E8BCAA91FC2ACFACD99CF2BF9F1F47] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [49152] [PID.764]
[MD5.3A81CA261B031AD49D1E69C276CAA368] - (...) -- C:\Acer\Empowering Technology\eLock\LockServ.exe [520192] [PID.1412]
[MD5.5539FA7E969C332E4794316D5B840306] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [270336] [PID.1452]
[MD5.6D88C26BF33D2B8404F01CECBDD47D3A] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 86.02.) -- C:\WINDOWS\system32\nvsvc32.exe [143426] [PID.1484]
[MD5.3199A477F0F06EEDE41BD55179F8EB05] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [92592] [PID.2088]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.2812]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3580]
[MD5.9C69E6A25F5500501B14AF43311F8D8B] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [64512] [PID.3316]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RUNDLL32.exe [0] [PID.3436]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\WINDOWS\eHome\ehmsas.exe [46592] [PID.3784]
[MD5.10B0722C7203181B0C50C6CB974D2F2A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16261632] [PID.1236]
[MD5.DFAE0D430C5D2458340F67FD2841F3E7] - (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe [634880] [PID.3964]
[MD5.926CF712448FEA216DEB1D30E708275C] - (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe [335872] [PID.3976]
[MD5.A1FF818BDDFF23BC89F9C54DD467D857] - (.Pas de propri�taire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [438272] [PID.3928]
[MD5.C67E00C1DCA52FB369DC54E9EE653D47] - (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [413696] [PID.2648]
[MD5.72D78BD9AB1F457502F01832B07133CF] - (.HiTRUST - eDSloader.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [345088] [PID.4044]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1603152] [PID.2752]
[MD5.A2CFF52E175E823E86646E6097DAB57B] - (...) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe [348160] [PID.2232]
[MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400] [PID.2372]
[MD5.32F1A63C86D009D95994B543511D6E5C] - (.Pas de propri�taire - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480] [PID.548]
[MD5.D05D1BBCBA6C6843A7A96C5289DA22BE] - (.Pas de propri�taire - NsWrtProc Microsoft Base Clase Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe [24576] [PID.2572]
[MD5.741DCAEC21B5A9A1D068FE8692A30D68] - (.Apple Inc. - iTunesHelper Module.) -- D:\Program Files\iTunes\iTunesHelper.exe [292128] [PID.2576]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136] [PID.2480]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2988]
[MD5.C98EF7E083579C0D588D0E909F48A90A] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247728] [PID.3084]
[MD5.E39574B471EF0B8719B13CC99AAFF0B8] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Documents and Settings\CELINE GRISTI\Local Settings\Temp\RtkBtMnt.exe [208896] [PID.3680]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [10376704] [PID.1500]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [10368512] [PID.3940]
[MD5.E8E568EA584973DFD99AAC7D00A16287] - (.Apple Inc. - iPodService Module.) -- C:\Program Files\iPod\bin\iPodService.exe [542496] [PID.2384]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.3988]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.1132]
[MD5.B93499B1D1058C86C1A60C026C334971] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6581760] [PID.3500]
[MD5.52404CC76E9D53843BDF97564BB16BED] - (.Microsoft Corporation - MCRD Device Service.) -- C:\WINDOWS\ehome\mcrdsvc.exe [99328] [PID.2164]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2932]
~ Processes Running: Scanned in 00mn 06s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\prefs.js
~ Firefox Browser: 25 Legitimates Scanned in 00mn 01s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 11 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 08s
~ Nombre de lignes (Lines number): 15267
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 5 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [ehTray] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] . (.Wistron - RunXMLPL.) -- C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [AzMixerSel] . (.Realtek Semiconductor Corp. - Azalia Mixer Selector.) -- C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] . (...) -- C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [WD Button Manager] . (.Western Digital Technologies, Inc. - WD Button Manager.) -- C:\WINDOWS\system32\WDBtnMgr.exe
O4 - HKLM\..\Run: [ePower_DMC] . (.Pas de propri�taire - Acer ePower Management DMC.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eRecoveryService] . (.Acer Inc. - eRecovery agent.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eLockMonitor] . (...) -- C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] . (.HiTRUST - eDSloader.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Boot] . (...) -- C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
O4 - HKLM\..\Run: [WrtMon.exe] . (.Pas de propri�taire - NsWrtMon Microsoft Base Class Application.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-33194371-2589393498-2926583925-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-33194371-2589393498-2926583925-1005\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
~ Application: Scanned in 00mn 02s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Media Center.lnk . (.Microsoft Corporation - Media Center.) -- C:\WINDOWS\ehome\ehshell.exe
O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\Program Files\Microsoft Office\Office\EXCEL.exe
O4 - GS\Programs: Microsoft Word.lnk . (...) -- C:\Program Files\Microsoft Office\Office\WINWORD.exe
O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\Program Files\Microsoft Office\Office\POWERPNT.exe
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Cl� orpheline
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 4 Legitimates Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341348831414
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{B0D582C2-4CF3-45F5-9442-DE213474094F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 5 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrSplService (Brother XP spl Service) . (.brother Industries Ltd - brsvc01a.) - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 86.02.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 13 Legitimates Scanned in 00mn 14s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
~ Scheduled Task: 8 Legitimates Scanned in 00mn 00s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 24 Legitimates Scanned in 00mn 01s
---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 69 Legitimates Scanned in 00mn 01s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Chinese Traditional Fonts Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-2448-0000-800000000003}
O42 - Logiciel: Eudora - (...) [HKLM] -- Eudora
O42 - Logiciel: Handy Backup 6.0 - (...) [HKLM] -- Handy Backup 6.0
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: Language pack for Ad-Aware SE - (.Lavasoft.) [HKLM] -- Language pack for Ad-Aware SE
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM] -- avast
~ Logic: 179 Legitimates Scanned in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\FSPro Labs]
[HKCU\Software\FotoWire]
[HKCU\Software\High-Logic]
[HKCU\Software\IncrediMail]
[HKCU\Software\Novosoft]
[HKCU\Software\Qualcomm]
[HKCU\Software\WebMediaPlayer]
[HKCU\Software\newsoft]
[HKLM\Software\FSPro Labs]
[HKLM\Software\High-Logic]
[HKLM\Software\NewSoft]
[HKLM\Software\QUALCOMM Incorporated]
[HKLM\Software\WebUpdate]
~ Key Software: 246 Legitimates Scanned in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/05/2007 - 11:49:16 - [0] ----D C:\Program Files\Dantz
O43 - CFD: 22/12/2008 - 12:15:44 - [187,824] ----D C:\Program Files\NewSoft
O43 - CFD: 10/02/2009 - 14:31:40 - [23,754] ----D C:\Program Files\Qualcomm
O43 - CFD: 10/02/2009 - 14:44:40 - [0,158] ----D C:\Program Files\IncrediMail
O43 - CFD: 16/07/2009 - 10:09:20 - [0,112] ----D C:\Program Files\INFORAD
O43 - CFD: 02/09/2012 - 20:04:06 - [0,001] ----D C:\Program Files\NexusFont
O43 - CFD: 22/12/2008 - 12:15:44 - [18,098] ----D C:\Program Files\Fichiers communs\PDFView
O43 - CFD: 22/12/2008 - 12:16:10 - [3,538] ----D C:\Program Files\Fichiers communs\NewSoft
O43 - CFD: 24/02/2009 - 09:11:44 - [0,001] ----D C:\Documents and Settings\All Users\SendTo
O43 - CFD: 22/12/2008 - 12:40:20 - [0,690] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\NewSoft
O43 - CFD: 10/02/2009 - 14:32:02 - [0,257] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\Qualcomm
O43 - CFD: 29/10/2009 - 15:07:38 - [3,339] ----D C:\Documents and Settings\CELINE GRISTI\Application Data\Novosoft
O43 - CFD: 22/12/2008 - 12:40:16 - [0,752] ----D C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\NewSoft
~ Program Folder: 163 Legitimates Scanned in 00mn 23s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.68374CA113D7B10C30DF600A834F57FF] - 10/04/2013 - 11:19:10 ---A- . (...) -- C:\WINDOWS\ComponentList.xml [97]
O44 - LFC:[MD5.6AB0FD4BEE15FA1C35F74DFAFC09A68A] - 10/04/2013 - 11:19:08 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [51048]
O44 - LFC:[MD5.4145AC65B95D10B4EAEAB798764A68D0] - 10/04/2013 - 10:38:38 ---A- . (...) -- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [4212]
O44 - LFC:[MD5.9FF3DE12582C5FF22BC7E2C249453864] - 10/04/2013 - 09:33:00 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.23DEEFA092B90C4E610F0DD08B8CB915] - 10/04/2013 - 09:30:30 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.027C09DD474E31FD09C7BCC5458BB52D] - 09/04/2013 - 17:09:52 ---A- . (...) -- C:\AdwCleaner[S1].txt [2351]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2013 - 15:07:32 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
~ Files: 25 Legitimates Scanned in 00mn 41s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DDD2DB16609B9A10184C140AD18E2B0F] - 10/04/2013 - 09:31:34 ---A- - C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf
O45 - LFCP:[MD5.3BB2C220C26EA014AE656DC52D75EBC6] - 10/04/2013 - 09:32:26 ---A- - C:\WINDOWS\Prefetch\MEMCHECK.EXE-0A370B04.pf
O45 - LFCP:[MD5.82AE75BED1E8EB6A65D9D6BC1353ADAC] - 10/04/2013 - 11:19:10 ---A- - C:\WINDOWS\Prefetch\XMLAUNCH.EXE-086AA80B.pf
O45 - LFCP:[MD5.258F6DDF9565475EB666FA4E7AE0EE57] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\AZMIXERSEL.EXE-0057985F.pf
O45 - LFCP:[MD5.147610277384A38CA64CE926F3D928D6] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\IMJPMIG.EXE-32ABEE9A.pf
O45 - LFCP:[MD5.4CE8FF0E693C831E7F1D50BAF3B0FC53] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\LAUNAPP.EXE-1B5E2140.pf
O45 - LFCP:[MD5.149A485020F6A9CEADB160D55637640C] - 10/04/2013 - 11:19:14 ---A- - C:\WINDOWS\Prefetch\RUNXMLPL.EXE-2046072A.pf
O45 - LFCP:[MD5.89BE674B4C7D7D9CB37C3C93AC61342F] - 10/04/2013 - 11:19:22 ---A- - C:\WINDOWS\Prefetch\RTKBTMNT.EXE-0153D462.pf
O45 - LFCP:[MD5.626E3C0A5170156FBCDE1D08FC05F72E] - 10/04/2013 - 11:19:24 ---A- - C:\WINDOWS\Prefetch\CNSLMAIN.EXE-2B4A9454.pf
O45 - LFCP:[MD5.1868D6C17F5367E397A874D565DDDA4D] - 10/04/2013 - 11:19:24 ---A- - C:\WINDOWS\Prefetch\WDBTNMGR.EXE-2DAD3A0B.pf
O45 - LFCP:[MD5.A952582864941F80A5CEAE4439641D0D] - 10/04/2013 - 11:19:26 ---A- - C:\WINDOWS\Prefetch\EPOWER_DMC.EXE-0838B86A.pf
O45 - LFCP:[MD5.2318B16B02BF02F41ED5A88852E9A42C] - 10/04/2013 - 11:19:26 ---A- - C:\WINDOWS\Prefetch\LAUNCHMONITOR.EXE-284AF436.pf
O45 - LFCP:[MD5.F1F81E54FB4444E4957B199EC7ED093A] - 10/04/2013 - 11:19:28 ---A- - C:\WINDOWS\Prefetch\BOOT.EXE-358A5EE6.pf
O45 - LFCP:[MD5.707370DDDAAC4C8F757F2B8ADCF92311] - 10/04/2013 - 11:19:28 ---A- - C:\WINDOWS\Prefetch\EDSLOADER.EXE-2A914953.pf
O45 - LFCP:[MD5.3F02B6255AACC33F2143C6130C070B9E] - 10/04/2013 - 11:19:36 ---A- - C:\WINDOWS\Prefetch\LOCKMON.EXE-1474D755.pf
O45 - LFCP:[MD5.58D38F65E18C8CA437FBF46554DE59A1] - 10/04/2013 - 11:19:38 ---A- - C:\WINDOWS\Prefetch\OPWARESE4.EXE-34DF2E66.pf
O45 - LFCP:[MD5.84E72461A11507D5E8E65D15FB68B02C] - 10/04/2013 - 11:19:40 ---A- - C:\WINDOWS\Prefetch\WRTMON.EXE-0F5F7813.pf
O45 - LFCP:[MD5.AEE10C067CFE10C58642BDD6DD19A9E9] - 10/04/2013 - 12:37:48 ---A- - C:\WINDOWS\Prefetch\DFRGFAT.EXE-22605FE5.pf
~ Prefetcher: 87 Legitimates Scanned in 00mn 01s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [Enabled] .(...) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImApp.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe (.not file.)
~ Keys Export: 17 Legitimates Scanned in 00mn 02s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{794275fe-9805-11db-8419-0016cfad7918}\AutoRun\command. (...) -- F:\setupSNK.exe (.not file.)
O51 - MPSK:{87ca094e-b95f-11dc-85dd-0016cfad7918}\AutoRun\command. (...) -- F:\loader.exe (.not file.)
O51 - MPSK:{a8eb5c07-7763-11dc-8598-0016cfad7918}\AutoRun\command. (...) -- F:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \drivers.desc\"iyvu9_32.dll"="Indeo� video Raw YVU9 by Intel" . (...) -- C:\WINDOWS\system32\iyvu9_32.dll
~ TDSD: 12 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "InstallVisualStyle"=1
O55 - MWPS:[HKLM\...\Policies\System] - "InstallTheme"=1
~ MWPS: 7 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 2 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 10/08/2004 - 04:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 10/08/2004 - 04:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 07/04/2013 - 13:30:38 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-07.json [46773]
O61 - LFC: 07/04/2013 - 15:04:36 -SHA- C:\Documents and Settings\CELINE GRISTI\Application Data\Microsoft\Internet Explorer\UserData\index.dat [16384]
O61 - LFC: 07/04/2013 - 19:58:18 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013-03-26 17.50.561.jpg.lnk [470]
O61 - LFC: 07/04/2013 - 21:53:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_02_26.lnk [346]
O61 - LFC: 07/04/2013 - 21:54:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0001.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:26 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0002.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:40 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0003.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:54:48 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_04.lnk [346]
O61 - LFC: 07/04/2013 - 21:54:48 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan_0004.pdf.lnk [514]
O61 - LFC: 07/04/2013 - 21:55:02 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_10.lnk [346]
O61 - LFC: 07/04/2013 - 21:55:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_24.lnk [346]
O61 - LFC: 07/04/2013 - 21:55:20 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\scan.pdf.lnk [495]
O61 - LFC: 07/04/2013 - 21:56:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\2013_03_25.lnk [346]
O61 - LFC: 07/04/2013 - 21:56:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\impot 2011.pdf.lnk [517]
O61 - LFC: 08/04/2013 - 07:19:34 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-08.json [46773]
O61 - LFC: 08/04/2013 - 09:05:24 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Comptabilit�.lnk [361]
O61 - LFC: 08/04/2013 - 09:05:24 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\compta salon celine 2013 .xls.lnk [587]
O61 - LFC: 08/04/2013 - 09:30:50 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\6958-A DIFFUSER TRES VITE avant interdiction(cord).pdf [213424]
O61 - LFC: 08/04/2013 - 09:48:06 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\startupCache\startupCache.4.little [1498723]
O61 - LFC: 08/04/2013 - 10:36:36 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\ACDSee 7.0.lnk [2533]
O61 - LFC: 08/04/2013 - 10:47:38 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0136.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:47:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0137.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:56:46 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0140.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 10:57:06 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0141.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:36 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0138.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\PICT0139.JPG.lnk [559]
O61 - LFC: 08/04/2013 - 11:00:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\le bon coin.lnk [390]
O61 - LFC: 08/04/2013 - 14:02:32 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\6958-A DIFFUSER TRES VITE avant interdiction(cord).pdf.lnk [620]
O61 - LFC: 08/04/2013 - 14:06:54 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Bulletin d'inscription - 06.05.2012.pdf.lnk [545]
O61 - LFC: 09/04/2013 - 09:36:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-09.json [47905]
O61 - LFC: 09/04/2013 - 17:08:32 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\adwcleaner.exe [613083]
O61 - LFC: 09/04/2013 - 17:16:10 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\search.json [10826]
O61 - LFC: 09/04/2013 - 17:28:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\ACER (C).lnk [201]
O61 - LFC: 09/04/2013 - 17:28:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\AdwCleaner[S1].txt.lnk [353]
O61 - LFC: 09/04/2013 - 17:30:36 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\content-prefs.sqlite [7168]
O61 - LFC: 09/04/2013 - 18:43:00 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\blocklist.xml [58746]
O61 - LFC: 09/04/2013 - 19:26:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\Bulletins de salaire.lnk [385]
O61 - LFC: 09/04/2013 - 19:26:52 ---A- C:\Documents and Settings\CELINE GRISTI\Recent\camille.03.2013.pdf.lnk [597]
O61 - LFC: 09/04/2013 - 19:27:32 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\documentCouponPaiement.pdf [5420]
O61 - LFC: 10/04/2013 - 08:07:04 ---A- C:\Documents and Settings\CELINE GRISTI\Bureau\mbam-setup-1.70.0.1100.exe [10156344]
O61 - LFC: 10/04/2013 - 08:10:00 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\bookmarkbackups\bookmarks-2013-04-10.json [47285]
O61 - LFC: 10/04/2013 - 08:10:08 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\downloads.sqlite [98304]
O61 - LFC: 10/04/2013 - 11:18:48 -SHA- C:\Documents and Settings\CELINE GRISTI\Application Data\Microsoft\Credentials\S-1-5-21-33194371-2589393498-2926583925-1005\Credentials [340]
O61 - LFC: 10/04/2013 - 11:18:48 -SHA- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-33194371-2589393498-2926583925-1005\Credentials [362]
O61 - LFC: 10/04/2013 - 11:19:18 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse [0]
O61 - LFC: 10/04/2013 - 11:19:26 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\ApplicationHistory\LockMon.exe.7987f3da.ini.inuse [0]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\addons.sqlite [524288]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cert8.db [360448]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite [524288]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\key3.db [16384]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\localstore.rdf [8480]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\permissions.sqlite [1638400]
O61 - LFC: 10/04/2013 - 12:21:58 ---A- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\OfflineCache\index.sqlite [262144]
O61 - LFC: 10/04/2013 - 17:44:16 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite-shm [32768]
O61 - LFC: 10/04/2013 - 17:44:18 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\webapps\webapps.json [2]
O61 - LFC: 10/04/2013 - 17:44:20 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite-shm [32768]
O61 - LFC: 10/04/2013 - 17:44:20 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\cookies.sqlite-wal [22040]
O61 - LFC: 10/04/2013 - 17:44:50 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\prefs.js [31866]
O61 - LFC: 10/04/2013 - 17:45:04 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite [10485760]
O61 - LFC: 10/04/2013 - 17:45:06 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\places.sqlite-wal [280192]
O61 - LFC: 10/04/2013 - 17:45:34 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\webappsstore.sqlite [4201472]
O61 - LFC: 10/04/2013 - 17:49:14 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\urlclassifierkey3.txt [154]
O61 - LFC: 10/04/2013 - 17:53:40 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\formhistory.sqlite [49152]
O61 - LFC: 10/04/2013 - 17:53:54 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\sessionstore.js [11258]
O61 - LFC: 10/04/2013 - 17:54:04 -SHA- C:\Documents and Settings\CELINE GRISTI\IETldCache\index.dat [262144]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcMultiRatingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcPhishingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcRatingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcUserStorage.json [156]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcVotingStorage.json [2]
O61 - LFC: 10/04/2013 - 17:54:22 ---A- C:\Documents and Settings\CELINE GRISTI\Application Data\Mozilla\Firefox\Profiles\yzloouit.default\wrcWarningStorage.json [2]
~ 5 Fichiers temporaires (Temporary files)
~ 23 Fichiers cookies (Cookies files)
~ Files: 236 Legitimates Scanned in 01mn 15s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 12/12/2008 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 11/04/2002 - C:\WINDOWS\system32\brsvc01a.exe (Brother XP spl Service) .(.brother Industries Ltd - brsvc01a.) - LEGACY_BROTHER_XP_SPL_SERVICE
O64 - Services: CurCS - 13/01/2006 - C:\WINDOWS\system32\drivers\epindd.sys (epindd) .(.Broadcom Corporation - Broadcom iLine10(tm) PCI Network Adapter PC.) - LEGACY_EPINDD
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS
O64 - Services: CurCS - 06/11/2007 - C:\Program Files\FICHIE~1\SYMANT~1\SymcData\idsdefs\20071220.001\SymIDSCo.sys (SYMIDSCO) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_SYMIDSCO
~ Legacy: 222 Legitimates Scanned in 00mn 13s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 02s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {C21A9A0C-5FA9-40EC-B24F-CD6C916EE951} - (Yahoo! Search) - http://search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 42 Legitimates Scanned in 00mn 01s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.524F446FA6DE3C022EFB2E992422AF75] [SPRF][25/12/2006] (...) -- C:\Documents and Settings\CELINE GRISTI\Local Settings\Application Data\fusioncache.dat [136]
[MD5.2E7254D27C1E999390F29A65EB958BA5] [SPRF][09/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\ZHPDiag2.exe [5538030]
[MD5.02C4F6C257542FCB7C58B7164D674471] [SPRF][09/04/2013] (...) -- C:\Documents and Settings\CELINE GRISTI\Bureau\adwcleaner.exe [613083]
[MD5.0FB6D382FA5FBF72D05FC2A4503B7DF2] [SPRF][10/04/2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\mbam-setup-1.70.0.1100.exe [10156344]
[MD5.D02522EF74A48A276277BAF017548A22] [SPRF][07/03/2013] (...) -- C:\Documents and Settings\CELINE GRISTI\Bureau\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_fr.exe [126019687]
[MD5.25D73A2BD775663A3294CD03C4D85630] [SPRF][28/04/2011] (.Microsoft Corporation - Pas de description.) -- C:\Documents and Settings\CELINE GRISTI\Bureau\FileFormatConverters.exe [39060536]
[MD5.387804211A84DCA79A7238E4406A1F21] [SPRF][20/11/2007] (.Adobe Systems Incorporated - Adobe� Flash� Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1523536]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 10s
---\\ Scan Additionnel (O88)
Database Version : v2.11496 - (09/04/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Classes\CLSID\{1a03f196-9617-4ca0-842b-a83ceecb022b}] =>PUP.SweetIM
[HKCU\Software\WebMediaPlayer] =>Rogue.Multiple
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WebMediaPlayer] =>Rogue.Multiple
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Scanned in 00mn 27s
---\\ Product Upgrade Codes (O90)
~ Update Products: 57 Legitimates Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2006 28672 | (AcerMemUsageCheckService) . (.Acer Inc..) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 09/07/2009 144712 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 12/12/2008 238888 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 11/04/2002 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\WINDOWS\system32\brsvc01a.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 97432 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 13/07/2009 542496 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 19/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 18/05/2006 49152 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 520192 | (LockServ) . (...) - C:\Acer\Empowering Technology\eLock\LockServ.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 20/07/2006 143426 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 23/01/2012 92592 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by CELINE GRISTI at 10/04/2013 19:01:56
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
C:\WINDOWS\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF1F0] >> \Device\Harddisk0\DR0[0x85498030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by CELINE GRISTI at 10/04/2013 19:01:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1338 Legitimates filtered by white list
End of the scan (726 lines in 07mn 40s)(0)