Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.10.58 par Nicolas Coolman, Update du 10/04/2013
Run by Danoulh at 11/04/2013 18:08:14
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521
MFIE: Mozilla Firefox v3.6.14 (fr) (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware v1.75.0.1300 v1.75.0.1300
COMODO Internet Security v5.12.59641.2599
Spybot - Search & Destroy v2.0.12
SUPERAntiSpyware v5.0.1146
Ad-Aware Antivirus v10.5.1.4369
---\\ Software Update
Adobe Flash Player 11 Plugin
Windows Defender W7
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (43% free)
System Restore: Activ� (Enable)
System drive C: has 36 GB (47%) free of 75 GB
---\\ Logged in mode
~ Computer Name: DANOULH-PC
~ User Name: Danoulh
~ All Users Names: Danoulh, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Danoulh\AppData\Roaming\
~ %Desktop% : C:\Users\Danoulh\Desktop\
~ %Favorites% : C:\Users\Danoulh\Favorites\
~ %LocalAppData% : C:\Users\Danoulh\AppData\Local\
~ %StartMenu% : C:\Users\Danoulh\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 75 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 73 Go)
E:\ CD-ROM drive (Not Inserted)
H:\ CD-ROM drive (Free 0 Go of 1 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.BA15504FA59A8DC304F1CBAEBA6252A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/03/2013 - 01:06:20.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/10
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lanc�s
[MD5.EEF94AAFE49902B376A96F1B33808F6D] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2255360] [PID.1760]
[MD5.05E910909FCA8ED09C1A53EE122FEA03] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587912] [PID.2288]
[MD5.30A0B072E647757CEDDA9E306D410410] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048] [PID.3184]
[MD5.E842A2F57060D3AF52463131D40D0EB4] - (.Visagesoft - PDF Pro 10 Creator.) -- C:\Program Files\PDF Pro 10\vspdfprsrv.exe [6221312] [PID.3252]
[MD5.BC338374DBFE6531F35B1BDA24232B43] - (.Pas de propri�taire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1219248] [PID.3296]
[MD5.DAD85786EC08DBCA8E7FB482CECD26F4] - (.SPAMfighter ApS - FIGHTERtools Update Manager.) -- C:\Program Files\Fighters\Tray\FightersTray.exe [1425952] [PID.3364]
[MD5.FD43150FD2F4E28D9D7A04D93282E0EA] - (.SPAMfighter - SPYWAREfighter Application.) -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe [1216552] [PID.3392]
[MD5.9948A6AA74198D120D2D12C6790A9CD0] - (.SPAMfighter - VIRUSfighter Application.) -- C:\Program Files\Fighters\VIRUSfighter\vfproTray.exe [1315880] [PID.3432]
[MD5.B5A4EBA9487F08BECC843A87422B8052] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176] [PID.3456]
[MD5.751184DF487A1B3C95CB29B0D0069C28] - (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe [4763008] [PID.3756]
[MD5.D88135FE55B356618FCCDF1CC5653174] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.3260]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.3988]
[MD5.C3F266250A3211A69CC96C6183A016D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6647808] [PID.4124]
[MD5.A7F08A73F2668FCD2B51A66751FA7FF3] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3089856] [PID.824]
[MD5.2A2D72271844C52F004901A60312B96A] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464] [PID.1064]
[MD5.B19505648F033393E907E2E419FDE8B3] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1216]
[MD5.378F5EB676C0BD7EAAAFA7AD5BA44B16] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [348160] [PID.1500]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.248]
[MD5.D8B7FBD517D9B37C811C438CC78BF2E2] - (.Preventon Technologies Limited - Preventon AV Scanning Service.) -- C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe [2000152] [PID.368]
[MD5.5AEF2270EE9265AE3624BC5419F20EA6] - (.Preventon Technologies Limited - Preventon AV Watch Service.) -- C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe [400544] [PID.424]
[MD5.6D12BDA1715C38BE1746B195B1E4337E] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1436160] [PID.632]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.256]
[MD5.716A5E6D090DEC102883581DD8427422] - (.SPAMfighter ApS - Fighter Suite Service.) -- C:\Program Files\Fighters\FighterSuiteService.exe [1270816] [PID.2348]
[MD5.A529CFE32565C0B145578FFB2B32C9A5] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624] [PID.2400]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3344]
[MD5.452DB84283EB2F043827AC95D62CE19C] - (.Safer-Networking Ltd. - Update.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [3487240] [PID.1732]
~ Processes Running: Scanned in 00mn 13s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Danoulh\AppData\Roaming\Mozilla\Firefox\Profiles\4h8dtaa3.default\prefs.js (.not file.)
C:\Users\Danoulh\AppData\Roaming\Mozilla\Firefox\Profiles\rwxl6z38.default\prefs.js
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
~ Firefox Browser: 11 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 7 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer-Networking Ltd. - Blocks URLs that could install spyware, mal.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
~ BHO: 1 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] . (.Visagesoft - PDF Pro 10 Creator.) -- C:\Program Files\PDF Pro 10\vspdfprsrv.exe
O4 - HKLM\..\Run: [vProt] . (.Pas de propri�taire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
O4 - HKLM\..\Run: [CommonToolkitTray] . (.SPAMfighter ApS - FIGHTERtools Update Manager.) -- C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [SWPROguard] . (.SPAMfighter - SPYWAREfighter Application.) -- C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
O4 - HKLM\..\Run: [VFPROguard] . (.SPAMfighter - VIRUSfighter Application.) -- C:\Program Files\Fighters\VIRUSfighter\vfprotray.exe
O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Frozen Throne.lnk . (.Blizzard Entertainment - Frozen Throne.) -- C:\Program Files\Warcraft III\Frozen Throne.exe
O4 - GS\Desktop: GomEncoder.lnk . (...) -- C:\Users\Danoulh\Documents\GomEncoder
O4 - GS\Desktop: Maintenance.lnk . (...) -- D:\Maintenance
O4 - GS\Desktop: T�l�chargements.lnk . (...) -- C:\Users\Danoulh\Downloads
O4 - GS\Desktop: Warcraft III.lnk . (.Blizzard Entertainment - Warcraft III.) -- C:\Program Files\Warcraft III\Warcraft III.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 6 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: AV Engine Scanning Service (AV Engine Scanning Service) . (.Preventon Technologies Limited - Preventon AV Scanning Service.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
O23 - Service: AV Watch Service (AV Watch Service) . (.Preventon Technologies Limited - Preventon AV Watch Service.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Suite Service (Suite Service) . (.SPAMfighter ApS - Fighter Suite Service.) - C:\Program Files\Fighters\FighterSuiteService.exe
~ Services: 12 Legitimates Scanned in 00mn 39s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [3487240]
[MD5.00000000000000000000000000000000] [APT] [Refresh immunization] (...) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Scan the system] (...) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (.not file.) [0]
~ Scheduled Task: 6 Legitimates Scanned in 00mn 19s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (A2DDA) . (.Emsisoft GmbH - Emsisoft Direct Disk Access Support Driver.) - C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 90 Legitimates Scanned in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: SPYWAREfighter - (.SPAMFIGHTER ApS.) [HKLM] -- SPYWAREfighter
O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1
O42 - Logiciel: VIRUSfighter - (.SPAMFIGHTER ApS.) [HKLM] -- VIRUSfighter
O42 - Logiciel: �Torrent - (...) [HKLM] -- uTorrent
~ Logic: 45 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\92dfd9e23cec48]
[HKCU\Software\BitTorrent]
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\SUPERAntiSpyware.com]
[HKLM\Software\92dfd9e23cec48]
[HKLM\Software\AntimalwareSolution]
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\PCTools]
[HKLM\Software\Preventon]
[HKLM\Software\SUPERAntiSpyware.com]
~ Key Software: 107 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2013 - 09:07:40 - [13,395] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 11/03/2013 - 18:19:28 - [6,550] ----D C:\Program Files\Spybot - S&D
O43 - CFD: 11/04/2013 - 13:30:21 - [146,545] ----D C:\Program Files\Spybot - Search & Destroy 2
O43 - CFD: 11/04/2013 - 09:08:47 - [102,324] ----D C:\Program Files\SUPERAntiSpyware
O43 - CFD: 28/03/2013 - 12:42:49 - [0,381] ----D C:\Program Files\uTorrent
O43 - CFD: 10/04/2013 - 08:52:25 - [13,209] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 10/04/2013 - 13:54:00 - [0,003] ----D C:\ProgramData\clp
O43 - CFD: 11/03/2013 - 21:16:32 - [15,891] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 11/04/2013 - 13:36:28 - [81,307] ----D C:\ProgramData\Preventon
O43 - CFD: 11/04/2013 - 08:31:26 - [0,082] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 11/04/2013 - 08:44:43 - [309,566] ----D C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD: 11/03/2013 - 21:16:41 - [6,986] ----D C:\Users\Danoulh\AppData\Roaming\Malwarebytes
O43 - CFD: 11/04/2013 - 08:45:38 - [0,839] ----D C:\Users\Danoulh\AppData\Roaming\SUPERAntiSpyware.com
O43 - CFD: 09/04/2013 - 22:32:47 - [1,321] ----D C:\Users\Danoulh\AppData\Roaming\uTorrent
~ Program Folder: 131 Legitimates Scanned in 00mn 13s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.38D1F001DE564EB97C664E3249F98726] - 11/04/2013 - 12:42:17 ---A- . (...) -- C:\AdwCleaner[S11].txt [2667]
O44 - LFC:[MD5.A9C25C9A8F9DA7F25C14D84C4CE845A3] - 10/04/2013 - 20:51:58 ---A- . (.Safer Networking Limited - Pas de description.) -- C:\Windows\System32\sdnclean.exe [15224]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 10/04/2013 - 18:58:18 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.25917D15FB90D92EDBE3F0CCD75634CE] - 10/04/2013 - 18:58:18 ---A- . (...) -- C:\Windows\diagwrn.xml [2562]
O44 - LFC:[MD5.839C93A756F120BDF0BF827D3261D674] - 10/04/2013 - 17:12:36 ---A- . (...) -- C:\AdwCleaner[S10].txt [2679]
O44 - LFC:[MD5.623DA40F2BBEA3B53870B348243929A2] - 10/04/2013 - 17:11:53 ---A- . (...) -- C:\AdwCleaner[R10].txt [2603]
O44 - LFC:[MD5.5A60083F9EF085D1569483D504A39410] - 10/04/2013 - 12:15:48 ---A- . (...) -- C:\AdwCleaner[S9].txt [2603]
O44 - LFC:[MD5.2B3C712BD9E73A04969A1156C3705D39] - 10/04/2013 - 12:15:07 ---A- . (...) -- C:\AdwCleaner[R9].txt [2527]
O44 - LFC:[MD5.B7BCB47772342F5116AEE5AFDD53E768] - 10/04/2013 - 08:40:24 ---A- . (...) -- C:\AdwCleaner[S8].txt [2436]
O44 - LFC:[MD5.EAE8EF101079B6C08BA9562E03A0FEB1] - 10/04/2013 - 08:39:08 ---A- . (...) -- C:\AdwCleaner[R8].txt [2361]
O44 - LFC:[MD5.0CC3DF84F49E4B8D39630DEBEF337D7B] - 10/04/2013 - 08:31:33 ---A- . (...) -- C:\AdwCleaner[S7].txt [2835]
O44 - LFC:[MD5.5326BEB4488B520E1868BF108EFDA22D] - 10/04/2013 - 08:30:37 ---A- . (...) -- C:\AdwCleaner[R7].txt [2751]
O44 - LFC:[MD5.7268A7B9B768909709E0B2FA59AB2CC0] - 09/04/2013 - 21:30:59 ---A- . (...) -- C:\AdwCleaner[S6].txt [1657]
O44 - LFC:[MD5.0075D5F2046F779640BE480B81E0C76E] - 09/04/2013 - 21:30:38 ---A- . (...) -- C:\AdwCleaner[R6].txt [1587]
O44 - LFC:[MD5.B939144CFC745B75A120AC0F141C6D0E] - 09/04/2013 - 21:24:15 ---A- . (...) -- C:\AdwCleaner[S5].txt [9834]
O44 - LFC:[MD5.1B4C295A9D65BAE31707B3EC4248883F] - 09/04/2013 - 21:23:24 ---A- . (...) -- C:\AdwCleaner[R5].txt [9824]
O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 28/03/2013 - 11:54:24 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [830]
O44 - LFC:[MD5.1D6355A53122A4635AA1DD5ABCB897F0] - 23/03/2013 - 12:30:19 ---A- . (.Visagesoft - Visagesoft Printer Port Monitor.) -- C:\Windows\System32\vsmon1.dll [22016]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 23/03/2013 - 01:06:03 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.C8CF6BA1CA301005394D6615B675C745] - 18/03/2013 - 14:49:35 ---A- . (...) -- C:\AdwCleaner[S4].txt [1454]
O44 - LFC:[MD5.8B3883B8169BBD52BBB546FBD911D7F9] - 18/03/2013 - 14:48:59 ---A- . (...) -- C:\AdwCleaner[R4].txt [1391]
O44 - LFC:[MD5.EDF70F4C6C1B7EE9C9B0771D087D354B] - 15/03/2013 - 11:48:24 ---A- . (...) -- C:\lxbt.log [770]
~ Files: 118 Legitimates Scanned in 00mn 57s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
~ Keys Export: 4 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e62235c1-8b37-11e2-a808-806e6f6e6963}\AutoRun\command. (...) -- H:\autoplay.exe
O51 - MPSK:{f052514e-8a4f-11e2-89bc-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 01s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\SBRegRebootCleaner [Key] . (.GFI Software - Registry Cleaner.) -- C:\Program Files\Ad-Aware Antivirus\SBRC.exe
O53 - SMSR:HKLM\...\startupreg\SpywareTerminatorShield [Key] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O53 - SMSR:HKLM\...\startupreg\SpywareTerminatorUpdater [Key] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O53 - SMSR:HKLM\...\startupreg\TrojanScanner [Key] . (.Simply Super Software - Trojan Scanner.) -- C:\Program Files\Trojan Remover\Trjscan.exe
~ SMSR Keys: 8 Legitimates Scanned in 00mn 08s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/04/2012 - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (a2acc) .(.Emsisoft GmbH - Emsisoft Anti-Malware File Guard.) - LEGACY_A2ACC
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (ATE_PROCMON) .(...) - LEGACY_ATE_PROCMON
O64 - Services: CurCS - 30/05/2012 - Pas de propri�taire (AVFSFilter) .(...) - LEGACY_AVFSFILTER
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmderd.sys (cmderd) .(.COMODO - COMODO Internet Security Eradication Driver.) - LEGACY_CMDERD
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmdguard.sys (cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmdhlp.sys (cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\inspect.sys (inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT
O64 - Services: CurCS - 22/07/2011 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys (SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV
O64 - Services: CurCS - 12/07/2011 - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL
~ Legacy: 81 Legitimates Scanned in 00mn 02s
---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 29 Legitimates Scanned in 00mn 02s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3C061123B9086C248CB32AD84AE40689] [SPRF][20/05/2003] (.Blizzard Entertainment - Frozen Throne Installer.) -- C:\Users\Danoulh\AppData\Local\Temp\war3_install.exe [307200]
[MD5.01FF12E79A462BF76A8BAAAA31E53934] [SPRF][11/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Danoulh\Desktop\ZHPDiag2.exe [5547609]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.11504 - (10/04/2013)
Cl�s trouv�es (Keys found) : 1
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
C:\Users\Danoulh\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch
~ Additionnel: Scanned in 00mn 51s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9D4C0BF0BB37A1D44838D5B05DF3CA0C" . (.Ad-Aware Antivirus.) -- C:\Windows\Installer\{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}\ARPPRODUCTICON.exe
O90 - PUC: "B67D5C1801A830A468614D95E85A2799" . (.Fighters.) -- C:\Windows\Installer\{81C5D76B-8A10-4A03-8616-D4598EA57299}\ARPPRODUCTICON.exe
~ Update Products: 24 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\92dfd9e23cec48] =>Toolbar.Babylon^
[HKCU\Software\92dfd9e23cec48]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\92dfd9e23cec48]:version="2.6.1125.80"
[HKLM\Software\92dfd9e23cec48] =>Toolbar.Babylon^
[HKLM\Software\92dfd9e23cec48]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\92dfd9e23cec48]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/04/2013 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 28/03/2013 3089856 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SS - | Disabled 21/02/2013 1236336 | (Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
SS - | Demand 10/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/08/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 09/04/2013 2000152 | (AV Engine Scanning Service) . (.Preventon Technologies Limited.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
SR - | Auto 09/04/2013 400544 | (AV Watch Service) . (.Preventon Technologies Limited.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
SR - | Auto 07/11/2012 1990464 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Auto 14/12/2012 1436160 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
SS - | Disabled 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Disabled 20/09/2012 3677000 | (SBAMSvc) . (.GFI Software.) - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
SS - | Auto 13/11/2012 1103392 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 13/11/2012 1369624 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Auto 13/11/2012 168384 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 12/02/2013 587912 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 12/03/2013 1270816 | (Suite Service) . (.SPAMfighter ApS.) - C:\Program Files\Fighters\FighterSuiteService.exe
~ Services: Scanned in 00mn 10s
~ 704 Legitimates filtered by white list
End of the scan (568 lines in 04mn 22s)(0)
Run by Danoulh at 11/04/2013 18:08:14
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521
MFIE: Mozilla Firefox v3.6.14 (fr) (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : HYRR2
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Malwarebytes Anti-Malware v1.75.0.1300 v1.75.0.1300
COMODO Internet Security v5.12.59641.2599
Spybot - Search & Destroy v2.0.12
SUPERAntiSpyware v5.0.1146
Ad-Aware Antivirus v10.5.1.4369
---\\ Software Update
Adobe Flash Player 11 Plugin
Windows Defender W7
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (43% free)
System Restore: Activ� (Enable)
System drive C: has 36 GB (47%) free of 75 GB
---\\ Logged in mode
~ Computer Name: DANOULH-PC
~ User Name: Danoulh
~ All Users Names: Danoulh, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Danoulh\AppData\Roaming\
~ %Desktop% : C:\Users\Danoulh\Desktop\
~ %Favorites% : C:\Users\Danoulh\Favorites\
~ %LocalAppData% : C:\Users\Danoulh\AppData\Local\
~ %StartMenu% : C:\Users\Danoulh\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 75 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 73 Go)
E:\ CD-ROM drive (Not Inserted)
H:\ CD-ROM drive (Free 0 Go of 1 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.BA15504FA59A8DC304F1CBAEBA6252A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.23/03/2013 - 01:06:20.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/10
~ Mon Bureau (My Desktop) : 1/24
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lanc�s
[MD5.EEF94AAFE49902B376A96F1B33808F6D] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2255360] [PID.1760]
[MD5.05E910909FCA8ED09C1A53EE122FEA03] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [587912] [PID.2288]
[MD5.30A0B072E647757CEDDA9E306D410410] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048] [PID.3184]
[MD5.E842A2F57060D3AF52463131D40D0EB4] - (.Visagesoft - PDF Pro 10 Creator.) -- C:\Program Files\PDF Pro 10\vspdfprsrv.exe [6221312] [PID.3252]
[MD5.BC338374DBFE6531F35B1BDA24232B43] - (.Pas de propri�taire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1219248] [PID.3296]
[MD5.DAD85786EC08DBCA8E7FB482CECD26F4] - (.SPAMfighter ApS - FIGHTERtools Update Manager.) -- C:\Program Files\Fighters\Tray\FightersTray.exe [1425952] [PID.3364]
[MD5.FD43150FD2F4E28D9D7A04D93282E0EA] - (.SPAMfighter - SPYWAREfighter Application.) -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe [1216552] [PID.3392]
[MD5.9948A6AA74198D120D2D12C6790A9CD0] - (.SPAMfighter - VIRUSfighter Application.) -- C:\Program Files\Fighters\VIRUSfighter\vfproTray.exe [1315880] [PID.3432]
[MD5.B5A4EBA9487F08BECC843A87422B8052] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176] [PID.3456]
[MD5.751184DF487A1B3C95CB29B0D0069C28] - (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe [4763008] [PID.3756]
[MD5.D88135FE55B356618FCCDF1CC5653174] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.3260]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.3988]
[MD5.C3F266250A3211A69CC96C6183A016D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6647808] [PID.4124]
[MD5.A7F08A73F2668FCD2B51A66751FA7FF3] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3089856] [PID.824]
[MD5.2A2D72271844C52F004901A60312B96A] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464] [PID.1064]
[MD5.B19505648F033393E907E2E419FDE8B3] - (.AMD - AMD External Events Service Module.) -- C:\Windows\system32\atiesrxx.exe [176128] [PID.1216]
[MD5.378F5EB676C0BD7EAAAFA7AD5BA44B16] - (.AMD - AMD External Events Client Module.) -- C:\Windows\system32\atieclxx.exe [348160] [PID.1500]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.248]
[MD5.D8B7FBD517D9B37C811C438CC78BF2E2] - (.Preventon Technologies Limited - Preventon AV Scanning Service.) -- C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe [2000152] [PID.368]
[MD5.5AEF2270EE9265AE3624BC5419F20EA6] - (.Preventon Technologies Limited - Preventon AV Watch Service.) -- C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe [400544] [PID.424]
[MD5.6D12BDA1715C38BE1746B195B1E4337E] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1436160] [PID.632]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.256]
[MD5.716A5E6D090DEC102883581DD8427422] - (.SPAMfighter ApS - Fighter Suite Service.) -- C:\Program Files\Fighters\FighterSuiteService.exe [1270816] [PID.2348]
[MD5.A529CFE32565C0B145578FFB2B32C9A5] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624] [PID.2400]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3344]
[MD5.452DB84283EB2F043827AC95D62CE19C] - (.Safer-Networking Ltd. - Update.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [3487240] [PID.1732]
~ Processes Running: Scanned in 00mn 13s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Danoulh\AppData\Roaming\Mozilla\Firefox\Profiles\4h8dtaa3.default\prefs.js (.not file.)
C:\Users\Danoulh\AppData\Roaming\Mozilla\Firefox\Profiles\rwxl6z38.default\prefs.js
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
~ Firefox Browser: 11 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 7 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer-Networking Ltd. - Blocks URLs that could install spyware, mal.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
~ BHO: 1 Legitimates Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] . (.Visagesoft - PDF Pro 10 Creator.) -- C:\Program Files\PDF Pro 10\vspdfprsrv.exe
O4 - HKLM\..\Run: [vProt] . (.Pas de propri�taire - VProtect Application.) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
O4 - HKLM\..\Run: [CommonToolkitTray] . (.SPAMfighter ApS - FIGHTERtools Update Manager.) -- C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [SWPROguard] . (.SPAMfighter - SPYWAREfighter Application.) -- C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
O4 - HKLM\..\Run: [VFPROguard] . (.SPAMfighter - VIRUSfighter Application.) -- C:\Program Files\Fighters\VIRUSfighter\vfprotray.exe
O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
O4 - HKUS\S-1-5-21-3798442329-475683606-1838957551-1000\..\Run: [SUPERAntiSpyware] . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch: GOM Player.lnk . (...) -- C:\Program Files\GRETECH\GomPlayer\GOM.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Frozen Throne.lnk . (.Blizzard Entertainment - Frozen Throne.) -- C:\Program Files\Warcraft III\Frozen Throne.exe
O4 - GS\Desktop: GomEncoder.lnk . (...) -- C:\Users\Danoulh\Documents\GomEncoder
O4 - GS\Desktop: Maintenance.lnk . (...) -- D:\Maintenance
O4 - GS\Desktop: T�l�chargements.lnk . (...) -- C:\Users\Danoulh\Downloads
O4 - GS\Desktop: Warcraft III.lnk . (.Blizzard Entertainment - Warcraft III.) -- C:\Program Files\Warcraft III\Warcraft III.exe
~ Global Startup: Scanned in 00mn 02s
---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Cl� orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - Broken Internet access because of LSP provider (.not file.) -- mswsock.dll
~ Winsock: 6 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{92B3C2D2-3B2A-4E13-9ECD-FD38D46C7E6A}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{EB961803-867F-4E64-9AB5-62A828B66242}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: AV Engine Scanning Service (AV Engine Scanning Service) . (.Preventon Technologies Limited - Preventon AV Scanning Service.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
O23 - Service: AV Watch Service (AV Watch Service) . (.Preventon Technologies Limited - Preventon AV Watch Service.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Suite Service (Suite Service) . (.SPAMfighter ApS - Fighter Suite Service.) - C:\Program Files\Fighters\FighterSuiteService.exe
~ Services: 12 Legitimates Scanned in 00mn 39s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 2 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [3487240]
[MD5.00000000000000000000000000000000] [APT] [Refresh immunization] (...) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Scan the system] (...) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe (.not file.) [0]
~ Scheduled Task: 6 Legitimates Scanned in 00mn 19s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (A2DDA) . (.Emsisoft GmbH - Emsisoft Direct Disk Access Support Driver.) - C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\Windows\system32\drivers\sp_rsdrv2.sys
~ Drivers: 90 Legitimates Scanned in 00mn 02s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: SPYWAREfighter - (.SPAMFIGHTER ApS.) [HKLM] -- SPYWAREfighter
O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1
O42 - Logiciel: VIRUSfighter - (.SPAMFIGHTER ApS.) [HKLM] -- VIRUSfighter
O42 - Logiciel: �Torrent - (...) [HKLM] -- uTorrent
~ Logic: 45 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\92dfd9e23cec48]
[HKCU\Software\BitTorrent]
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\SUPERAntiSpyware.com]
[HKLM\Software\92dfd9e23cec48]
[HKLM\Software\AntimalwareSolution]
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\PCTools]
[HKLM\Software\Preventon]
[HKLM\Software\SUPERAntiSpyware.com]
~ Key Software: 107 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2013 - 09:07:40 - [13,395] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 11/03/2013 - 18:19:28 - [6,550] ----D C:\Program Files\Spybot - S&D
O43 - CFD: 11/04/2013 - 13:30:21 - [146,545] ----D C:\Program Files\Spybot - Search & Destroy 2
O43 - CFD: 11/04/2013 - 09:08:47 - [102,324] ----D C:\Program Files\SUPERAntiSpyware
O43 - CFD: 28/03/2013 - 12:42:49 - [0,381] ----D C:\Program Files\uTorrent
O43 - CFD: 10/04/2013 - 08:52:25 - [13,209] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 10/04/2013 - 13:54:00 - [0,003] ----D C:\ProgramData\clp
O43 - CFD: 11/03/2013 - 21:16:32 - [15,891] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 11/04/2013 - 13:36:28 - [81,307] ----D C:\ProgramData\Preventon
O43 - CFD: 11/04/2013 - 08:31:26 - [0,082] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 11/04/2013 - 08:44:43 - [309,566] ----D C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD: 11/03/2013 - 21:16:41 - [6,986] ----D C:\Users\Danoulh\AppData\Roaming\Malwarebytes
O43 - CFD: 11/04/2013 - 08:45:38 - [0,839] ----D C:\Users\Danoulh\AppData\Roaming\SUPERAntiSpyware.com
O43 - CFD: 09/04/2013 - 22:32:47 - [1,321] ----D C:\Users\Danoulh\AppData\Roaming\uTorrent
~ Program Folder: 131 Legitimates Scanned in 00mn 13s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.38D1F001DE564EB97C664E3249F98726] - 11/04/2013 - 12:42:17 ---A- . (...) -- C:\AdwCleaner[S11].txt [2667]
O44 - LFC:[MD5.A9C25C9A8F9DA7F25C14D84C4CE845A3] - 10/04/2013 - 20:51:58 ---A- . (.Safer Networking Limited - Pas de description.) -- C:\Windows\System32\sdnclean.exe [15224]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 10/04/2013 - 18:58:18 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.25917D15FB90D92EDBE3F0CCD75634CE] - 10/04/2013 - 18:58:18 ---A- . (...) -- C:\Windows\diagwrn.xml [2562]
O44 - LFC:[MD5.839C93A756F120BDF0BF827D3261D674] - 10/04/2013 - 17:12:36 ---A- . (...) -- C:\AdwCleaner[S10].txt [2679]
O44 - LFC:[MD5.623DA40F2BBEA3B53870B348243929A2] - 10/04/2013 - 17:11:53 ---A- . (...) -- C:\AdwCleaner[R10].txt [2603]
O44 - LFC:[MD5.5A60083F9EF085D1569483D504A39410] - 10/04/2013 - 12:15:48 ---A- . (...) -- C:\AdwCleaner[S9].txt [2603]
O44 - LFC:[MD5.2B3C712BD9E73A04969A1156C3705D39] - 10/04/2013 - 12:15:07 ---A- . (...) -- C:\AdwCleaner[R9].txt [2527]
O44 - LFC:[MD5.B7BCB47772342F5116AEE5AFDD53E768] - 10/04/2013 - 08:40:24 ---A- . (...) -- C:\AdwCleaner[S8].txt [2436]
O44 - LFC:[MD5.EAE8EF101079B6C08BA9562E03A0FEB1] - 10/04/2013 - 08:39:08 ---A- . (...) -- C:\AdwCleaner[R8].txt [2361]
O44 - LFC:[MD5.0CC3DF84F49E4B8D39630DEBEF337D7B] - 10/04/2013 - 08:31:33 ---A- . (...) -- C:\AdwCleaner[S7].txt [2835]
O44 - LFC:[MD5.5326BEB4488B520E1868BF108EFDA22D] - 10/04/2013 - 08:30:37 ---A- . (...) -- C:\AdwCleaner[R7].txt [2751]
O44 - LFC:[MD5.7268A7B9B768909709E0B2FA59AB2CC0] - 09/04/2013 - 21:30:59 ---A- . (...) -- C:\AdwCleaner[S6].txt [1657]
O44 - LFC:[MD5.0075D5F2046F779640BE480B81E0C76E] - 09/04/2013 - 21:30:38 ---A- . (...) -- C:\AdwCleaner[R6].txt [1587]
O44 - LFC:[MD5.B939144CFC745B75A120AC0F141C6D0E] - 09/04/2013 - 21:24:15 ---A- . (...) -- C:\AdwCleaner[S5].txt [9834]
O44 - LFC:[MD5.1B4C295A9D65BAE31707B3EC4248883F] - 09/04/2013 - 21:23:24 ---A- . (...) -- C:\AdwCleaner[R5].txt [9824]
O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 28/03/2013 - 11:54:24 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [830]
O44 - LFC:[MD5.1D6355A53122A4635AA1DD5ABCB897F0] - 23/03/2013 - 12:30:19 ---A- . (.Visagesoft - Visagesoft Printer Port Monitor.) -- C:\Windows\System32\vsmon1.dll [22016]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 23/03/2013 - 01:06:03 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.C8CF6BA1CA301005394D6615B675C745] - 18/03/2013 - 14:49:35 ---A- . (...) -- C:\AdwCleaner[S4].txt [1454]
O44 - LFC:[MD5.8B3883B8169BBD52BBB546FBD911D7F9] - 18/03/2013 - 14:48:59 ---A- . (...) -- C:\AdwCleaner[R4].txt [1391]
O44 - LFC:[MD5.EDF70F4C6C1B7EE9C9B0771D087D354B] - 15/03/2013 - 11:48:24 ---A- . (...) -- C:\lxbt.log [770]
~ Files: 118 Legitimates Scanned in 00mn 57s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
~ Keys Export: 4 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{e62235c1-8b37-11e2-a808-806e6f6e6963}\AutoRun\command. (...) -- H:\autoplay.exe
O51 - MPSK:{f052514e-8a4f-11e2-89bc-806e6f6e6963}\AutoRun\command. (...) -- E:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 01s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\SBRegRebootCleaner [Key] . (.GFI Software - Registry Cleaner.) -- C:\Program Files\Ad-Aware Antivirus\SBRC.exe
O53 - SMSR:HKLM\...\startupreg\SpywareTerminatorShield [Key] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O53 - SMSR:HKLM\...\startupreg\SpywareTerminatorUpdater [Key] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O53 - SMSR:HKLM\...\startupreg\TrojanScanner [Key] . (.Simply Super Software - Trojan Scanner.) -- C:\Program Files\Trojan Remover\Trjscan.exe
~ SMSR Keys: 8 Legitimates Scanned in 00mn 08s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/04/2012 - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (a2acc) .(.Emsisoft GmbH - Emsisoft Anti-Malware File Guard.) - LEGACY_A2ACC
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (ATE_PROCMON) .(...) - LEGACY_ATE_PROCMON
O64 - Services: CurCS - 30/05/2012 - Pas de propri�taire (AVFSFilter) .(...) - LEGACY_AVFSFILTER
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmderd.sys (cmderd) .(.COMODO - COMODO Internet Security Eradication Driver.) - LEGACY_CMDERD
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmdguard.sys (cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\cmdhlp.sys (cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP
O64 - Services: CurCS - 07/11/2012 - C:\Windows\System32\DRIVERS\inspect.sys (inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT
O64 - Services: CurCS - 22/07/2011 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys (SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV
O64 - Services: CurCS - 12/07/2011 - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL
~ Legacy: 81 Legitimates Scanned in 00mn 02s
---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 29 Legitimates Scanned in 00mn 02s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3C061123B9086C248CB32AD84AE40689] [SPRF][20/05/2003] (.Blizzard Entertainment - Frozen Throne Installer.) -- C:\Users\Danoulh\AppData\Local\Temp\war3_install.exe [307200]
[MD5.01FF12E79A462BF76A8BAAAA31E53934] [SPRF][11/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Danoulh\Desktop\ZHPDiag2.exe [5547609]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.11504 - (10/04/2013)
Cl�s trouv�es (Keys found) : 1
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard
C:\Users\Danoulh\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch
~ Additionnel: Scanned in 00mn 51s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9D4C0BF0BB37A1D44838D5B05DF3CA0C" . (.Ad-Aware Antivirus.) -- C:\Windows\Installer\{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}\ARPPRODUCTICON.exe
O90 - PUC: "B67D5C1801A830A468614D95E85A2799" . (.Fighters.) -- C:\Windows\Installer\{81C5D76B-8A10-4A03-8616-D4598EA57299}\ARPPRODUCTICON.exe
~ Update Products: 24 Legitimates Scanned in 00mn 00s
---\\ Random Export Key (O91)
[HKCU\Software\92dfd9e23cec48] =>Toolbar.Babylon^
[HKCU\Software\92dfd9e23cec48]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\92dfd9e23cec48]:version="2.6.1125.80"
[HKLM\Software\92dfd9e23cec48] =>Toolbar.Babylon^
[HKLM\Software\92dfd9e23cec48]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\92dfd9e23cec48]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/04/2013 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 28/03/2013 3089856 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SS - | Disabled 21/02/2013 1236336 | (Ad-Aware Service) . (.Lavasoft Limited.) - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
SS - | Demand 10/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/08/2009 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 09/04/2013 2000152 | (AV Engine Scanning Service) . (.Preventon Technologies Limited.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
SR - | Auto 09/04/2013 400544 | (AV Watch Service) . (.Preventon Technologies Limited.) - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
SR - | Auto 07/11/2012 1990464 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Auto 14/12/2012 1436160 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
SS - | Disabled 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Disabled 20/09/2012 3677000 | (SBAMSvc) . (.GFI Software.) - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
SS - | Auto 13/11/2012 1103392 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 13/11/2012 1369624 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Auto 13/11/2012 168384 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 12/02/2013 587912 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 12/03/2013 1270816 | (Suite Service) . (.SPAMfighter ApS.) - C:\Program Files\Fighters\FighterSuiteService.exe
~ Services: Scanned in 00mn 10s
~ 704 Legitimates filtered by white list
End of the scan (568 lines in 04mn 22s)(0)