cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.14.81 par Nicolas Coolman, Update du 14/04/2013
Run by Lisa at 15/04/2013 18:42:59
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1 v20.0.1 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Avira Free Antivirus v12.1.9.402
Windows Defender W7

---\\ System Optimizer

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ System Information
~ Processor: x86 Family 6 Model 14 Stepping 12, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (43% free)
System Restore: D�sactiv� (Disabled)
System drive C: has 4 GB (5%) free of 74 GB

---\\ Logged in mode
~ Computer Name: LISA-PC
~ User Name: Lisa
~ All Users Names: Lisa, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Lisa\AppData\Roaming\
~ %Desktop% : C:\Users\Lisa\Desktop\
~ %Favorites% : C:\Users\Lisa\Favorites\
~ %LocalAppData% : C:\Users\Lisa\AppData\Local\
~ %StartMenu% : C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 74 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/07/2012 - 10:33:28.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/188
~ Mes musiques (My Musics) : 1/188
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.1740]
[MD5.AFD15F701B550037FFDDE6B18171479D] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816] [PID.1748]
[MD5.1B63F8FFFFFFDA1E03AED970C7383FFE] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1764]
[MD5.A2636716C37ABD1EE9B4C6F56B685BB2] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1772]
[MD5.66A3CF1B8A895FCB2A62599D2EAE3066] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736] [PID.1780]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1788]
[MD5.995BEB69AE5C50D354894354F5A6CD5A] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296] [PID.1812]
[MD5.3CB07566302BCEEB898DE270A0BEC175] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352] [PID.1820]
[MD5.4D5D968FE6AE6BF94A807F73F7FF6B3D] - (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168] [PID.1828]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421776] [PID.1860]
[MD5.889DCA119B467434D9AE727D9E8D9C01] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2012]
[MD5.5183322D039A66569D27FD00987390E6] - (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe [69568] [PID.576]
[MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [10376704] [PID.456]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.1216]
[MD5.626F7FCA830F9BA95AD85569BB2038C9] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [128296] [PID.1712]
[MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [10368512] [PID.1400]
[MD5.4768FB8867352D871F013BBF8043022F] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1324]
[MD5.E07CF32207C7BD95AA04A982755CDFA8] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [330304] [PID.2336]
[MD5.B88CAE2C2D5EE79FE6A061A7F2111791] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe [138680] [PID.2344]
[MD5.03ED4235F1E428A79B86287E6AD108F4] - (.Brother Industries, Ltd. - Brother Status Monitor (Network).) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe [143360] [PID.2744]
[MD5.3AB46601C373AABB5687593F1FFBD529] - (.Lenovo Group Limited - Power Manager Power Agenda.) -- C:\Program Files\ThinkPad\Utilities\SCHTASK.exe [128608] [PID.4016]
[MD5.6344EF698052E5A5BDD559D94DFB6D1C] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.4044]
[MD5.E1631396823E6E55F0B31FDCBE959901] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [505736] [PID.3960]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4288]
[MD5.30A1782BF1BF9DC1732507B70028512A] - (.Apple Inc. - SyncServer.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe [55184] [PID.41660]
[MD5.A74AC411798DA32CFC655A9A9F2EB74A] - (...) -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168] [PID.12864] =>Toolbar.Babylon
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.16952]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.40896]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.29272]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.8556]
[MD5.BC431F556635C1096B9AAD8A1736C034] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6750720] [PID.40468]
[MD5.B1EA8FF2601A72BC6A177463FA70B8B3] - (.Lenovo. - ThinkPad Power Management Service.) -- C:\Windows\system32\ibmpmsvc.exe [40512] [PID.684]
[MD5.B458A95F12D36F55F98A42FD66BAEBFA] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224] [PID.1460]
[MD5.9CD364ECB3A10B24C7CAC8FF89993A67] - (.Lenovo Group Limited - ThinkPad Message Client Loader.) -- C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432] [PID.1676]
[MD5.C04BB65441913AB621C58A8BD3169B23] - (.Lenovo Group Limited - On screen display Fn+Fx handler.) -- C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [142696] [PID.1700]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1136]
[MD5.4DC6B0772D1698F04FC79053A21C8260] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\system32\AEADISRV.exe [90112] [PID.2052]
[MD5.CC3110EEF77AA0810CAA03741168BA8F] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032] [PID.2208]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2288]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2440]
[MD5.E56F39F6B7FDA0AC77A79B0FD3DE1A2F] - (.Microsoft Corporation - PresentationFontCache.exe.) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856] [PID.2672]
[MD5.158B67696EC8602CE71F9AA4F14AA96F] - (.Lenovo Group Limited - Auto Scroll Start Service.) -- C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336] [PID.2852]
[MD5.DDA10D9F1D2892AC5E8AB2A580C3846E] - (.Lenovo Group Limited - Lenovo Auto Scroll Utility.) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe [101440] [PID.2980]
[MD5.15A317674A08DF26BE65164D959E9203] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] [PID.3168]
[MD5.E869E31D3FD7B6314EEFEA4304C413CA] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [80336] [PID.2024]
[MD5.BC0EA61246F8D940FBC5F652D337D6BD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [821648] [PID.3100]
[MD5.A318DF063DF2BC2C5F81644997068631] - (.Lenovo. - Doze Mode Service Program.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.exe [280640] [PID.5896]
[MD5.DEED60F99C5B8E386D507860F600D509] - (.Lenovo - Power Manager Dynamic Brightness Control Se.) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe [1662560] [PID.22300]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5y8m82n8.default\prefs.js
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5y8m82n8.default\user.js
M3 - MFPP: Plugins - [Lisa] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5y8m82n8.default\searchplugins\commentcamarchenet.xml
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com =>Toolbar.DeltaSearch
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (...) -- C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll
O3 - Toolbar: (no name) - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Cl� orpheline
O3 - Toolbar: IMinent Toolbar - [HKLM]{977AE9CC-AF83-45E8-9E03-E2798216E2D5} . (...) -- C:\Program Files\IMinent Toolbar\tbcore3.dll =>Adware.IMBooster
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.)
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [mcaut] . (...) -- C:\Users\Lisa\AppData\Roaming\mcaut.dll
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2944616712-2500070088-4236055093-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2944616712-2500070088-4236055093-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-2944616712-2500070088-4236055093-1000\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe� Flash� Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: GIMP 2.lnk . (.Spencer Kimball, Peter Mattis and the GIMP - GNU Image Manipulation Program.) -- C:\Program Files\GIMP 2\bin\gimp-2.8.exe
O4 - GS\TaskBar: iTunes.lnk . (.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe
O4 - GS\TaskBar: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED77310-BF7D-460A-9962-8C27D74E1D4E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0B10893-FD27-4727-AE34-BC6BA2866815}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{8ED77310-BF7D-460A-9962-8C27D74E1D4E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0B10893-FD27-4727-AE34-BC6BA2866815}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{8ED77310-BF7D-460A-9962-8C27D74E1D4E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0B10893-FD27-4727-AE34-BC6BA2866815}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo. - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited - Auto Scroll Start Service.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) . (.Lenovo Group Limited - ThinkPad Message Client Loader.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: 13 Legitimates Filtered in 00mn 30s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0]
[MD5.9ADF03D724DDE540D5B145E62FDC09A7] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [3555424]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 06s



---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys
O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys
~ Drivers: 78 Legitimates Filtered in 00mn 01s



---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon
O42 - Logiciel: Gestionnaire d'alimentation - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405}
O42 - Logiciel: LameACM - (...) [HKLM] -- LameACM
O42 - Logiciel: Lenovo Auto Scroll Utility - (...) [HKLM] -- LenovoAutoScrollUtility
O42 - Logiciel: Lenovo Patch Utility - (.Lenovo Group Limited.) [HKLM] -- {24E92E7A-6848-4747-A3EA-3AAC0576BE52}
O42 - Logiciel: Lenovo Patch Utility - (.Lenovo Group Limited.) [HKLM] -- {6E6E7725-C7BC-4C39-8B3F-14B67331A120}
O42 - Logiciel: Lenovo System Interface Driver - (...) [HKLM] -- LENOVO.SMIIF
O42 - Logiciel: On Screen Display - (...) [HKLM] -- OnScreenDisplay
O42 - Logiciel: ThinkPad FullScreen Magnifier - (...) [HKLM] -- ThinkPad FullScreen Magnifier
O42 - Logiciel: ThinkPad Modem - (...) [HKLM] -- CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588
O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver
O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey
~ Logic: 64 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\Delta]
[HKCU\Software\GoforFiles]
[HKCU\Software\Lenovo]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\f0dcdeb43ae545]
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Delta]
[HKLM\Software\GoforFiles]
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Lenovo]
[HKLM\Software\f0dcdeb43ae545]
~ Key Software: 119 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/08/2012 - 22:17:45 - [0,073] ----D C:\Program Files\LameACM
O43 - CFD: 23/07/2012 - 00:33:19 - [22,963] ----D C:\Program Files\Lenovo
O43 - CFD: 23/07/2012 - 00:28:09 - [75,417] ----D C:\Program Files\ThinkPad
O43 - CFD: 23/07/2012 - 00:29:32 - [1,212] ----D C:\Program Files\Common Files\Lenovo
O43 - CFD: 07/08/2012 - 21:17:29 - [0] ----D C:\ProgramData\Ask
O43 - CFD: 15/04/2013 - 08:29:41 - [7,662] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon
O43 - CFD: 23/07/2012 - 00:29:32 - [0,163] ----D C:\ProgramData\Lenovo
O43 - CFD: 15/04/2013 - 08:29:14 - [0,001] ----D C:\Users\Lisa\AppData\Roaming\GoforFiles
O43 - CFD: 23/07/2012 - 00:46:47 - [0,000] ----D C:\Users\Lisa\AppData\Roaming\PwrMgr
O43 - CFD: 15/04/2013 - 09:45:59 - [1,969] ----D C:\Users\Lisa\AppData\Roaming\uTorrent
O43 - CFD: 23/07/2012 - 00:36:13 - [0,005] ----D C:\Users\Lisa\AppData\Local\Lenovo
O43 - CFD: 15/04/2013 - 17:58:32 - [0,001] ----D C:\Users\Lisa\AppData\Local\PutLockerDownloader =>Spyware.PutLocker
O43 - CFD: 15/04/2013 - 08:29:53 - [0,001] ----D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect =>Toolbar.Babylon
~ Program Folder: 125 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.45ADC884F83A5D7D2F19672825D72F9E] - 15/04/2013 - 17:05:41 ---A- . (...) -- C:\Windows\System32\InstallUtil.InstallLog [830]
O44 - LFC:[MD5.E75DFC43AF8E5B00332CFEA9ADC91719] - 15/04/2013 - 17:00:53 ---A- . (...) -- C:\Windows\unins000.dat [80487]
O44 - LFC:[MD5.5D55C33BBBA029002741D7B8958E1543] - 15/04/2013 - 16:59:15 ---A- . (.Pas de propri�taire - Setup/Uninstall.) -- C:\Windows\unins000.exe [1169609]
O44 - LFC:[MD5.AA25681862851193037D3E640B87FEC3] - 15/04/2013 - 07:14:36 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [10016]
O44 - LFC:[MD5.AA25681862851193037D3E640B87FEC3] - 15/04/2013 - 07:14:36 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [10016]
~ Files: 13 Legitimates Filtered in 01mn 07s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.CB7924DF21C44F9C8377AE2102246417] - 05/04/2013 - 22:21:34 ---A- - C:\Windows\Prefetch\PWMIDTSV.EXE-4974983C.pf
O45 - LFCP:[MD5.9C0E0D7E94C75A9F3835EEF5C1B72344] - 06/04/2013 - 08:58:29 ---A- - C:\Windows\Prefetch\XAUDIO.EXE-D92946E9.pf
O45 - LFCP:[MD5.CE7D10DF30C9A4441DE9D75039EDEB31] - 09/04/2013 - 16:27:17 ---A- - C:\Windows\Prefetch\SCHTASK.EXE-4B87826B.pf
O45 - LFCP:[MD5.A42B153CCC7BACB1CC9BDCFA6F046EA4] - 11/04/2013 - 13:24:27 ---A- - C:\Windows\Prefetch\TPFNF5.EXE-5B79759C.pf
O45 - LFCP:[MD5.01E604AF5C3E2C0A13C23A0012C801CE] - 11/04/2013 - 13:26:27 ---A- - C:\Windows\Prefetch\DOZESVC.EXE-C455CB13.pf
O45 - LFCP:[MD5.DC1550AE34D6921F244E2D94E6331906] - 11/04/2013 - 14:06:09 ---A- - C:\Windows\Prefetch\PWMDBSVC.EXE-2E5BAEFB.pf
O45 - LFCP:[MD5.595E7EEFE951B64543065BF94BD16BE5] - 14/04/2013 - 05:57:15 ---A- - C:\Windows\Prefetch\PWRACT.EXE-39BDDDD2.pf
O45 - LFCP:[MD5.32ECC21B05DD5CDB4D49F2BAB60F434A] - 14/04/2013 - 09:52:14 ---A- - C:\Windows\Prefetch\UTT2E45.TMP.EXE-6AAFCB9A.pf
O45 - LFCP:[MD5.7CA65E6E5F5BC909BC41F02EB4F26328] - 14/04/2013 - 10:43:28 ---A- - C:\Windows\Prefetch\NS4172.TMP-71974DF3.pf
O45 - LFCP:[MD5.E6B6512E7929218F0DCF4989828144E4] - 14/04/2013 - 16:39:06 ---A- - C:\Windows\Prefetch\ATH.EXE-6D90735E.pf
O45 - LFCP:[MD5.20087B81F628CBAF2D634A7E2D93650E] - 15/04/2013 - 07:16:29 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-33B41AC3.pf
O45 - LFCP:[MD5.8A0DE43A5111B0CDD95CB11BF77A9707] - 15/04/2013 - 07:29:05 ---A- - C:\Windows\Prefetch\TOOLBAR324372161.EXE-7DBEDFD6.pf
O45 - LFCP:[MD5.B5A961F27A3E09183A1DF5558049243A] - 15/04/2013 - 07:29:05 ---A- - C:\Windows\Prefetch\TOOLBAR324372551.EXE-1C4AAB6D.pf
O45 - LFCP:[MD5.28D02CD88B4B84A4E9541F7522550068] - 15/04/2013 - 07:29:08 ---A- - C:\Windows\Prefetch\TOOLBAR324372161-4D04.EXE-37278D13.pf
O45 - LFCP:[MD5.463008CDBB74774A0C1B7E350C720C2D] - 15/04/2013 - 07:29:20 ---A- - C:\Windows\Prefetch\GOFORFILES.EXE-CB6C3126.pf
O45 - LFCP:[MD5.0CD5044A110FFD733B024F0B32F7C517] - 15/04/2013 - 07:29:38 ---A- - C:\Windows\Prefetch\MYBABYLONTB.EXE-822B4E0B.pf =>Toolbar.Babylon
O45 - LFCP:[MD5.12739F537D43B8EB99DD65221660EBBE] - 15/04/2013 - 07:29:38 ---A- - C:\Windows\Prefetch\TOOLBAR324386996.EXE-48BBE467.pf
O45 - LFCP:[MD5.D620D18FB96D01DA807E3DFAD35E33AB] - 15/04/2013 - 07:30:45 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-61735C75.pf
O45 - LFCP:[MD5.BDF42ADFDECE154588BDA7ED9D94995E] - 15/04/2013 - 07:30:45 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-EAF067F3.pf =>Toolbar.Babylon
O45 - LFCP:[MD5.2977E1CD940D7F8CD814E3DB4CA86A45] - 15/04/2013 - 07:30:45 ---A- - C:\Windows\Prefetch\SMARTBAREXEINSTALLER.EXE-9256D612.pf =>Hijacker.SmartBar
O45 - LFCP:[MD5.ED1828500E2D64B9BB3181A5E350069C] - 15/04/2013 - 07:33:07 ---A- - C:\Windows\Prefetch\QUICKSHARE.EXE-D2EBC11C.pf =>PUP.QuickShare
O45 - LFCP:[MD5.AF1D7EFD08F16409FE3EBB27178F9DC8] - 15/04/2013 - 08:45:59 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-1070971C.pf
~ Prefetcher: 136 Legitimates Filtered in 00mn 00s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.6C61BCEB60C2C187E6F96001FD69493E] - 18/05/2009 - 16:32:58 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [381440]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 14/04/2013 - 09:51:41 ----- C:\Users\Lisa\AppData\Roaming\uTorrent\Harry Potter And The Sorcerer's Stone [2001] DvdRip [Eng] - Thizz.torrent [18890]
O61 - LFC: 14/04/2013 - 09:52:01 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\utorrent.lng [1142059]
O61 - LFC: 14/04/2013 - 09:52:23 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408 [198222]
O61 - LFC: 14/04/2013 - 09:53:36 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\11BE992F09EDBD864815F0130D4082E29BCDFA61 [141956]
O61 - LFC: 14/04/2013 - 09:53:37 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\7C8945DA1B01DEA87CEA3DEAE371D7FEEFE460C0 [3211]
O61 - LFC: 14/04/2013 - 09:53:37 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\88A5AB51DDCC8A84F1DF369D16D6C853565EC80F [13277]
O61 - LFC: 14/04/2013 - 10:30:15 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\686DB0E22248236A25F576BC27F4F134FBF71EA6 [11813]
O61 - LFC: 14/04/2013 - 10:30:19 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dlimagecache\1D67A7A87EE6B20D306B59AC55A6F73A9A1D3540 [37532]
O61 - LFC: 14/04/2013 - 10:51:21 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dht.dat.old [867]
O61 - LFC: 14/04/2013 - 10:51:21 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\rss.dat.old [99]
O61 - LFC: 15/04/2013 - 07:29:14 ---A- C:\Users\Lisa\AppData\Roaming\GoforFiles\blacklist.dat [1024]
O61 - LFC: 15/04/2013 - 08:38:22 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\resume.dat.old [3812]
O61 - LFC: 15/04/2013 - 08:44:50 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dht_feed.dat.old [2]
O61 - LFC: 15/04/2013 - 08:45:52 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dht.dat [4066]
O61 - LFC: 15/04/2013 - 08:45:52 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\dht_feed.dat [2]
O61 - LFC: 15/04/2013 - 08:45:52 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\resume.dat [3796]
O61 - LFC: 15/04/2013 - 08:45:52 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\rss.dat [99]
O61 - LFC: 15/04/2013 - 08:45:59 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\settings.dat [20309]
O61 - LFC: 15/04/2013 - 08:45:59 ---A- C:\Users\Lisa\AppData\Roaming\uTorrent\settings.dat.old [20335]
O61 - LFC: 15/04/2013 - 16:58:43 ---A- C:\Users\Lisa\AppData\Local\PutLockerDownloader\FTDownloader.exe_Url_53xixdcpvgygtyi5p1m3thfzejaycxtv\1.1.1.1\user.config [971] =>Spyware.PutLocker
~ 37 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 94 Legitimates Filtered in 00mn 52s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 07/09/2010 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI
O64 - Services: CurCS - 16/05/2012 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF
~ Legacy: 72 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("avg.install.userHPSettings", "http://www1.delta-search.com/?affID=119294&babsrc=HP_ss&mntrId=D627001CBF64A742"); =>Toolbar.DeltaSearch
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("avg.install.userSPSettings", "Delta Search");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.ffxUnstlRst", true);
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.id", "d6270694000000000000001cbf64a742");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.instlDay", "15810");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.vrsn", "1.8.16.16");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.vrsnTs", "1.8.16.168:29:35");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.delta.vrsni", "1.8.16.16");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.Country", "France");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.DockingPositionDown", false);
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.SmartbarDisabled", false); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.UserID", "0f427948-ed20-427f-a1c6-32ea33bf2567");
O69 - SBI: prefs.js [Lisa - 5y8m82n8.default] user_pref("extensions.helperbar.Visibility", false);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www1.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {D25E7643-3BC4-4EA5-A73B-3BC8F1354718} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.F8F7820B4336E61B40CA67418DACC7BA] [SPRF][15/04/2013] (.Bunndle, Inc. - Bunndle Offer Manager v2.0.0.7.) -- C:\Users\Lisa\AppData\Local\Temp\BunndleOfferManager.dll [133632]
[MD5.81019731EC6A3B72840FFF974C55EFB3] [SPRF][07/04/2013] (...) -- C:\Users\Lisa\AppData\Local\Temp\busunint.exe [12880]
[MD5.F6278B5A16F830885B184D5F72E1B935] [SPRF][15/04/2013] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Lisa\AppData\Local\Temp\htmlayout.dll [947200]
[MD5.9D10F99A6712E28F8ACD5641E3A7EA6B] [SPRF][14/03/2011] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\Lisa\AppData\Local\Temp\ose00000.exe [149352]
[MD5.44632F415D4A299D839945F59FEA2C22] [SPRF][04/04/2013] (.Pas de propri�taire - Linkury.Installer.MsiWrapper.) -- C:\Users\Lisa\AppData\Local\Temp\SmartbarExeInstaller.exe [8364312] =>Hijacker.SmartBar
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][15/04/2013] (.Web Deals Interactive LLC - Installer.) -- C:\Users\Lisa\AppData\Local\Temp\toolbar324372161.exe [1418136]
[MD5.E8EFB9EF24C1E0CED84CFA3C2AE9DC2F] [SPRF][15/04/2013] (...) -- C:\Users\Lisa\AppData\Local\Temp\toolbar324372551.exe [782832]
[MD5.35F783E83866CDFD580A06A59C375A61] [SPRF][15/04/2013] (.QuickShare - QuickShare.) -- C:\Users\Lisa\AppData\Local\Temp\toolbar324386996.exe [7704368] =>PUP.QuickShare
[MD5.F3A10836603E03A28CAF404B29328F92] [SPRF][07/04/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Lisa\AppData\Local\Temp\uninst1.exe [394320] =>Toolbar.Babylon
[MD5.5F35263DFB9284DA4B2ED5C7234103D9] [SPRF][15/04/2013] (...) -- C:\Users\Lisa\AppData\Local\Temp\utt175D.tmp.bat [58]
[MD5.99F664A4EE6B310ACFF4AB5C48732F1F] [SPRF][14/04/2013] (...) -- C:\Users\Lisa\AppData\Local\Temp\utt5F7B.tmp.bat [94]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][30/12/1899] (...) -- C:\Users\Lisa\AppData\Roaming\mcaut.dll [161792]
[MD5.690F38FFF2B83022EDB1E4C32DC3F652] [SPRF][15/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Lisa\Desktop\ZHPDiag2.exe [5566486]
~ Files: Scanned in 00mn 02s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{836ED023-E268-4B17-974C-2BBC342809A2}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.)
O87 - FAEL: "{69B75CDF-FFEB-418D-8FA3-8239EDEABC25}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\goforfilesdl.exe (.not file.)
O87 - FAEL: "{F5923B51-7D47-4CB1-B673-EAD65A43FDED}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.)
O87 - FAEL: "{7EE02458-0131-40A9-86D9-DB01DD7758F4}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\GoforFiles\GoforFiles.exe (.not file.)
~ Firewall: 183 Legitimates Filtered in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : v2.11536 - (14/04/2013)
Cl�s trouv�es (Keys found) : 177
Valeurs trouv�es (Values found) : 1
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 4

[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware. BullseyeToolbar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\BabylonToolbar] =>Toolbar.Babylon
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLM\Software\Microsoft\Tracing\QuickShare_RASAPI32] =>PUP.QuickShare
[HKLM\Software\Microsoft\Tracing\QuickShare_RASMANCS] =>PUP.QuickShare
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods
[HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods
[HKLM\Software\Microsoft\Tracing\Setup_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Setup_RASMANCS] =>Toolbar.Conduit
[HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch
[HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch
[HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB01620.TBSB01620.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB01620.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon
C:\Users\Lisa\AppData\Local\PutLockerDownloader =>Spyware.PutLocker
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5y8m82n8.default\bprotector_extensions.sqlite =>PUP.BProtector
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\5y8m82n8.default\bprotector_prefs.js =>PUP.BProtector
C:\Users\Lisa\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
~ Additionnel: Scanned in 00mn 43s



---\\ Random Export Key (O91)
[HKCU\Software\f0dcdeb43ae545] =>Toolbar.Babylon^
[HKCU\Software\f0dcdeb43ae545]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\f0dcdeb43ae545]:version="2.6.1125.80"
[HKLM\Software\f0dcdeb43ae545] =>Toolbar.Babylon^
[HKLM\Software\f0dcdeb43ae545]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKLM\Software\f0dcdeb43ae545]:version="2.6.1125.80"
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 27/08/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 27/08/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon
SR - | Demand 16/05/2012 280640 | (DozeSvc) . (.Lenovo..) - C:\Program Files\ThinkPad\Utilities\DOZESVC.exe
SR - | Auto 29/02/2012 40512 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 12/07/2011 101736 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 12/07/2011 127336 | (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Demand 16/05/2012 1662560 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
SS - | Demand 16/05/2012 1665120 | (PwmEWSvc) . (.Lenovo Group Limited.) - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe
SR - | Auto 12/07/2011 131432 | (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Auto 12/07/2011 142696 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/11/2006 386560 | (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\DRIVERS\xaudio.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Lisa at 15/04/2013 18:47:41

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1034 Legitimates filtered by white list
End of the scan (808 lines in 04mn 41s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !