cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.14.81 par Nicolas Coolman, Update du 14/04/2013
Run by Jean-Michel at 15/04/2013 18:34:36
State : Your version is update.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 18.0.1 v18.0.1

---\\ Windows Product Information
~ Langage: Anglais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ System Protection
avast! Free Antivirus v8.0.1483.0

---\\ System Optimizer
CCleaner v3.26

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 15 Model 4 Stepping 8, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 511 MB (53% free)
System Restore: Activ� (Enable)
System drive C: has 60 GB (64%) free of 93 GB

---\\ Logged in mode
~ Computer Name: MERGER-26EA99F6
~ User Name: Jean-Michel
~ All Users Names: SUPPORT_388945a0, Jean-Michel, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Jean-Michel\Application Data\
~ %Desktop% : C:\Documents and Settings\Jean-Michel\Bureau\
~ %Favorites% : C:\Documents and Settings\Jean-Michel\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Jean-Michel\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 93 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Search Generic System Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/62
~ Mon Bureau (My Desktop) : 0/248
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s



---\\ Running Processes
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1976]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.160]
[MD5.17DF01717058EAD5298EB3F1851D3778] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 56.77.) -- C:\WINDOWS\system32\nvsvc32.exe [110659] [PID.364]
[MD5.0765EE4A7A0D6609BF91CA2E4700E885] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.1740]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1576]
[MD5.A7DE471B5403DBF8AFA4138A92B8012F] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363] [PID.1840]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304] [PID.1704]
[MD5.2DF81CB002F5EFD9A6F1391B71C723FF] - (.SPX Service Solutions - ASDE communication Server.) -- C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe [315492] [PID.2120]
[MD5.37FFF683AEE7F09F5F7087138192BF02] - (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [131072] [PID.2140]
[MD5.1ACBA585D47FB69C12F26074517EFE5A] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1644680] [PID.2428]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2488]
[MD5.BC431F556635C1096B9AAD8A1736C034] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6750720] [PID.2312]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3488]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\prefs.js
M3 - MFPP: Plugins - [Jean-Michel] -- C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Jean-Michel] -- C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcomsearch.xml
M0 - MFSP: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625] http://www.sfr.fr
M2 - MFEP: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625\toolbar@ask.com] [] v (..)
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sfr.fr
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects (O2)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ BHO: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [nwiz] . (.NVIDIA Corporation - NVIDIA nView Wizard, Version 56.77.) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [ServeurIPAsde] . (.SPX Service Solutions - ASDE communication Server.) -- C:\Program Files\Fichiers communs\sagem SA\DgIpSvr.exe
O4 - HKLM\..\Run: [NVMixerTray] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-746137067-1637723038-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 00s



---\\ Other User Links (O4)
O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\Programs: Microsoft Access.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\accicons.exe
O4 - GS\Programs: Microsoft Excel.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\xlicons.exe
O4 - GS\Programs: Microsoft FrontPage.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - GS\Programs: Microsoft Outlook.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\outicon.exe
O4 - GS\Programs: Microsoft PowerPoint.lnk . (...) -- C:\WINDOWS\Installer\{0000040C-78E1-11D2-B60F-006097C998E7}\pptico.exe
O4 - GS\Programs: Microsoft Publisher.lnk . (...) -- C:\WINDOWS\Installer\{0004040C-78E1-11D2-B60F-006097C998E7}\pubs.exe
O4 - GS\Programs: Microsoft Reader.lnk . (.Microsoft Corporation - Microsoft Reader.) -- C:\Program Files\Microsoft Reader\msreader.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphean Key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365933343718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{742157EC-1060-4865-A93E-D5F39591D7A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{7CD8F587-E0AE-4007-9840-51BA57EA98AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 56.77.) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: 4 Legitimates Filtered in 00mn 03s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 1 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [246] =>Toolbar.Ask
~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (oreans32) . (...) - C:\WINDOWS\system32\drivers\oreans32.sys
~ Drivers: 86 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask
O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} =>Toolbar.Ask
O42 - Logiciel: CD7 Dialogys - (.Renault S.A.S..) [HKLM] -- {EED515E3-1B52-43C4-BB21-C8C12F4B3A1B}
O42 - Logiciel: CLIP - (.SPX.) [HKLM] -- {9D143A8C-C66A-4E27-A602-C004F14EBA92}
O42 - Logiciel: CLIP RENAULT Autoformation - (.JCAE.) [HKLM] -- {6EED89DA-D011-46BC-BC62-16F7BF369484}
O42 - Logiciel: DVD2 + Dialogys - (.Renault S.A.S..) [HKLM] -- {B6F96A16-B6F4-435C-B93B-72E0583722BD}
O42 - Logiciel: Dialogys DVD0 - (.Renault S.A.S..) [HKLM] -- {1F14EB89-8074-4F3A-AF81-ACD4795FF1A3}
O42 - Logiciel: IBM ViaVoice 98 Home Edition - Fran�ais - (...) [HKLM] -- DeleteProdVVoice98Home_FR
O42 - Logiciel: Language Reader 1.0 - (.Authorsoft Corporation.) [HKLM] -- Language Reader_is1
O42 - Logiciel: Lernout & Hauspie TruVoice American English TTS Engine - (...) [HKLM] -- tv_enua
O42 - Logiciel: NvMixer - (...) [HKLM] -- {D7A6C517-11F2-419F-B5BB-27772B939698}
O42 - Logiciel: Sweetpacks Bundle Uninstaller - (.SweetPacks LTD.) [HKLM] -- Sweetpacks Bundle Uninstaller =>PUP.SweetIM
O42 - Logiciel: VAG-COM Release 704.1 - (.Ross-Tech.) [HKLM] -- VAG-COM Release
~ Logic: 99 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\APN]
[HKLM\Software\AskToolbar]
[HKLM\Software\Axtive]
[HKLM\Software\Dialogys]
[HKLM\Software\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Hardware structure]
[HKLM\Software\JCAE]
[HKLM\Software\PCBD]
[HKLM\Software\Ross-Tech]
[HKLM\Software\SPX]
~ Key Software: 155 Legitimates Filtered in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 03/03/2013 - 13:10:50 - [3,514] ----D C:\Program Files\Ask.com
O43 - CFD: 06/01/2013 - 15:13:41 - [-1768,029] ----D C:\Program Files\Dialogys
O43 - CFD: 05/01/2013 - 18:02:11 - [0] ----D C:\Program Files\JCAE
O43 - CFD: 26/01/2013 - 19:35:38 - [35,571] ----D C:\Program Files\Language Reader
O43 - CFD: 09/01/2013 - 16:27:37 - [7,200] ----D C:\Program Files\VAG-COM
O43 - CFD: 06/01/2013 - 15:13:58 - [85,854] ----D C:\Program Files\_jvm
O43 - CFD: 17/01/2013 - 18:05:13 - [0,001] ----D C:\Documents and Settings\Jean-Michel\Application Data\ExpressFiles =>Adware.ExpressFiles
O43 - CFD: 03/03/2013 - 13:10:44 - [0,000] ----D C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\APN
O43 - CFD: 22/03/2013 - 22:34:04 - [0,474] ----D C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\AskToolbar
O43 - CFD: 09/01/2013 - 16:27:40 - [0,004] ----D C:\Documents and Settings\Jean-Michel\Menu D�marrer\Programmes\VAG-COM
~ Program Folder: 102 Legitimates Filtered in 10mn 14s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.8D35392051EA02061E511B68D7FD52ED] - 15/04/2013 - 17:32:43 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [3725]
O44 - LFC:[MD5.D7CD03CD5DDF0DF0EC2C3854BC8ECB38] - 15/04/2013 - 14:08:09 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [92762]
O44 - LFC:[MD5.A9F9121D6D21B50B6C21E88DF4252AE0] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [807795]
O44 - LFC:[MD5.000CA17A99A288F3DAC4A68EC1023D73] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\comsetup.log [281093]
O44 - LFC:[MD5.5295AD6B9A2F1F0A1D1986713A085E71] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\iis6.log [126400]
O44 - LFC:[MD5.680BCA9B4E08B91D7C03D8A5C67F30CE] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.3912A261D42B05578B26C484E4D0C2B8] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\msgsocm.log [40835]
O44 - LFC:[MD5.4A05EEE0172E1DFD884406038B338D53] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [168712]
O44 - LFC:[MD5.F675579C15C9197B6A51F6F9C0819AAE] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ocgen.log [404375]
O44 - LFC:[MD5.EEDDF3656DAB7802E203A7A6EB3FDD01] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\ocmsn.log [45440]
O44 - LFC:[MD5.3E2CCA4211F754AF11E73AC47E970154] - 15/04/2013 - 13:59:45 ---A- . (...) -- C:\WINDOWS\tsoc.log [313293]
O44 - LFC:[MD5.1D75138C95886CEE7BF4FF153BEBC54D] - 15/04/2013 - 13:59:36 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.0E1DF87DC4D3DCBFE081A363E200F9E5] - 15/04/2013 - 13:58:17 ---A- . (...) -- C:\WINDOWS\updspapi.log [233738]
O44 - LFC:[MD5.6F4251287703A79B4A3763A8942FC0C5] - 15/04/2013 - 13:55:21 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [6280]
O44 - LFC:[MD5.F4FB14CE11F507A6A3F42FECD5E25A0C] - 15/04/2013 - 13:55:15 ---A- . (...) -- C:\WINDOWS\wmsetup.log [3446]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 14/04/2013 - 12:00:45 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.B91129E03367337CB0B14E3CDCAA1CA9] - 14/04/2013 - 12:00:00 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [1178]
O44 - LFC:[MD5.4A0DB92FD9E5A80DB7BB4CB9AC4BD0CA] - 14/04/2013 - 11:59:53 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [359]
O44 - LFC:[MD5.544E86E8EAE19B2FD2FAFAD8A9D1AEA2] - 14/04/2013 - 11:57:43 ---A- . (...) -- C:\WINDOWS\spupdsvc.log.1.log [187]
O44 - LFC:[MD5.6FCCB1FD50FBDAA92FBC6108082ADA23] - 14/04/2013 - 11:57:40 ---A- . (...) -- C:\WINDOWS\system32\spupdwxp.log [269]
O44 - LFC:[MD5.36B9B1AF836CB087D29781420C067C8B] - 14/04/2013 - 11:57:21 ---A- . (...) -- C:\WINDOWS\setuplog.txt [814807]
O44 - LFC:[MD5.8E18E905F6ED8634A1AD615136191920] - 14/04/2013 - 11:55:12 ---A- . (...) -- C:\WINDOWS\svcpack.log [479641]
O44 - LFC:[MD5.389EDA628BC15013E75AA37D4F4408EE] - 14/04/2013 - 11:40:03 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [373]
O44 - LFC:[MD5.1D0F6DD5CF492F60ACA79FD5356D204D] - 14/04/2013 - 11:39:49 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1281]
O44 - LFC:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2013 - 11:29:15 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O44 - LFC:[MD5.7794C3221F670DE270586A2CF6E68383] - 14/04/2013 - 11:28:26 RSHA- . (...) -- C:\ntldr [252240]
O44 - LFC:[MD5.DAA93DC3FDAB8CC621F3F3F6F0140746] - 14/04/2013 - 11:21:42 ---A- . (...) -- C:\WINDOWS\medctroc.Log [605]
O44 - LFC:[MD5.99A6A6825DD0A3F5FAC7693376905212] - 13/04/2013 - 13:18:55 ---A- . (...) -- C:\WINDOWS\Zone.Identifier [26]
O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 02/04/2007 - 08:06:04 ----- . (...) -- C:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045]
O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 29/12/2006 - 06:51:08 ----- . (...) -- C:\WINDOWS\system32\Drivers\ativmc20.cod [64352]
O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 29/12/2006 - 06:32:50 ----- . (...) -- C:\WINDOWS\system32\Drivers\netwlan5.img [67866]
O44 - LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] - 28/12/2006 - 11:01:32 ---A- . (...) -- C:\WINDOWS\002758_.tmp [19569]
~ Files: 331 Legitimates Filtered in 01mn 10s



---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\SAGEM SA\DgIpSvr.exe" [Enabled] .(.SPX Service Solutions.) -- C:\Program Files\Fichiers communs\SAGEM SA\DgIpSvr.exe
O47 - AAKE:Key Export SP - "C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe" [Enabled] .(.SPX.) -- C:\CLIP_X91\Lib\Application\ClipLauncher_X91.exe
O47 - AAKE:Key Export SP - "C:\CLIP\Lib\Application\ClipLauncher.exe" [Enabled] .(.JCAE.) -- C:\CLIP\Lib\Application\ClipLauncher.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\ExpressFiles.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\ExpressFiles.exe (.not file.) =>Adware.ExpressFiles
O47 - AAKE:Key Export SP - "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [Enabled] .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
~ Keys Export: 13 Legitimates Filtered in 00mn 01s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{8491a096-6622-11e2-bb31-000fb0459097}\AutoRun\command. (...) -- E:\InstallTomTomHOME.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.A7D5C71FF4A5B8FEE626FE65B39D71D0] - 19/03/2004 - 13:40:54 ---A- . (.Agere Systems - SoftModem Device Driver.) -- C:\WINDOWS\system32\Drivers\AGRSM.sys [1205292]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 05/01/2013 - Unknown owner (oreans32) .(...) - LEGACY_OREANS32
~ Legacy: 117 Legitimates Filtered in 00mn 02s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\searchplugins\askcom.xml
O69 - SBI: prefs.js [Jean-Michel - bvaxiv65.default-1358453874625] user_pref("extensions.asktb.ff-original-keyword-url", "");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {17FC2E89-A942-49BD-ADA7-B5BE59FF42E7} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {C6FC35DB-88D0-4300-8874-ACE7BD3EE971} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.C7A117E7370406448BD32FC99BA5C593] [SPRF][14/04/2013] (.The GIMP Team - GIMP Setup.) -- C:\Documents and Settings\Jean-Michel\Bureau\gimp-2.8.4-setup.exe [76902472]
[MD5.E25D2B5DC6DE1A1C335B919828FEFA8A] [SPRF][28/08/2012] (...) -- C:\Documents and Settings\Jean-Michel\Bureau\Renault Pin Extractor.exe [1212928]
[MD5.1E9F240E7B04EAFFCBAA634F3EF5F4B8] [SPRF][24/01/2013] (...) -- C:\Documents and Settings\Jean-Michel\Bureau\TomTomHOME2winlatest.exe [30685480]
[MD5.A9A9A86E7330BFFAF64AE2ACFB73D959] [SPRF][14/04/2013] (.Microsoft Corporation - Auto-extraction de fichier CAB.) -- C:\Documents and Settings\Jean-Michel\Bureau\windows-xp-service-pack-3_windows_xp_service_pack_3_francais_242026.exe [324222504]
[MD5.0A87275730E86DFE98AD3B1F873D72F5] [SPRF][06/01/2013] (...) -- C:\Program Files\dialogysclip.bat [63]
[MD5.F3760CE405DD87822F0C1B2F5A42FF6D] [SPRF][06/01/2013] (...) -- C:\Program Files\DialogysUninstWPS.bat [1809]
~ Files: Scanned in 00mn 39s



---\\ Additionnal Scan (O88)
Database Version : v2.11536 - (14/04/2013)
Cl�s trouv�es (Keys found) : 49
Valeurs trouv�es (Values found) : 3
Dossiers trouv�s (Folders found) : 3
Fichiers trouv�s (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR
[HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR
[HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\APN] =>Toolbar.Ask
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade
C:\Program Files\Ask.com =>Toolbar.AskBar
C:\Documents and Settings\Jean-Michel\Local Settings\Application Data\AskToolbar =>Toolbar.AskTBar
C:\Documents and Settings\Jean-Michel\Application Data\Mozilla\Firefox\Profiles\bvaxiv65.default-1358453874625\Extensions\toolbar@ask.com =>Toolbar.AskTBar
~ Additionnel: Scanned in 07mn 20s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>Toolbar.Ask
~ Update Products: 25 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 10/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 28/10/2012 312264 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 13/04/2004 110659 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 13/04/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 03s



~ 998 Legitimates filtered by white list
End of the scan (557 lines in 19mn 52s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !