cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013
Run by direction at 16/04/2013 23:55:45
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 20.0.1 v20.0.1 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Business Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WRMG7
Windows License : OK
Windows Automatic Updates : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v3.24

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3035.6 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 35 GB (16%) free of 218 GB

---\\ Logged in mode
~ Computer Name: PORTABLE-MARC
~ User Name: direction
~ All Users Names: Marc, Emilie, Administrateur, admin,
~ Unselected Option: O45,O61,O62
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\direction\AppData\Roaming\
~ %Desktop% : C:\Users\direction\Desktop\
~ %Favorites% : C:\Users\direction\Favorites\
~ %LocalAppData% : C:\Users\direction\AppData\Local\
~ %StartMenu% : C:\Users\direction\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 35 Go of 218 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 15 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:24:09.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2013 - 04:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:24:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:44.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:51.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:25:21.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/04/2009 - 05:52:34.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/1742
~ Mes musiques (My Musics) : 1/1160
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/105
~ Mes Documents (My Documents) : 18/1974
~ Mon Bureau (My Desktop) : 1/71
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lanc�s
[MD5.59B49E9134A69D298A54E3E9896FE2F0] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [268056] [PID.4532]
[MD5.939620D76BF4ED02B774B7577DBD4854] - (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Security Agent\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe [238928] [PID.4916]
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.4936]
[MD5.5AE639FA1E99F674AF4881E259D2848F] - (.Jeff L. Williams - Subliminal Messages.) -- C:\Program Files\Subliminal Visuel Concentration\SUBLIM.exe [253952] [PID.4972]
[MD5.2F85658D6EE33B94180B888E63E4575E] - (.Trend Micro Inc. - Trend Micro Client Session Agent.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe [1076904] [PID.5100]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5536]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4048]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5412]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.792]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3248]
[MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.3168]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1332]
[MD5.3E21BB223AA6054FF27ABEF6781E0B67] - (...) -- C:\Windows\System32\WLTRYSVC.exe [24064] [PID.1708]
[MD5.52481F9537954D23D188CDE1FB13AE62] - (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Co.) -- C:\Windows\System32\bcmwltry.exe [2654208] [PID.1724]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilit� pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1732]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1896]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1968]
[MD5.A119A4AEB0E23884C4A92BE3F5F5AB12] - (.Trend Micro Inc. - Trend Micro Anti-Malware Solution Platform.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [196320] [PID.504]
[MD5.D2A192256968B6868BE5B3D9FE8DB874] - (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe [121064] [PID.600]
[MD5.75484573B1B3732AEA01368251ED3962] - (.Trend Micro Inc. - Trend Micro Anti-Malware Solution Platform.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe [138640] [PID.588]
[MD5.ABDD5AD016AFFD34AD40E944CE94BF59] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208] [PID.920]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.2080]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.2096]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.2112]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.2140]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.2208]
[MD5.EA4300E53E5D4D1912AD04985F6264F0] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624] [PID.2248]
[MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\Windows\system32\EscSvc.exe [122000] [PID.2304]
[MD5.82F0F3554CE07CEDB749D79CBC5A599E] - (.Freemake - FreemakeUtilsService.) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864] [PID.2320]
[MD5.48163641260104C0606D49A2577C7A91] - (.Microsoft - CaptureLibService.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [8704] [PID.2428]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [641832] [PID.2524]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.2632]
[MD5.40DBA03782BCC10685A8C200C5EBDCD0] - (.Pas de propri�taire - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528] [PID.2788] =>Toolbar.AVGSearch
[MD5.3AD1E72748978D8B0B3B674741E4C3E2] - (.Pas de propri�taire - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880] [PID.2788] =>Toolbar.AVGSearch
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.3008]
[MD5.41335396339DD3C1B74527B187F6AE79] - (.Vodafone - VMCService.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336] [PID.3076]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3492]
[MD5.EEC232F5CB69323B75D948265A2615D2] - (.Trend Micro Inc. - TmListen Application.) -- C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [681488] [PID.2768]
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\direction\AppData\Roaming\Mozilla\Firefox\Profiles\ubm65zg3.default\prefs.js
M2 - MFEP: prefs.js [direction - ubm65zg3.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v (..)
M2 - MFEP: prefs.js [direction - ubm65zg3.default\{e001c731-5e37-4538-a5cb-8168736a2360}] [] Bitdefender QuickScan v0.9.9.119 (..)
P2 - FPN: [HKLM] [@Nero.com/KM] - (.Nero AG - Plug-in for detecting Nero Kwik Media..) -- C:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll
P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.18] - (...) -- C:\Program Files\Veetle\plugins\npVeetle.dll (.not file.)
P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (...) -- C:\Program Files\Veetle\Player\npvlc.dll (.not file.)
~ Firefox Browser: 23 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 870



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0027096 - {11111111-1111-1111-1111-110211701196} . (.Corporate Inc - Services x86 BHO.) -- C:\Program Files\Services x86\Services x86.dll =>PUP.CrossRider
~ BHO: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Trend Micro Toolbar - [HKLM]{CCAC5586-44D7-4c43-B64A-F042461A97D2} . (.Trend Micro Inc. - Trend Micro TrendSecure.) -- C:\Program Files\Trend Micro\Security Agent\UIFramework\ToolbarIE.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [OE] . (.Trend Micro Inc. - Trend Micro Anti-Spam for OE monitor.) -- C:\Program Files\Trend Micro\Security Agent\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\System32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (...) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe (.not file.)
O4 - GS\Desktop: Documents - Raccourci.lnk . (...) -- C:\Users\direction\Documents
O4 - GS\Desktop: Documents_Marc_TOULON.lnk - Cl� orpheline
O4 - GS\Desktop: Format Factory.lnk . (...) -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe (.not file.)
O4 - GS\Desktop: General.lnk . (...) -- D:\Documents
O4 - GS\Desktop: Marc - fREJUS.lnk - Cl� orpheline
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Zattoo.lnk . (.Zattoo Inc. - Zattoo4.) -- C:\Program Files\Zattoo4\Zattoo.exe
~ Global Startup: Scanned in 00mn 06s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Cl� orpheline
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A40CDBD-378C-4062-9BCF-05BEAFADABC4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = charlemagne-frejus.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: (vToolbarUpdater12.2.6) . (.Pas de propri�taire - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: (vToolbarUpdater14.2.0) . (.Pas de propri�taire - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe
~ Services: 18 Legitimates Filtered in 00mn 11s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\direction\Documents\abondance.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Users\direction\Documents\abondance.jpg
~ Desktop Component: 1 Legitimates Filtered in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\liilsg.job [320]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [Updater27096.exe] (...) -- C:\Users\direction\AppData\Local\Updater27096\Updater27096.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3207E4BA-FB79-4454-814E-B537B3E53F6D}] (...) -- C:\Windows\Temp\Wofie\BinarySupport\vcredistX86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7C96FF68-3CED-4176-95D9-49F7F025FF35}] (...) -- C:\Users\direction\Downloads\setup_MBPDualFinance (2).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D9637702-C959-43C7-B073-531439D92D6E}] (...) -- C:\Users\direction\Downloads\setup_MBPDualFinance (1).exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai
O42 - Logiciel: Ellipses version 7.09.147 - (.Tmic Ellipses.) [HKLM] -- {A283F808-D41D-4060-8401-75EFE8B56BD6}_is1
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {FCEBAFF1-1A10-437E-9282-47A0024D18AF} =>Adware.IMBooster
O42 - Logiciel: Services x86 - (.Corporate Inc.) [HKLM] -- Services x86
O42 - Logiciel: Snap.Do - (.ReSoft Ltd..) [HKLM] -- {88F1349A-4F67-4DC4-9F09-F4C46323632A} =>Hijacker.SmartBar
O42 - Logiciel: Subliminal Visuel Concentration 1.5 - (...) [HKLM] -- Subliminal Visuel Concentration_is1
O42 - Logiciel: Testez et entra�nez votre m�moire - (.SBT.) [HKLM] -- Testez et entra�nez votre m�moire
O42 - Logiciel: Toolbar 4.7 by SweetPacks - (.SweetIM Technologies Ltd..) [HKLM] -- {96E2E493-C484-43E3-9B95-D62EE7D40D3A} =>PUP.SweetIM
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 151 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKCU\Software\BitTorrent]
[HKCU\Software\DeterministicNetworks]
[HKCU\Software\Parisprog]
[HKCU\Software\TMIC Ellipses]
[HKCU\Software\iExpertSoft]
[HKCU\Software\txmqsuspjj]
[HKLM\Software\DeterministicNetworks]
[HKLM\Software\Ellipses]
[HKLM\Software\Happyneuron]
[HKLM\Software\PIP]
[HKLM\Software\txmqsuspjj]
~ Key Software: 213 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/12/2012 - 13:55:17 - [7.474] ----D C:\Program Files\Animated Wallpaper Maker
O43 - CFD: 24/03/2013 - 18:55:52 - [54.852] ----D C:\Program Files\Happyneuron
O43 - CFD: 02/03/2013 - 21:39:24 - [5.855] ----D C:\Program Files\Services x86
O43 - CFD: 09/01/2012 - 18:12:50 - [0.857] ----D C:\Program Files\ShowMyPCService
O43 - CFD: 29/03/2013 - 19:57:59 - [5.606] ----D C:\Program Files\Subliminal Visuel Concentration
O43 - CFD: 09/12/2012 - 18:16:42 - [138.809] ----D C:\Program Files\UltraMixer
O43 - CFD: 23/11/2012 - 20:13:45 - [0.924] ----D C:\Program Files\uTorrent
O43 - CFD: 07/12/2011 - 15:30:11 - [0.537] ----D C:\Program Files\Common Files\Deterministic Networks
O43 - CFD: 23/11/2012 - 20:07:19 - [0.000] ----D C:\Users\direction\AppData\Roaming\FreeTorrentViewer
O43 - CFD: 16/04/2013 - 23:15:04 - [5.401] ----D C:\Users\direction\AppData\Roaming\uTorrent
O43 - CFD: 03/03/2013 - 19:32:43 - [0.039] ----D C:\Users\direction\AppData\Roaming\WebPlayerBdd
O43 - CFD: 24/10/2012 - 15:35:13 - [35.166] ----D C:\Users\direction\AppData\Local\Akamai
O43 - CFD: 26/02/2013 - 22:08:49 - [0.010] ----D C:\Users\direction\AppData\Local\Services x86
O43 - CFD: 16/04/2013 - 17:59:03 - [0] ----D C:\Users\direction\AppData\Local\Updater27096
O43 - CFD: 16/12/2012 - 13:55:19 - [0.005] ----D C:\Users\direction\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Animated Wallpaper Maker
~ Program Folder: 229 Legitimates Filtered in 00mn 31s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.82F425E68090F7D2A38AD4CA5643ADCD] - 16/04/2013 - 22:06:02 ---A- . (...) -- C:\AdwCleaner[S34].txt [4742]
O44 - LFC:[MD5.3C790BEDC39F7596CCA4A9000AEC6BE1] - 16/04/2013 - 21:41:26 ---A- . (...) -- C:\AdwCleaner[S33].txt [4681]
O44 - LFC:[MD5.4F63B3B1177FDE3D247EFCEE83CB3097] - 16/04/2013 - 20:36:32 ---A- . (...) -- C:\AdwCleaner[S32].txt [4620]
O44 - LFC:[MD5.D07D984A4BBA9C4476196FD110AE93B0] - 16/04/2013 - 14:59:53 ---A- . (...) -- C:\AdwCleaner[S31].txt [4559]
O44 - LFC:[MD5.4EE55676C680095885F006CEAD2A7E72] - 16/04/2013 - 14:58:34 ---A- . (...) -- C:\AdwCleaner[R33].txt [4667]
O44 - LFC:[MD5.EA391461590DA418F92F28DFF82266E3] - 14/04/2013 - 17:17:25 ---A- . (...) -- C:\AdwCleaner[S30].txt [4682]
O44 - LFC:[MD5.46BAAD424FEF3B337ED0CDF6A1D89D98] - 14/04/2013 - 17:15:58 ---A- . (...) -- C:\AdwCleaner[R32].txt [4787]
~ Files: 46 Legitimates Filtered in 00mn 58s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{047e88fd-35fe-11e1-924c-002556be7f73}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{bad9ea99-3d04-11e1-942b-002556be7f73}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{bad9eaa4-3d04-11e1-942b-002556be7f73}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{bad9eab0-3d04-11e1-942b-00a0c6000000}\AutoRun\command. (...) -- F:\setup_vmc_lite.exe (.not file.)
O51 - MPSK:{fe3d85e6-1666-11e2-886d-002556be7f73}\AutoRun\command. (...) -- F:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Akamai NetSession Interface [Key] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\direction\AppData\Local\Akamai\netsession_win.exe
O53 - SMSR:HKLM\...\startupreg\Broadcom Wireless Manager UI [Key] . (.Dell Inc. - Dell Wireless WLAN Card Wireless Network Tr.) -- C:\Windows\system32\WLTRAY.exe
O53 - SMSR:HKLM\...\startupreg\DriverFinder [Key] . (...) -- C:\Program Files\DriverFinder\DriverFinder.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Freebie Notes [Key] . (...) -- C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MobileConnect [Key] . (.Vodafone - MobileConnect.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
O53 - SMSR:HKLM\...\startupreg\ROC_ROC_NT [Key] . (...) -- C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe (.not file.) =>Toolbar.AVGSearch
O53 - SMSR:HKLM\...\startupreg\vProt [Key] . (...) -- C:\Program Files\AVG Secure Search\vprot.exe (.not file.) =>Toolbar.AVGSearch
~ SMSR Keys: 27 Legitimates Filtered in 00mn 02s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWelcomeScreen"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:23:45 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 23/08/2009 - C:\Windows\system32\Drivers\CVPNDRVA.sys (CVPNDRVA) .(.Cisco Systems, Inc. - Cisco Systems VPN Client IPSec Driver.) - LEGACY_CVPNDRVA
~ Legacy: 93 Legitimates Filtered in 00mn 02s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [direction - ubm65zg3.default] user_pref("extensions.crossrider.bic", "13d7dd4f26ac479ed4e1e5a01e8255bb"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D66725E5-7BEA-4767-A126-41076DCA7A69} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FC6F725F-8F9B-47DF-BC78-2F7CAE3A775D} - (FileConverter 1.5 Customized Web Search) - http://search.conduit.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\direction\Downloads\Registry.Clean.Expert.v4.88.Cracked-BRD\Setup\registry-clean-expert.exe
C:\Users\direction\Downloads\Registry.Clean.Expert.v4.88.Cracked-BRD\Setup\registry-clean-expert.exe
~ Files: Scanned in 00mn 32s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.49E025674987A82E7AD27FEB8372BD30] [SPRF][17/01/2013] (...) -- C:\Users\direction\AppData\Local\d3d9caps.dat [680]
[MD5.04F80866AA0D12731CE6209AF7784EEE] [SPRF][25/09/2012] (...) -- C:\Users\direction\Desktop\adwcleaner.exe [513501]
[MD5.2FE97CDB50736828955376C6D39C1C1F] [SPRF][09/12/2012] (.UltraMixer Digitial Audio Solutions - UltraMixer Professional Digital DJ Solutions.) -- C:\Users\direction\Desktop\UltraMixer-2.4.6-win.exe [55785649]
[MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616]
[MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648]
[MD5.A54F3D88767BB8C7DC18D8263385DED2] [SPRF][16/05/2007] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [483328]
~ Files: Scanned in 00mn 02s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{FDAE6EEF-0D8B-4015-A534-7A14664477A8}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{81B6DE09-C8A4-436E-84FA-3C6ABA7ADDCA}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{B290C884-896B-4D32-BE3A-DB2C31290062}" |In - Public - P6 - TRUE | .(...) -- E:\Network\EpsonNetSetup\ENEasyApp.exe (.not file.)
O87 - FAEL: "{CDDFD9D9-4EAD-46FC-94C9-1FC771652D38}" |In - Public - P17 - TRUE | .(...) -- E:\Network\EpsonNetSetup\ENEasyApp.exe (.not file.)
~ Firewall: 190 Legitimates Filtered in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11560 - (16/04/2013)
Cl�s trouv�es (Keys found) : 46
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 5
Fichiers trouv�s (Files found) : 0

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar
[HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{88F1349A-4F67-4DC4-9F09-F4C46323632A}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar
[HKLM\Software\Classes\AppID\PricePeep.DLL] =>Toolbar.PricePeep
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\Services x86] =>PUP.CrossRider
[HKLM\Software\Classes\Installer\Features\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
[HKLM\Software\Classes\Installer\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\394E2E69484C3E34B9596DE27E4DD0A3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}] =>PUP.Datamngr
[HKLM\Software\Classes\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}] =>Toolbar.TrendMicro
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220222702296}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
C:\Program Files\Services x86 =>PUP.CrossRider
C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\direction\AppData\Roaming\WebPlayerBdd =>Adware.SocialSkinz
C:\Users\direction\AppData\Local\Services x86 =>PUP.CrossRider
C:\Users\direction\AppData\Local\\Updater27096 =>PUP.CrossRider^
~ Additionnel: Scanned in 00mn 28s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "1FFABECF01A1E7342928740A20D481FA" . (.Iminent.) -- C:\Windows\Installer\{FCEBAFF1-1A10-437E-9282-47A0024D18AF}\imbooster.ico =>Adware.IMBooster
O90 - PUC: "394E2E69484C3E34B9596DE27E4DD0A3" . (.Toolbar 4.7 by SweetPacks.) -- C:\Windows\Installer\{96E2E493-C484-43E3-9B95-D62EE7D40D3A}\ARPPRODUCTICON.exe =>PUP.SweetIM
~ Update Products: 134 Legitimates Filtered in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 18/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/01/2011 196320 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 16/04/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 16/04/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 23/08/2009 1528624 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 12/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc.exe
SR - | Auto 06/06/2012 100864 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 21/08/2012 8704 | (FreemakeVideoCapture) . (.Microsoft.) - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
SS - | Disabled 10/09/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/09/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\XAudio32.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SS - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 11/07/2007 69632 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SR - | Demand 01/04/2011 681488 | (TmListen) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
SR - | Auto 22/09/2008 14336 | (VMCService) . (.Vodafone.) - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
SR - | Auto 722528 | (vToolbarUpdater12.2.6) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch
SR - | Auto 968880 | (vToolbarUpdater14.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Disabled 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 24064 | (wltrysvc) . (...) - C:\Windows\System32\WLTRYSVC.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services: Scanned in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by direction at 16/04/2013 23:59:26

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
1 ntkrnlpa!IofCallDriver[0x82252926] >> \Device\Harddisk0\DR0[0x85704AC8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by direction at 16/04/2013 23:59:28

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1213 Legitimates filtered by white list
End of the scan (612 lines in 03mn 43s)(2)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !