cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.5.25.152 par Nicolas Coolman, Update du 25/05/2013
Run by user at 28/05/2013 14:02:18
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v7.0.6001.18000
MFIE: Mozilla Firefox v3.6.25 (fr)
GCIE: Google Chrome v27.0.1453.94 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Fran�ais
Java 7 Update 11

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (47% free)
System Restore: Activ� (Enable)
System drive C: has 36 GB (16%) free of 224 GB

---\\ Logged in mode
~ Computer Name: PC-DE-USER
~ User Name: user
~ All Users Names: user, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\user\AppData\Roaming\
~ %Desktop% : C:\Users\user\Desktop\
~ %Favorites% : C:\Users\user\Favorites\
~ %LocalAppData% : C:\Users\user\AppData\Local\
~ %StartMenu% : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 36 Go of 224 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 9 Go)
E:\ CD-ROM drive (Free 0 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\WINDOWS\Explorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.DA5A72211661C7F162B332FEA4F09A69] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/04/2011 - 16:00:34.) -- C:\WINDOWS\System32\wininet.dll [833024]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.21/01/2008 - 03:24:49.) -- C:\WINDOWS\System32\Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.0D83C87A801A3DFCD1BF73893FE7518C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.30/07/2008 - 09:11:53.) -- C:\WINDOWS\system32\Drivers\atapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/01/2008 - 03:23:02.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/01/2008 - 03:23:22.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.21/01/2008 - 03:24:59.) -- C:\WINDOWS\system32\Drivers\netBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.21/01/2008 - 03:23:51.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.21/01/2008 - 03:25:00.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.21/01/2008 - 03:24:53.) -- C:\WINDOWS\system32\Drivers\tdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/01/2008 - 03:23:21.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/88
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/2
~ Mon Bureau (My Desktop) : 61/1076
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.1968]
[MD5.19D93154C82FE39A99B269CED1056A92] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512] [PID.3388]
[MD5.1BA064138A5EE6B61A11A552DC072E57] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [442467] [PID.3668]
[MD5.95B2B8B728BB1BFC000178CDC79AF023] - (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files\HP\QuickPlay\QPService.exe [468264] [PID.3740]
[MD5.6FC398F279D5F5E53E61683B5450195D] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [202032] [PID.3768]
[MD5.544C1EF07AEC178A83538A251A72CE13] - (. Hewlett-Packard Development Company, L.P. - HP QuickTouch On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288] [PID.3780]
[MD5.7AF5A466CF4AECA28E3DCBCF5B6FD220] - (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152] [PID.3812]
[MD5.8CB896C573FD15AE8B13180DA53E93D2] - (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752] [PID.3820]
[MD5.29FB6EF1EFB1357E2883FE297F1EBC31] - (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files\AVG\AVG9\avgtray.exe [2077536] [PID.3832]
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.3884]
[MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [202256] [PID.3900]
[MD5.0B232C77D822983397674AEEC9AB59DC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832] [PID.3972]
[MD5.B7A99C2F89380EC7A2C07D5190DEB228] - (.AVG Secure Search - VProtect Application.) -- C:\Program Files\AVG Secure Search\vprot.exe [1226928] [PID.4068] =>Toolbar.AVGSearch
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.4088]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\WINDOWS\ehome\ehtray.exe [125952] [PID.2600]
[MD5.8D07F0687318214A3CEF62EA1048D101] - (.Hewlett-Packard Development Company, L.P. - Module to process WiFi messages..) -- C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.exe [316720] [PID.3148]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3084]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.1916]
[MD5.F14219FC767F1383526AB423F278A8E3] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [210520] [PID.1876]
[MD5.1EDC4865C8003A0251956835273904B1] - (.Pas de propri�taire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [685360] [PID.3204]
[MD5.FEDDD3579FEE51A9873D856DF3933C68] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [151552] [PID.4304]
[MD5.892699A6AEB910C58B726BD70BEA4F4B] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528] [PID.5632]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.5520]
[MD5.B1BA8CCACE07A81663785939ABCE8B05] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG9\avgui.exe [4109664] [PID.5720]
[MD5.51C392EC9DA1119EC86D562FF3E7344F] - (.Google Inc. - Google Chrome.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe [825808] [PID.5920]
[MD5.F72DD84DD69DF001CF4D1B909685A136] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7402496] [PID.2000]
[MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5672]
[MD5.029DF21EB9FC3FF0D628278774C99DC0] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.5.) -- C:\Windows\system32\nvvsvc.exe [118784] [PID.952]
[MD5.EC9C5F6C0F58446545D839BC11A3692B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [221273] [PID.1156]
[MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1360]
[MD5.6D0AC28C5BD8D8495F83F5929A45E559] - (.Hewlett-Packard Corporation - HpService.) -- C:\Windows\system32\Hpservice.exe [19456] [PID.1464]
[MD5.3B1B2EE9DF189F6BBB080BF393D1B2EE] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [77824] [PID.2028]
[MD5.C4D15594DB5BE042D3346EA58DF87D89] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136] [PID.124]
[MD5.26F65F22527515990532209BAFF78DEA] - (.Pas de propri�taire - CLCapSvc Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216] [PID.2104]
[MD5.511E9DDC22A63E5109C7F221F85DEB3D] - (.Pas de propri�taire - CLSched Module.) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116080] [PID.2140]
[MD5.431723F23D0E065BEF502389E8FFDC10] - (.Pas de propri�taire - STServices.) -- C:\Windows\SMINST\BLService.exe [361808] [PID.2152]
[MD5.4B817450226F93C31ADD5BCC27FED27A] - (.AVG Secure Search - ToolbarU Application.) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984] [PID.2316] =>Toolbar.AVGSearch
[MD5.4728D3BC556D677591797D600C47467C] - (.AVG Technologies CZ, s.r.o. - AVG Network scanner Service.) -- C:\Program Files\AVG\AVG9\avgnsx.exe [621920] [PID.2696]
[MD5.AA054CD537357F03D5BA6ABA7562B35F] - (.AVG Technologies CZ, s.r.o. - AVG E-Mail Scanner.) -- C:\Program Files\AVG\AVG9\avgemc.exe [921952] [PID.2820]
[MD5.7548066DF68A8A1A56B043359F915F37] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2864]
[MD5.2960400094498DAE47B36173286D76A0] - (.Pas de propri�taire - Updater.) -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [348160] [PID.2928] =>PUP.OptimizerPro
[MD5.737A5253008BE7F12ACEDD6876F24B4B] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe [725344] [PID.3088]
[MD5.D50FDAD1E57AA60F1973CFC77D905F0E] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [148832] [PID.3980]
[MD5.031DD8DBD4B958B5765C8C111CB1EA03] - (.AVG Technologies CZ, s.r.o. - AVG Cache Server.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe [1101152] [PID.4044]
[MD5.5654DB4719A3C52684A20C1CA443BF8F] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG9\avgrsx.exe [515424] [PID.3160]
[MD5.A94146208170D78906C93EE39CEBDD9F] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [193840] [PID.3220]
[MD5.D13E6BFD7E9189D26A42E94CB2447044] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.1716]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://websearch.pu-results.info
G0 - GCSP: Preference [User Data\Default] http://google.be
G2 - GCE: Preference [User Data\Default] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Security Toolbar v.14.2.0.1 (D�sactiv�)
~ Google Browser: 13 Legitimates Filtered in 00mn 10s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hesxjglr.default\prefs.js
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hesxjglr.default\searchplugins\search.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hesxjglr.default\searchplugins\Search_Results.xml
M3 - MFPP: Plugins - [user] -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hesxjglr.default\searchplugins\WebSearch.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg-secure-search.xml
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
M0 - MFSP: prefs.js [user - hesxjglr.default] http://websearch.pu-results.info
M2 - MFEP: prefs.js [user - hesxjglr.default\fcylvi2yaei@ieaaew-eo.edu] [] Browse2savee v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [user - hesxjglr.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v3.1 (..)
M2 - MFEP: prefs.js [user - hesxjglr.default\gfsprrlgv@wvabeveto.com] [] SSeoarChy-NeewTAb v1.0 (..)
M2 - MFEP: prefs.js [user - hesxjglr.default\illimitux@illimitux.net] [illimitux] Illimitux v4.0 (..)
M2 - MFEP: prefs.js [user - hesxjglr.default\oieursfw@rbjuxj.edu] [] SeearcH-NNEWTTab v1.0 (..)
M2 - MFEP: prefs.js [user - hesxjglr.default\oipjg@cbyo.com] [] BoroOwse2Saaveo v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [user - hesxjglr.default\syeoua_4bf@pjxooeh-.co.uk] [] Browusse2ssave v3.8 (..) =>Adware.Browse2Save
M2 - MFEP: prefs.js [user - hesxjglr.default\youedxpl@uay-ix.net] [] Seearchu-NeewTab v1.0 (..)
M2 - MFEP: prefs.js [user - hesxjglr.default\{71328583-3CA7-4809-B4BA-570A85818FBB}] [cacheviewer] CacheViewer v0.6.3 (..)
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (.AVG Technologies - npsitesafety.) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll =>Toolbar.AVGSearch
~ Firefox Browser: 63 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} . (.Hewlett-Packard Co. - Leo (Framework) - add-on for Internet Explo.) -- C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll.) -- C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\PROGRA~1\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll (.not file.) =>PUP.Datamngr
O2 - BHO: TBSB02609 - {C0924543-15FD-4F3D-889C-0B4562A9CB45} . (.Pas de propri�taire - IE Toolbar Engine.) -- C:\Program Files\searchweb\tbunsc2BA2.tmp\tbcore3.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Cl� orpheline
O3 - Toolbar: AVG Security Toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll.) -- C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll =>Toolbar.AVGSearch
O3 - Toolbar: searchweb - [HKLM]{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} . (.Pas de propri�taire - IE Toolbar Engine.) -- C:\Program Files\searchweb\tbunsc2BA2.tmp\tbcore3.dll
O3 - Toolbar: Searchqu Toolbar - [HKLM]{99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\Program Files\SEARCH~2\Datamngr\ToolBar\searchqudtx.dll =>PUP.Datamngr
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] . (.CyberLink Corp. - HP QuickPlay Resident Program.) -- C:\Program Files\HP\QuickPlay\QPService.exe
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Run: [OnScreenDisplay] . (. Hewlett-Packard Development Company, L.P. - HP QuickTouch On Screen Display.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard Co. - Hewlett-Packard Product Assistant.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HPWAMain Module.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG9_TRAY] . (.AVG Technologies CZ, s.r.o. - AVG Tray Monitor.) -- C:\Program Files\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UVS11 Preload] . (.InterVideo Digital Technology Corporation - Ulead VideoStudio.) -- C:\Program Files\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [vProt] . (.AVG Secure Search - VProtect Application.) -- C:\Program Files\AVG Secure Search\vprot.exe =>Toolbar.AVGSearch
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\bittorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-4230750335-2147464329-2259482301-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-4230750335-2147464329-2259482301-1000\..\Run: [BitTorrent] . (.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files\BitTorrent\bittorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-4230750335-2147464329-2259482301-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-4230750335-2147464329-2259482301-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Wuala.lnk . (.Wuala - Pas de description.) -- C:\Users\user\AppData\Roaming\Wuala\Wuala.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\WINDOWS\System32\SnippingTool.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\System32\fsquirt.exe
O4 - GS\SendTo: AVS Mobile Uploader.lnk . (.Online Media Technologies Ltd. - AVS Mobile Uploader.) -- C:\Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
O4 - GS\SendTo: AVS Video Burner.lnk . (.Online Media Technologies Ltd. - AVS Video Burner.) -- C:\Program Files\Common Files\AVSMedia\BurnerService\AVSVideoBurner.exe
O4 - GS\SendTo: AVS Video Uploader.lnk . (.Online Media Technologies Ltd. - AVS Video Uploader.) -- C:\Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Cl� orpheline
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: S�lection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: searchweb - {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} . (...) -- C:\Program Files\searchweb\tbunsc2BA2.tmp\favicon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07B11E13-AAE3-430C-AE87-2BFA620DC8E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E7F104D-F1A0-44AC-B5F3-80418E75F7C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{90811AAE-354C-4320-BF35-A41A83E68463}: DhcpNameServer = 10.11.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07B11E13-AAE3-430C-AE87-2BFA620DC8E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E7F104D-F1A0-44AC-B5F3-80418E75F7C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{90811AAE-354C-4320-BF35-A41A83E68463}: DhcpNameServer = 10.11.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{07B11E13-AAE3-430C-AE87-2BFA620DC8E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{1E7F104D-F1A0-44AC-B5F3-80418E75F7C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{90811AAE-354C-4320-BF35-A41A83E68463}: DhcpNameServer = 10.11.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (.AVG Secure Search - Pas de description.) -- C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll =>Toolbar.AVGSearch
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\browse~1\sprote~1.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: AVG Free E-mail Scanner (avg9emc) . (.AVG Technologies CZ, s.r.o. - AVG E-Mail Scanner.) - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: (vToolbarUpdater15.2.0) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 14 Legitimates Filtered in 00mn 38s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\schedule!3036567561.job [414]
[MD5.782EA1BD540F243D9A55F8145DE1CBFF] [APT] [ROC_JAN2013_TB_rmv] (...) -- C:\Program Files\AVG Secure Search\PostInstall\ROC.exe [1177168] =>Toolbar.AVGSearch
[MD5.2960400094498DAE47B36173286D76A0] [APT] [schedule!3036567561] (...) -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [348160] =>PUP.OptimizerPro
~ Scheduled Task: 28 Legitimates Filtered in 00mn 04s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
O40 - ASIC: Viewpoint Media Player - {03F998B2-0E00-11D3-A498-00104B6EB52E} . (...) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll =>Adware.MetaStream
O40 - ASIC: Viewpoint Media Player - {1B00725B-C455-4DE6-BFB6-AD540AD427CD} . (...) -- C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll =>Adware.MetaStream
~ Active Setup: 16 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowseToSave 1.74 - (...) [HKLM] -- SP_48c708f2 =>Adware.Browse2Save
O42 - Logiciel: Browusse2ssave - (.BrowseToSave.) [HKLM] -- {C3F3165C-74D3-6FDB-3274-14FDA8698CFA} =>Adware.Browse2Save
O42 - Logiciel: Final Draft - (.Final Draft, Inc..) [HKLM] -- {7C3C895B-AE02-4F30-8A6A-051D37A38DD0}
O42 - Logiciel: OptimizerPro - (.BetterSoft.) [HKLM] -- OptimizerPro =>PUP.OptimizerPro
O42 - Logiciel: SSeoarChy-NeewTAb - (.NewTab.) [HKLM] -- {C670DCAE-E392-AA32-6F42-143C7FC4BDFD} =>Adware.FastSaveApp
O42 - Logiciel: Search Assistant WebSearch 1.74 - (...) [HKLM] -- SP_b0285714
O42 - Logiciel: searchweb - (.searchweb.) [HKLM] -- searchweb
~ Logic: 123 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix
[HKCU\Software\AppDataLow\Software\iGraal]
[HKCU\Software\DXTransform]
[HKCU\Software\Datamngr] =>PUP.Datamngr
[HKCU\Software\Final Draft]
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Babylon] =>Toolbar.Babylon
[HKLM\Software\Final Draft]
[HKLM\Software\Minibar]
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.Mocaflix
~ Key Software: 252 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/08/2011 - 13:56:26 - [0,184] ----D C:\Program Files\b4ficons
O43 - CFD: 16/04/2013 - 21:50:50 - [1,473] ----D C:\Program Files\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 16/04/2013 - 22:29:32 - [35,790] ----D C:\Program Files\Final Draft 8
O43 - CFD: 17/04/2012 - 22:27:09 - [0,048] ----D C:\Program Files\Free CD Ripper
O43 - CFD: 12/05/2011 - 17:42:12 - [491,122] ----D C:\Program Files\Mes Sites Web
O43 - CFD: 11/01/2012 - 01:29:07 - [3,651] ----D C:\Program Files\searchweb
O43 - CFD: 19/03/2013 - 16:54:27 - [0,255] ----D C:\Program Files\Teleport Pro
O43 - CFD: 16/04/2013 - 21:51:23 - [1,470] ----D C:\Program Files\WebSearch
O43 - CFD: 11/01/2012 - 01:28:58 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 10/03/2013 - 12:15:26 - [0,000] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 24/04/2013 - 13:12:05 - [0,025] ----D C:\ProgramData\BoroOwse2Saaveo =>Adware.Browse2Save
O43 - CFD: 24/04/2013 - 12:52:18 - [0,072] ----D C:\ProgramData\Browse2savee =>Adware.Browse2Save
O43 - CFD: 24/04/2013 - 12:52:18 - [0,072] ----D C:\ProgramData\Browusse2ssave =>Adware.Browse2Save
O43 - CFD: 16/04/2013 - 22:30:36 - [8,067] ----D C:\ProgramData\Final Draft
O43 - CFD: 16/04/2013 - 21:51:36 - [5,420] ----D C:\ProgramData\InstallMate
O43 - CFD: 28/08/2011 - 09:34:55 - [0,001] ----D C:\ProgramData\Media Get LLC =>PUP.MediaGet
O43 - CFD: 24/04/2013 - 13:12:32 - [0,025] ----D C:\ProgramData\SeearcH-NNEWTTab =>Adware.FastSaveApp
O43 - CFD: 24/04/2013 - 12:52:18 - [0,072] ----D C:\ProgramData\Seearchu-NeewTab =>Adware.FastSaveApp
O43 - CFD: 24/04/2013 - 12:52:18 - [0,072] ----D C:\ProgramData\SSeoarChy-NeewTAb =>Adware.FastSaveApp
O43 - CFD: 11/01/2012 - 01:28:58 - [0,003] ----D C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 20/10/2010 - 10:45:26 - [0,295] ----D C:\Users\user\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 16/04/2013 - 22:34:33 - [0,331] ----D C:\Users\user\AppData\Roaming\Final Draft
O43 - CFD: 10/03/2013 - 13:10:27 - [0,000] ----D C:\Users\user\AppData\Roaming\FreeMoviesToDVD
O43 - CFD: 24/09/2010 - 16:22:47 - [1,250] ----D C:\Users\user\AppData\Roaming\igraal
O43 - CFD: 28/08/2011 - 06:22:43 - [0,003] ----D C:\Users\user\AppData\Roaming\Media Get LLC =>PUP.MediaGet
O43 - CFD: 16/04/2013 - 21:51:51 - [0] ----D C:\Users\user\AppData\Roaming\NCdownloader
O43 - CFD: 22/02/2010 - 12:39:51 - [26,516] ----D C:\Users\user\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 11/01/2012 - 01:28:59 - [3,744] ----D C:\Users\user\AppData\Local\Babylon =>Toolbar.Babylon
O43 - CFD: 27/08/2011 - 21:08:32 - [5,090] ----D C:\Users\user\AppData\Local\Media Get LLC =>PUP.MediaGet
O43 - CFD: 25/09/2011 - 15:59:53 - [21,807] ----D C:\Users\user\AppData\Local\MediaGet2 =>PUP.MediaGet
O43 - CFD: 26/08/2011 - 13:56:52 - [0,703] ----D C:\Users\user\AppData\Local\Minibar
O43 - CFD: 01/05/2011 - 20:10:02 - [0] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jed
~ Program Folder: 276 Legitimates Filtered in 00mn 32s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 24/05/2013 - 16:31:03 ---A- . (...) -- C:\WINDOWS\System32\DOErrors.log [52]
O44 - LFC:[MD5.3ECB1FC2CB9A6F432B29DE0E14D0E294] - 15/05/2013 - 06:20:28 ---A- . (...) -- C:\WINDOWS\win.ini [275]
~ Files: 12 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.C436F270BD7931DC850AE17FB909700D] - 24/05/2013 - 21:24:19 ---A- - C:\WINDOWS\Prefetch\PROJECT64.EXE-7FBFA384.pf
O45 - LFCP:[MD5.9E8EA64B85EF5BA43E5D2527326294CC] - 25/05/2013 - 19:02:17 ---A- - C:\WINDOWS\Prefetch\27.0.1453.94_26.0.1410.64_CHR-8757F2F1.pf
O45 - LFCP:[MD5.09CB26761A26E51B2C92C0B676DD82C3] - 25/05/2013 - 20:07:11 ---A- - C:\WINDOWS\Prefetch\BITTORRENT.EXE-613714CB.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.B0B8BE20D3B35C83AA3AA5AC19FAE4C7] - 25/05/2013 - 20:45:29 ---A- - C:\WINDOWS\Prefetch\MEDIAGET.EXE-DACB372B.pf =>PUP.MediaGet
O45 - LFCP:[MD5.1E66B9911ACB895813D2E9361E152324] - 26/05/2013 - 13:42:42 ---A- - C:\WINDOWS\Prefetch\SECURITYKISSTUNNEL.EXE-6408CA99.pf
O45 - LFCP:[MD5.C2D125C107177F1C99A344DEE24A252C] - 26/05/2013 - 13:42:54 ---A- - C:\WINDOWS\Prefetch\NETSTAT.EXE-6D34D712.pf
O45 - LFCP:[MD5.6C0CF0F18C6FC5058BD55BF1A6CBC298] - 26/05/2013 - 13:43:05 ---A- - C:\WINDOWS\Prefetch\DRIVERQUERY.EXE-DAB827CD.pf
O45 - LFCP:[MD5.442111D3AE9D2A22D4982D584423E40F] - 26/05/2013 - 13:43:15 ---A- - C:\WINDOWS\Prefetch\SYSTEMINFO.EXE-F360EB78.pf
O45 - LFCP:[MD5.916F5D806DB99A2E1F3F2DAB7F16179F] - 26/05/2013 - 21:40:36 ---A- - C:\WINDOWS\Prefetch\HIDDATA.EXE-98129A0B.pf
O45 - LFCP:[MD5.7ED80B30136EDA04770CB6DEA7C81D1A] - 28/05/2013 - 02:57:43 ---A- - C:\WINDOWS\Prefetch\AVGCHSVX.EXE-4B702F60.pf
O45 - LFCP:[MD5.B1CBEB1C93E1C717F8856A301172CAC1] - 28/05/2013 - 11:50:16 ---A- - C:\WINDOWS\Prefetch\OPTIMIZERPRO.EXE-3F4A7972.pf =>PUP.OptimizerPro
~ Prefetcher: 131 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{1c05dc87-2971-11e0-93ae-001eecaea86b}\AutoRun\command. (...) -- H:\PMBP_Win.exe (.not file.)
O51 - MPSK:{4460cc35-5db8-11df-9399-806e6f6e6963}\AutoRun\command. (...) -- F:\portable\\\\little.exe (.not file.)
O51 - MPSK:{5ac59aea-d073-11df-9b40-001eecaea86b}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{66735d14-1fc9-11df-a8d2-001eecaea86b}\AutoRun\command. (...) -- F:\ime\moje.exe (.not file.)
O51 - MPSK:{a2fe06b6-6021-11df-bb68-001eecaea86b}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{a536d9bb-05d9-11e0-97af-001eecaea86b}\AutoRun\command. (...) -- F:\cgaqyi.exe (.not file.)
O51 - MPSK:{f9613089-9eb3-11e1-9dc5-001eecaea86b}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.3B10711AD8656C097E0D16A41B29C54C] - 27/03/2008 - 12:11:34 ---A- . (.Hewlett-Packard Corporation - HP Accelerometer.) -- C:\WINDOWS\System32\Drivers\Accelerometer.sys [34664]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\WINDOWS\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 25/05/2013 - 20:06:35 ---A- C:\Users\user\Downloads\shining-french-dvdrip-1980.torrent [42432]
O61 - LFC: 25/05/2013 - 20:07:57 ---A- C:\Users\user\Downloads\shining-french-dvdrip-1980 (1).torrent [42432]
O61 - LFC: 25/05/2013 - 20:45:24 ---A- C:\Users\user\Downloads\[kat.ph]pas.sur.la.bouche.alain.resnais.2003.torrent [14897]
O61 - LFC: 25/05/2013 - 20:52:23 ---A- C:\Users\user\Downloads\Pas Sur La Bouche - Alain Resnais, 2003\Pas Sur La Bouche - Alain Resnais, 2003.txt [2029]
O61 - LFC: 25/05/2013 - 21:48:08 ---A- C:\Users\user\AppData\Local\Media Get LLC\MediaGet2\a56dc990e5015109436ec252cd8e8c17510bae48.fastresume [796] =>PUP.MediaGet
O61 - LFC: 25/05/2013 - 21:48:08 ---A- C:\Users\user\AppData\Local\Media Get LLC\MediaGet2\network_cache\cache.dat [4] =>PUP.MediaGet
O61 - LFC: 25/05/2013 - 21:58:45 ---A- C:\Users\user\Downloads\The.Shining.1980.US.Cut.FRENCH.BRRiP.XviD.AC3-HuSh\The.Shining.1980.US.Cut.FRENCH.BRRiP.XviD.AC3-HuSh.nfo [12244]
O61 - LFC: 26/05/2013 - 13:42:39 ---A- C:\Users\user\SecurityKISSTunnel.config [197]
O61 - LFC: 26/05/2013 - 16:28:40 ---A- C:\Users\user\Downloads\IE10-Windows6.1-x86-fr-fr.exe [25172992]
O61 - LFC: 26/05/2013 - 20:42:36 ---A- C:\Users\user\AppData\Local\AVG Secure Search\SiteSafety\l_2013_05_26_12_42_33.db [613968] =>Toolbar.AVGSearch
O61 - LFC: 28/05/2013 - 03:00:04 ---A- C:\Users\user\AppData\Local\AVG Secure Search\SiteSafety\l_2013_05_27_07_00_03.db [613968] =>Toolbar.AVGSearch
O61 - LFC: 28/05/2013 - 11:08:55 ---A- C:\Users\user\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [271058]
O61 - LFC: 28/05/2013 - 11:31:13 ---A- C:\Users\user\Downloads\mbam-setup-1.75.0.1300.exe [10285040]
O61 - LFC: 28/05/2013 - 13:02:44 ---A- C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State [33551]
~ 10 Fichiers temporaires (Temporary files)
~ Files: 182 Legitimates Filtered in 00mn 36s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js> [HKCU\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS5.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS5.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
~ FASS Keys: 22 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.cc", "BE");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.client_js_http_src", "");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.client_js_https_src", "");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.date", "1365023633000");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.finished", "14.2.0.1");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardKUCount", 1);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardKUCountInit", 156);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.guid", "{c9f96c13-8a47-470d-b479-ccdbbda9e3fc}");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1"); =>Toolbar.AVGSearch
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.isDisabled", 0);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.isHidden", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.lastUpdaterReq", "1365023635000");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.laststatreq", "1365023635000");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.migrationComplete", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.migrationFlagsComplete", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.newtab", false);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.overlayVersion", "634961130452065000");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.rewardsDisabled", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.updaterInterval", "24");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.userHPSettings", "resource:/browserconfig.properties");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("avg.install.userSPSettings", "Google");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); =>Toolbar.Babylon
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.5148770d1525e.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,se[...] =>Toolbar.Babylon
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.illimitux_backup_http", "");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.illimitux_backup_port", 0);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.illimitux_backup_referer", 2);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.illimitux_backup_type", 5);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_firsttime_4.0_", false);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_mu_auto", "");
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_auto", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_box", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_captcha", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_divx", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_embed", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_proxy", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_4s", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_captcha", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_mp", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_mu", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_mv", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_rs", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_rs1", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_pt_zs", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_referer", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_rs", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_tab", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.ilx_pref_zapmu", true);
O69 - SBI: prefs.js [user - hesxjglr.default] user_pref("extensions.illimitux.locale", "fr");
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {230C22EE-865B-4F83-92C2-08CF69DA6578} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (Search) - http://www.bigseekpro.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2418} - (Search Results) - http://dts.search-results.com
O69 - SBI: SearchScopes [HKCU] {B3D1C463-0C12-4F24-BCB2-7943255E8DC0} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [DefaultScope] - (WebSearch) - http://websearch.pu-results.info
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\user\AppData\Local\Temp\7zO8E0E.tmp\keygen.exe
C:\Users\user\AppData\Local\Temp\7zO8E0E.tmp\keygen.exe
~ Files: Scanned in 01mn 12s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.2EF69B614E660F1B2D33D3B66C70DD07] [SPRF][24/02/2010] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\ProgramData\DVD.exe [2989660]
[MD5.E353DA497BA795F7927F41951E7C35D3] [SPRF][03/03/2010] (...) -- C:\ProgramData\ezsid.dat [32]
[MD5.DF97345A9B4ED0750151BF56BE95591B] [SPRF][20/02/2010] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\ProgramData\Games.exe [2231606]
[MD5.1E308C389DB86BB3F0AE8B92C799E968] [SPRF][17/05/2010] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\ProgramData\Karaoke.exe [2331174]
[MD5.CEE9DC3C68961A957767D26CF542CFC5] [SPRF][06/04/2011] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\ProgramData\MobileTV.exe [3063561]
[MD5.504F73C0E321C1BAFB725D79C4F86CCB] [SPRF][25/04/2010] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\ProgramData\MPV.exe [2864396]
[MD5.7A4CAB5C57FBCA0045C6A669DA426F6B] [SPRF][28/05/2013] (...) -- C:\ProgramData\nvModes.dat [48992]
[MD5.9D64F0FF70285DA78295B19AABA46C2B] [SPRF][15/01/2013] (...) -- C:\Users\user\AppData\Local\d3d9caps.dat [7592]
[MD5.42BADC1D2F03A8B1E4875740D3D49336] [SPRF][29/06/2011] (.Igor Pavlov - 7-Zip Standalone Console.) -- C:\Users\user\AppData\Local\Temp\7za.exe [587776]
[MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (...) -- C:\Users\user\AppData\Local\Temp\Extract.bat [87]
[MD5.E42464CCAF73CD1794878FCB2C27E95A] [SPRF][24/05/2013] (...) -- C:\Users\user\AppData\Local\Temp\ffmpeg12.exe [2383872]
[MD5.7680842A2FAEDB957CEC0265EAAF7A5B] [SPRF][23/05/2013] (...) -- C:\Users\user\AppData\Local\Temp\ICReinstall_QuickTimeInstaller.exe [667016]
[MD5.46BAA11B87C127AD9386D91E844C7351] [SPRF][30/08/2012] (...) -- C:\Users\user\AppData\Local\Temp\installhelper.dll [1622016]
[MD5.D94E2558C359BDCBF3DA965D6D3F003B] [SPRF][04/08/2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\user\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe [911136]
[MD5.F88C296A9109CF540EEDEF41E8A46E09] [SPRF][12/01/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\user\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe [896424]
[MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. - Babylon Client Setup.) -- C:\Users\user\AppData\Local\Temp\MyBabylonTB.exe [919664] =>Toolbar.Babylon
[MD5.72CF064E0B2F7EB666FBB25BE2D5DFD6] [SPRF][01/12/2011] (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- C:\Users\user\AppData\Local\Temp\push.exe [2561093]
[MD5.FD0204D6A31F46CAB30A9DAA9DAF487D] [SPRF][15/12/2011] (...) -- C:\Users\user\AppData\Local\Temp\Setup.exe [422237]
[MD5.2AB28E5FD0525DBCCB392036AF3ED9AA] [SPRF][10/03/2013] (...) -- C:\Users\user\AppData\Local\Temp\SetupDataMngr_Searchqu.exe [4380296] =>PUP.Datamngr
[MD5.992FCD21A8951587B443AE0E69E9F478] [SPRF][27/06/2012] (.Skype Technologies S.A. - Skype.) -- C:\Users\user\AppData\Local\Temp\SkypeSetup.exe [25656496]
[MD5.A082E5473B2A9A4D846ED7DDF637AC76] [SPRF][13/12/2012] (.Microsoft Corporation - WinSock2 reorder service providers.) -- C:\Users\user\AppData\Local\Temp\SpOrder.dll [8704]
[MD5.72412B526BCC716382E62B7939DCFD8F] [SPRF][17/04/2012] (...) -- C:\Users\user\AppData\Local\Temp\SRAssetsHelper.dll [1085952]
[MD5.80D7BB006C5C33EB40BBEDBB8AAF3F39] [SPRF][17/11/2011] (...) -- C:\Users\user\AppData\Local\Temp\tool.exe [1671300]
[MD5.3B5271C6F89985BEA713200BE47DB8D2] [SPRF][06/03/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\utt544A.tmp.exe [653176] =>P2P.BitTorrent
[MD5.9B61DEC6AC6795D34340C4105EB1FC5F] [SPRF][05/06/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\utt80A3.tmp.exe [6380440] =>P2P.BitTorrent
[MD5.75E8A30FA3460F9596B0F4C9F8051C09] [SPRF][28/10/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\utt8610.tmp.exe [1398680] =>P2P.BitTorrent
[MD5.5BA96464F924BD62EA8C924167DB0837] [SPRF][21/05/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\uttBFD8.tmp.exe [6379888] =>P2P.BitTorrent
[MD5.E4503303C1659788A0EEA2A519E43496] [SPRF][24/06/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\uttD1C.tmp.exe [6078360] =>P2P.BitTorrent
[MD5.34BBE52043A811221FBEB6F6377DAB0C] [SPRF][18/02/2012] (.BitTorrent, Inc. - BitTorrent.) -- C:\Users\user\AppData\Local\Temp\uttF94E.tmp.exe [650104] =>P2P.BitTorrent
[MD5.99A35A49240DCF90370E03A50902CB5E] [SPRF][20/02/2004] (.Viewpoint Corporation - Viewpoint Media Player MtsAxInstaller.) -- C:\Users\user\AppData\Local\Temp\vmpremov.exe [61440] =>Adware.MetaStream
[MD5.1108B166160D6023AF76435B074052B6] [SPRF][05/04/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_is313E.exe [455600]
[MD5.1108B166160D6023AF76435B074052B6] [SPRF][05/04/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_is3F50.exe [455600]
[MD5.1108B166160D6023AF76435B074052B6] [SPRF][05/04/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_is4EDB.exe [455600]
[MD5.FBAB280D0CAC5E21C72F0A1A7B5B9608] [SPRF][24/05/2006] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_is538C.exe [455600]
[MD5.FBAB280D0CAC5E21C72F0A1A7B5B9608] [SPRF][24/05/2006] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_is5ABC.exe [455600]
[MD5.1108B166160D6023AF76435B074052B6] [SPRF][05/04/2007] (.Macrovision Corporation - Setup.exe.) -- C:\Users\user\AppData\Local\Temp\_isA303.exe [455600]
[MD5.622CF7C8ECDD8C353539740A30D85731] [SPRF][11/12/2012] (...) -- C:\Users\user\AppData\Local\Temp\{A507BD80-1215-44C7-B13D-A7559BC71453}-23.0.1271.97_23.0.1271.95_chrome_updater.exe [744952]
[MD5.51CA9A27C82F68874BBA3E2A87F6B400] [SPRF][30/01/2013] (...) -- C:\Users\user\AppData\Local\Temp\{B9517A37-7AD2-4E9A-A32D-C9A378557806}-24.0.1312.57_24.0.1312.56_chrome_updater.exe [670048]
[MD5.CC5A66084B4FB1AC61581DAFFE6B196E] [SPRF][15/02/2012] (.Google Inc. - Google Chrome.) -- C:\Users\user\AppData\Local\Temp\{C1B4F129-9411-4003-A4A9-6F9D9A8E0478}-chrome_updater.exe [4646384]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][23/05/2013] (...) -- C:\Users\user\AppData\LocalLow\prvlcl.dat [0]
[MD5.C38554AF9B46F60D069505AAA6B19749] [SPRF][25/02/2010] (...) -- C:\Users\user\AppData\Roaming\wklnhst.dat [210]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][17/02/2010] (...) -- C:\WINDOWS\Downloaded Program Files\unagiuninst.exe [38428]
~ Files: Scanned in 00mn 04s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{9FE23275-6FBB-46F6-9F7D-1BE17B041CC7}C:\users\user\appdata\roaming\wuala\wuala.exe" | In - Public - P6 - TRUE | .(.Wuala - Pas de description.) -- C:\users\user\appdata\roaming\wuala\wuala.exe
O87 - FAEL: "UDP Query User{4EB3079D-03CA-4EDD-B9F0-64AB444113A3}C:\users\user\appdata\roaming\wuala\wuala.exe" | In - Public - P17 - TRUE | .(.Wuala - Pas de description.) -- C:\users\user\appdata\roaming\wuala\wuala.exe
O87 - FAEL: "TCP Query User{8007170C-D3CD-4903-A9BD-985C2D813A14}C:\users\user\appdata\roaming\wuala\wuala.exe" | In - Private - P6 - TRUE | .(.Wuala - Pas de description.) -- C:\users\user\appdata\roaming\wuala\wuala.exe
O87 - FAEL: "UDP Query User{C69CCA5D-6426-41AD-AF9F-A8B84B18B5B9}C:\users\user\appdata\roaming\wuala\wuala.exe" | In - Private - P17 - TRUE | .(.Wuala - Pas de description.) -- C:\users\user\appdata\roaming\wuala\wuala.exe
O87 - FAEL: "TCP Query User{C1F2C815-3E76-4D1D-9F96-E129C46C17CC}C:\users\user\appdata\local\mediaget2\mediaget.exe" | In - Public - P6 - TRUE | .(.MediaGet LLC - MediaGet torrent client.) -- C:\users\user\appdata\local\mediaget2\mediaget.exe =>PUP.MediaGet
O87 - FAEL: "UDP Query User{2247A5A7-CCFA-431A-AE20-A53E328B149F}C:\users\user\appdata\local\mediaget2\mediaget.exe" | In - Public - P17 - TRUE | .(.MediaGet LLC - MediaGet torrent client.) -- C:\users\user\appdata\local\mediaget2\mediaget.exe =>PUP.MediaGet
~ Firewall: 197 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.12362 - (25/05/2013)
Cl�s trouv�es (Keys found) : 144
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 31
Fichiers trouv�s (Files found) : 9

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{76c45b18-a29e-43ea-aaf8-af55c2e1ae17}] =>PUP.Eorezo
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{96ef404c-24c7-43d0-9096-4ccc8bb7ccac}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{97720195-206a-42ae-8e65-260b9ba5589f}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
[HKLM\Software\Classes\CLSID\{986f7a5a-9676-47e1-8642-f41f8c3fcf82}] =>PUP.Eorezo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}] =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{b18788a4-92bd-440e-a4d1-380c36531119}] =>PUP.Eorezo
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.Conduit
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0924543-15FD-4F3D-889C-0B4562A9CB45}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{C0924543-15FD-4F3D-889C-0B4562A9CB45}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45}] =>Adware.SocialSkinz
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.Babylon
[HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Internet Explorer\extensions\{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] =>PUP.Dealio
[HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware. BullseyeToolbar
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo
[HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\ScriptHelper.EXE] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AVG Secure Search.PugiObj.1] =>Toolbar.AVGSearch
[HKLM\Software\Classes\axmetastream.metastreamctl] =>Adware.MetaStream
[HKLM\Software\Classes\axmetastream.metastreamctl.1] =>Adware.MetaStream
[HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary] =>Adware.MetaStream
[HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1] =>Adware.MetaStream
[HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent
[HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.Agent
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent
[HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent
[HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent
[HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.Agent
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.Agent
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Minibar] =>Toolbar.Minibar
[HKLM\Software\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Viewpoint] =>Adware.MetaStream
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchweb] =>Adware.SocialSkinz
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Associations]:bak_Application =>Hijacker.Agent
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}] =>Adware.Browse2Save
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}] =>Adware.Browse2Save
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch
[HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent
[HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB02609.IEToolbar] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB02609.IEToolbar.1] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB02609.TBSB02609] =>Toolbar.Agent
[HKLM\Software\Classes\TBSB02609.TBSB02609.3] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB02609] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.TBSB02609.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager] =>Toolbar.Agent
[HKLM\Software\Classes\Toolbar3.SearchProviderManager.1] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714] =>Adware.Browse2Save^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0} =>Adware.SocialSkinz
C:\Program Files\AVG Secure Search =>Toolbar.AVGSearch
C:\Program Files\b4ficons =>Adware.Burn4Free
C:\Program Files\BrowseToSave =>Adware.Browse2Save
C:\Program Files\searchweb =>Toolbar.Babylon
C:\Program Files\WebSearch =>Adware.Browse2Save
C:\Program Files\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\Media Get LLC =>PUP.MediaGet
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\user\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
C:\Users\user\AppData\Roaming\Media Get LLC =>PUP.MediaGet
C:\Users\user\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\user\AppData\Local\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\user\AppData\Local\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\Local\Babylon =>Toolbar.Babylon
C:\Users\user\AppData\Local\Media Get LLC =>PUP.MediaGet
C:\Users\user\AppData\Local\MediaGet2 =>PUP.MediaGet
C:\Users\user\AppData\Local\Minibar =>Toolbar.Minibar
C:\Users\user\AppData\LocalLow\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\AVG Security Toolbar =>Toolbar.AVGSearch
C:\Users\user\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\ProgramData\BoroOwse2Saaveo =>Adware.Browse2Save
C:\ProgramData\Browse2savee =>Adware.Browse2Save
C:\ProgramData\Browusse2ssave =>Adware.Browse2Save
C:\ProgramData\SeearcH-NNEWTTab =>Adware.FastSaveApp^
C:\ProgramData\Seearchu-NeewTab =>Adware.FastSaveApp^
C:\ProgramData\SSeoarChy-NeewTAb =>Adware.FastSaveApp^
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\hesxjglr.default\Extensions\ffxtlbr@babylon.com =>Toolbar.Babylon
C:\Users\user\AppData\Local\Temp\babylon.jpg =>PUP.SweetIM
C:\Users\user\AppData\Local\Temp\MyBabylonTB.exe =>PUP.SweetIM
C:\Users\user\AppData\Local\Temp\Searchqu.ini =>Adware.Bandoo
C:\Users\user\AppData\Local\Temp\searchqutoolbar-manifest.xml =>Adware.Bandoo
C:\Users\user\AppData\Local\Temp\SetupDataMngr_Searchqu.exe =>Adware.Bandoo
C:\Users\user\AppData\Local\Temp\vmpremov.exe =>Adware.MetaStream
C:\WINDOWS\Tasks\schedule!3036567561.job =>PUP.Offerware^
~ Additionnel Scan: 474838 Items scanned in 01mn 24s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
SS - | Demand 167264 | (AVG Security Toolbar Service) . (...) - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
SR - | Auto 01/08/2010 921952 | (avg9emc) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG9\avgemc.exe
SR - | Auto 01/08/2010 308136 | (avg9wd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG9\avgwdsvc.exe
SR - | Demand 07/02/2008 193840 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\WINDOWS\System32\svchost.exe
SS - | Auto 18/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 15/04/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Demand 08/01/2008 148832 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) - C:\WINDOWS\System32\Hpservice.exe
SR - | Auto 04/06/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 14/05/2008 118784 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\System32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 292216 | (QPCapSvc) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
SR - | Auto 116080 | (QPSched) . (...) - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
SR - | Auto 361808 | (Recovery Service for Windows) . (...) - C:\Windows\SMINST\BLService.exe
SS - | Demand 0 | (rpcapd) . (...) - C:\Program Files\WinPcap\rpcapd.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 27/06/2008 221273 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
SR - | Auto 21/05/2013 1015984 | (vToolbarUpdater15.2.0) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe =>Toolbar.AVGSearch
SS - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 01s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by user at 28/05/2013 14:07:51

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys iaStor.sys
C:\Windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8270DFEF] >> \Device\Harddisk0\DR0[0x87703748]
5 hpdskflt[0x8BFABF05] >> ntkrnlpa!IofCallDriver[0x8270DFEF] >> [0x865818C8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 16 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by user at 28/05/2013 14:07:53

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1627 Legitimates filtered by white list
End of the scan (934 lines in 05mn 34s)(2)









































































Publicité


Signaler le contenu de ce document

Publicité