cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2013.10.18.49 - Nicolas Coolman (18/10/2013)
~ Lanc� par Wise3 (19/10/2013 10:51:32)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance � la d�sinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 11.0
GCIE: Google Chrome v30.0.1599.69

---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du syst�me
Avira Antivirus Premium v13.0.0.4052
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du syst�me
CCleaner v4.05 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
�Torrent v3.3.0.29625 =>P2P.�Torrent

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le syst�me
~ Processor: x86 Family 6 Model 10 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (42% free)
System Restore: Activ� (Enable)
System drive C: has 2 GB (7%) free of 24 GB

---\\ Mode de connexion au syst�me
~ Computer Name: WISE3-ATC
~ User Name: Wise3
~ All Users Names: Wise3, SUPPORT_388945a0, LogMeInRemoteUser, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Wise3\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Wise3\Application Data\
~ %Desktop% : C:\Documents and Settings\Wise3\Bureau\
~ %Favorites% : C:\Documents and Settings\Wise3\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Wise3\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Wise3\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enum�ration des unit�s disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 2 Go of 24 Go)
D: Hard drive, Flash drive, Thumb drive (Free 12 Go of 59 Go)
E: Hard drive, Flash drive, Thumb drive (Free 12 Go of 70 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: Hard drive, Flash drive, Thumb drive (Free 53 Go of 233 Go)
J: Hard drive, Flash drive, Thumb drive (Free 15 Go of 1863 Go)



---\\ Etat du Centre de S�curit� Windows
~ Security Center: 40 Legitimates Filtered in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/16
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/327
~ Mes Documents (My Documents) : 2/543
~ Mon Bureau (My Desktop) : 0/810
~ Menu demarrer (Programs) : 0/68
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lanc�s
[MD5.454DFDC3D40B777455846E749D3B49FF] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [602112] [PID.1340]
[MD5.75B191596E6C2F149AA8E0228B3E0B3A] - (.Sandboxie Holdings, LLC - Sandboxie Service.) -- C:\Program Files\Sandboxie\SbieSvc.exe [129112] [PID.1568]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\rundll32.exe [0] [PID.496]
[MD5.45DDED48EC2AD5C8A00677C02D94E654] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024] [PID.564]
[MD5.234051C0D242A6F4A79AE5212C1323D4] - (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048] [PID.1392]
[MD5.4D83DC461F8F4370274CF6E9AC9A34F4] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208] [PID.1204]
[MD5.6B87742F27B087AF7FD4ADC2DB685DE0] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.1476]
[MD5.4D46C1D08B23ED0004E3A3BEA39A7F50] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.1520]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.1528]
[MD5.D4B2479756A397805ACEA19BA3596E2A] - (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe [543320] [PID.1552]
[MD5.5658972765AF193BDC813197B5AA8C85] - (.Dropbox, Inc. - Dropbox.) -- C:\Documents and Settings\Wise3\Application Data\Dropbox\bin\Dropbox.exe [29768376] [PID.1712]
[MD5.99721E1DAC2C89E8202F70B773FB14F4] - (.ArcSoft Inc. - ArcSoft eservutil..) -- C:\Program Files\Fichiers communs\ArcSoft\esinter\Bin\eservutil.exe [37280] [PID.716]
[MD5.89A324F6F8DF8FB6E22FAA29A209BF4E] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088] [PID.748]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.704]
[MD5.39133291CB607BDD87CFC565A4A1E7A5] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [PID.2348]
[MD5.F622A3C0C10A26C1DC789CDEB0B2A4EB] - (.LogMeIn, Inc. - LMIGuardianSvc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [374152] [PID.2428]
[MD5.CE9E8BF4E9194B29767CDA90F8BDC675] - (.LogMeIn, Inc. - LogMeIn Maintenance Service.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe [136584] [PID.2524]
[MD5.432618FA75B61059D2C57D6A7E55147A] - (.LogMeIn, Inc. - LogMeIn.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe [390528] [PID.2736]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3056]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3544]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.3676]
[MD5.FAC20F9060FF9C74AF0C8A002BB04AE7] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\WINDOWS\system32\NLSSRV32.exe [68896] [PID.3840]
[MD5.C9037D2E39B7638032F198A9EFEEC47D] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76856] [PID.4076]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1032]
[MD5.4C08FB7ACB28689B586D986D3F5826CF] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.1484]
[MD5.F67C21CC4195F6AFC447418FE163E156] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [5087584] [PID.860]
[MD5.4775579D1AE9C881A6F2F7739858E7CD] - (...) -- C:\Program Files\VIA\RAID\vialogsv.exe [52888] [PID.3952]
[MD5.C8A48B180D0BF7C21D350B9493044D0E] - (.Avira Operations GmbH & Co. KG - Avira MailGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [622648] [PID.2580]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3436]
[MD5.194BBFA1F36D815A3B8045F3C77D11AB] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe [815160] [PID.3580]
[MD5.AB055E4E8A49E06469B137C93C8E11C6] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe [12631904] [PID.3948]
[MD5.E623B98CC2F6275C027CCBDF13749A77] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe [195936] [PID.2904]
[MD5.8038AC11981949FCF4BA7269B0215977] - (.Ghisler Software GmbH - Total Commander 32 bit.) -- C:\totalcmd\TOTALCMD.exe [3520256] [PID.4516]
[MD5.795FE793185A411689E99567394905C7] - (...) -- D:\Program Files\NewsLeecher5\newsLeecher.exe [5327120] [PID.4684]
[MD5.3DEBC4F06BA637D7EE7BB1A69AC79052] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8102912] [PID.5512]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Wise3\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.poony.info
G0 - GCSP: Preference [User Data\Default] http://www.poony.info
~ Google Browser: 9 Legitimates Filtered in 00mn 21s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Wise3\Application Data\Mozilla\Firefox\Profiles\dlb3ncrs.default\prefs.js
P2 - FPN: [HKLM] [NetDvr_Plugins] - (.DVR - DVR PLUGIN 1,2,2,68.) -- C:\Program Files\NetDvr\Plugins\npDvr.dll
~ Firefox Browser: 28 Legitimates Filtered in 00mn 06s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Cl� orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: FlashFXP.lnk . (.IniCom Networks, Inc. - FlashFXP.) -- C:\Program Files\FlashFXP\FlashFXP.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: Orca.lnk . (...) -- C:\WINDOWS\Installer\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}\orca_icon.exe
O4 - GS\Program [Wise3]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Wise3]: Network Stumbler.lnk . (...) -- C:\Program Files\Network Stumbler\NetStumbler.exe
O4 - GS\Program [Wise3]: Windows Install Clean Up.lnk . (...) -- C:\Documents and Settings\Wise3\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
~ Global Startup: 18 Legitimates Filtered in 00mn 00s



---\\ Applications lanc�es au d�marrage du syt�me (O4)
O4 - GS\Program [Wise3]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Documents and Settings\Wise3\Application Data\Dropbox\bin\Dropbox.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [LogMeIn GUI] . (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [HDD Regenerator] C:\Program Files\HDD Regenerator\Shell.exe (.not file.)
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1229272821-515967899-1417001333-1003\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-1229272821-515967899-1417001333-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1229272821-515967899-1417001333-1003\..\Run: [SandboxieControl] . (.Sandboxie Holdings, LLC - Sandboxie Control.) -- C:\Program Files\Sandboxie\SbieCtrl.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} ((no name)) - http://wago.partcommunity.com/PARTcommunity/static/all/cnsViewer3D/cnsweb3d.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} ((no name)) - http://photoservice.fujicolor.eu/ips-opdata/layout/aspadmin/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} ((no name)) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
O16 - DPF: {37E92FB8-76BF-445A-B12D-158D787680D4} ((no name)) - http://belgacom.smartphoto.be/js/Uploader8.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} ((no name)) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.extrafilm.be/ImageUploader5.cab
O16 - DPF: {5D87AFA1-80F5-444C-A3C9-520887524651} ((no name)) - https://admit.belgacom.be/shep/echannelcme_fra/21233/applets/SiebelAx_HI_Client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266187646546
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} ((no name)) - http://zirkakiou.dyndns.org:81/codebase/DVM_IPCam2.ocx
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} ((no name)) - http://bonbon.safe100.net:81/plugin/h263ctrl.cab
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} ((no name)) - http://192.168.1.81:81/HiDvrOcx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} ((no name)) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E010D28-595A-42F8-852E-3A876032AC16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8C2E1EB-0D8C-4C3B-9A39-53CB284DEEA3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E8C2E1EB-0D8C-4C3B-9A39-53CB284DEEA3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{6E010D28-595A-42F8-852E-3A876032AC16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit . (.LogMeIn, Inc. - LogMeIn Remote Control Helper.) -- C:\WINDOWS\system32\LMIinit.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (...) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Gejoosrp.job [312] =>Adware.iHaveNet
~ Scheduled Task: 11 Legitimates Filtered in 00mn 01s



---\\ Logiciels install�s (O42)
O42 - Logiciel: 360gcProg - (...) [HKCU] -- 360gcProg
O42 - Logiciel: CADENAS PARTwebViewer - (.CADENAS.) [HKLM] -- {F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}
O42 - Logiciel: DriverLINX Port I/O Driver - (...) [HKLM] -- DriverLINX Port I/O Driver
O42 - Logiciel: NetDvrPlugin 1.0 - (...) [HKLM] -- NetDvrPlugin
O42 - Logiciel: NetworkCameraWizard - (. .) [HKLM] -- InstallShield_{B5CB9CAE-D473-41F8-A2FA-A2EC71399C49}
O42 - Logiciel: PageshotsPro 1.0.0 - (.PageshotsPro.) [HKLM] -- PageshotsPro_is1 =>Adware.ADON
O42 - Logiciel: Restorer2000 Pro 3.3 - (.Bitmart Inc..) [HKLM] -- Restorer2000 Pro_is1
O42 - Logiciel: iPrep - (.Klutsh.com.) [HKLM] -- {FCE06725-0987-49BA-9851-EBBE796CF423}
~ Logic: 176 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\1piece]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\Colruyt]
[HKCU\Software\DingoSoft]
[HKCU\Software\Gortex3D team]
[HKCU\Software\LIBRASOFT]
[HKCU\Software\Power-One]
[HKCU\Software\Replay AV 8]
[HKCU\Software\SupRip]
[HKCU\Software\TVTGTDUDKY]
[HKCU\Software\Temporary]
[HKCU\Software\freeBOOT ToolBox Maker]
[HKCU\Software\gSyncit]
[HKCU\Software\nands]
[HKLM\Software\ACTIA]
[HKLM\Software\Colruyt]
[HKLM\Software\Micorosft]
[HKLM\Software\Replay AV 8]
[HKLM\Software\Robinsod]
[HKLM\Software\TVTGTDUDKY]
[HKLM\Software\vivotek]
~ Key Software: 340 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/08/2012 - 22:33:05 - [0,293] ----D C:\Program Files\DLPortIO
O43 - CFD: 16/03/2013 - 11:46:18 - [4,016] ----D C:\Program Files\iPrep
O43 - CFD: 10/01/2012 - 10:21:29 - [0] ----D C:\Program Files\Jtag Tool
O43 - CFD: 21/12/2012 - 07:53:18 - [0] ----D C:\Program Files\MajorShare
O43 - CFD: 20/08/2012 - 22:31:48 - [5,131] ----D C:\Program Files\NetDvr
O43 - CFD: 03/02/2013 - 16:54:46 - [0,855] ----D C:\Program Files\NetworkCameraWizard
O43 - CFD: 23/10/2012 - 23:33:52 - [2,879] ----D C:\Program Files\Orca
O43 - CFD: 11/01/2012 - 00:38:15 - [27,997] ----D C:\Program Files\Portable
O43 - CFD: 05/05/2011 - 08:22:11 - [48,837] ----D C:\Program Files\Replay AV 8
O43 - CFD: 02/05/2010 - 10:05:41 - [41,582] ----D C:\Program Files\Replay Converter 3
O43 - CFD: 28/07/2010 - 20:33:09 - [10,886] ----D C:\Program Files\Restorer2000 Pro
O43 - CFD: 17/08/2012 - 11:50:46 - [1,754] ----D C:\Program Files\Fichiers communs\cadenas
O43 - CFD: 14/07/2011 - 22:40:53 - [0] ----D C:\Documents and Settings\All Users\Application Data\eG01602FhOiF01602
O43 - CFD: 28/01/2011 - 19:41:24 - [0,687] ----D C:\Documents and Settings\All Users\Application Data\PageshotsPro =>Adware.ADON
O43 - CFD: 13/08/2010 - 10:35:03 - [0] ----D C:\Documents and Settings\All Users\Application Data\redistpart
O43 - CFD: 15/08/2012 - 09:09:24 - [0,001] ----D C:\Documents and Settings\Wise3\Application Data\Arno Raps
O43 - CFD: 17/08/2012 - 11:50:55 - [0,092] ----D C:\Documents and Settings\Wise3\Application Data\cadenas
O43 - CFD: 13/08/2011 - 22:41:34 - [7,004] ----D C:\Documents and Settings\Wise3\Application Data\GaDaBaMa
O43 - CFD: 12/04/2011 - 23:37:44 - [0,017] ----D C:\Documents and Settings\Wise3\Application Data\gSyncit
O43 - CFD: 01/08/2010 - 21:03:12 - [0,001] ----D C:\Documents and Settings\Wise3\Local Settings\Application Data\iHc
O43 - CFD: 13/11/2010 - 22:16:06 - [5,970] ----D C:\Documents and Settings\Wise3\Local Settings\Application Data\mdnslib
O43 - CFD: 11/10/2011 - 20:08:51 - [0,008] ----D C:\Documents and Settings\Wise3\Local Settings\Application Data\Team_360h
O43 - CFD: 22/01/2012 - 13:08:11 - [0,002] ----D C:\Documents and Settings\Wise3\Local Settings\Application Data\Tech-Modz.Net
O43 - CFD: 29/04/2010 - 23:07:06 - [0,003] ----D C:\Documents and Settings\Wise3\Local Settings\Application Data\www.klutsh.com
O43 - CFD: 26/11/2011 - 07:02:33 - [0] ----D C:\Documents and Settings\Wise3\Menu D�marrer\Programmes\360gcProg
O43 - CFD: 20/10/2011 - 01:24:27 - [0,002] ----D C:\Documents and Settings\Wise3\Menu D�marrer\Programmes\HHD Free Hex Editor
O43 - CFD: 22/01/2012 - 16:42:07 - [0,002] ----D C:\Documents and Settings\Wise3\Menu D�marrer\Programmes\Jtag Tool
O43 - CFD: 20/08/2012 - 22:31:48 - [0,001] ----D C:\Documents and Settings\Wise3\Menu D�marrer\Programmes\NetDvr
~ Program Folder: 298 Legitimates Filtered in 01mn 23s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.01C76D98A9BEA02472966CADB2334E4E] - 17/10/2013 - 19:11:57 ---A- . (...) -- C:\WINDOWS\Sandboxie.ini [1378]
O44 - LFC:[MD5.04BAF00635C45EEB3348A3F3BCD4F130] - 18/10/2013 - 17:54:50 ---A- . (...) -- C:\demarrage.log [3524]
O44 - LFC:[MD5.370B820333ACD2D450D545DAF7F672BD] - 19/10/2013 - 05:56:06 ---A- . (...) -- C:\trace.txt [1059]
O44 - LFC:[MD5.10B03FB046F5DB885921CA58C3008D92] - 19/10/2013 - 05:59:46 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.3705D0A63A86AEDA34AD5924920F4EDF] - 19/10/2013 - 05:59:46 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
~ Files: 20 Legitimates Filtered in 00mn 09s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\totalcmd\TOTALCMD.EXE" [Enabled] .(.Ghisler Software GmbH.) -- C:\totalcmd\TOTALCMD.exe
O47 - AAKE:Key Export SP - "C:\Program Files\MiPony\MiPony.exe" [Enabled] .(.www.mipony.net.) -- C:\Program Files\MiPony\MiPony.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Wise3\Bureau\SolarLog-Toolkit-v0.2b\SolarLog-Toolkit-v0.2b\SolarLogToolkit.exe" [Enabled] .(.Pas de propri�taire.) -- C:\Documents and Settings\Wise3\Bureau\SolarLog-Toolkit-v0.2b\SolarLog-Toolkit-v0.2b\SolarLogToolkit.exe
O47 - AAKE:Key Export SP - "C:\Program Files\NetworkCameraWizard\NetworkCameraWizard.exe" [Enabled] .(..) -- C:\Program Files\NetworkCameraWizard\NetworkCameraWizard.exe
~ Keys Export: 24 Legitimates Filtered in 00mn 04s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 02s



---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/09/1996 - C:\WINDOWS\system32\Drivers\DLPortIO.sys (DLPortIO) .(...) - LEGACY_DLPORTIO
O64 - Services: CurCS - 13/07/2001 - C:\WINDOWS\system32\Drivers\SBKUPNT.sys (SBKUPNT) .(...) - LEGACY_SBKUPNT
~ Legacy: 166 Legitimates Filtered in 00mn 05s



---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Wise3\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {A4CD01B8-CEFA-412F-B1DC-13D56BC4F36F} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.2084AC9305E20BE7141DAC46902C5427] [SPRF][19/10/2013] (...) -- C:\Documents and Settings\Wise3\Bureau\adwcleaner.exe [1050644]
[MD5.AFAE5EEB95B23BB5DDDB8DD83B8EE2B8] [SPRF][14/05/2013] (...) -- C:\Documents and Settings\Wise3\Bureau\config.bin [28128]
[MD5.8E5BEC3AB960CDC1FEC755E05851B0C1] [SPRF][13/10/2013] (...) -- C:\Documents and Settings\Wise3\Bureau\RogueKiller.exe [951296]
[MD5.666BD24BE5A29F1FF17D91CC280BD2EE] [SPRF][19/10/2013] (.Pas de propri�taire - Nettoyage des fichiers temporaires.) -- C:\Documents and Settings\Wise3\Bureau\SFTGC.exe [1064060]
[MD5.4E2547C31351DD77EBA08D0E0C205328] [SPRF][24/02/2012] (...) -- C:\Documents and Settings\Wise3\Bureau\wa901nv2_en_3_12_16_up(120224).bin [3932160]
[MD5.56BACE22D975B2197DDFEFD822B4B096] [SPRF][25/04/2012] (.http://cairographics.org - Cairo - Multi-platform 2D graphics library.) -- C:\WINDOWS\Downloaded Program Files\libcairo.dll [566784]
[MD5.8F700DA1A1A75501D6EEF76BC866EB29] [SPRF][14/05/2009] (...) -- C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe [70984]
[MD5.DA90C98F231E25FD87D7984A6831F8AE] [SPRF][01/02/2012] (...) -- C:\WINDOWS\Downloaded Program Files\RACtrl.dll [4617616]
[MD5.985A691057A0DEAC8D612B38C9B6702E] [SPRF][12/01/2010] (.Pas de propri�taire - siebelaxconfigurator Module.) -- C:\WINDOWS\Downloaded Program Files\SiebelAx_Configurator_21211_QF5101.dll [319488]
[MD5.4722D8513FF971AAAC180D8EF99C3537] [SPRF][26/11/2004] (.Pas de propri�taire - VADecoder Module.) -- C:\WINDOWS\Downloaded Program Files\VAPGDecoder.dll [304640]
~ Files: 28 Legitimates Filtered in 00mn 08s



---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "EAC9BC5B374D8F142AAF2ACE1793C994" . (.NetworkCameraWizard.) -- C:\WINDOWS\Installer\{B5CB9CAE-D473-41F8-A2FA-A2EC71399C49}\ARPPRODUCTICON.exe
~ Update Products: 150 Legitimates Filtered in 00mn 00s



---\\ Export de cl�s de registre al�atoires (O91)
[HKLM\Software\14919ea49a8f3b4aa3cf1058d9a64cec] => Cl� orpheline
~ Export Key Software: Scanned in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9BAAA79BF53E9372DD85EFA8F2E61EAB] [WIS][13/03/2010] (.Klutsh.com - iPrep.) -- C:\Windows\Installer\289dd6.msi [467456]
[MD5.968CD976E275B648D523A64F06DD9D50] [WIS][05/10/2013] (.Trend Micro Inc. - Trend Micro's HiJackThis.) -- C:\Windows\Installer\577422.msi [1094656]
[MD5.9B1E25A755EE7381D64EA5313E8904C2] [WIS][17/08/2012] (.CADENAS GmbH - CADENAS PARTwebViewer.) -- C:\Windows\Installer\87838b.msi [372224]
~ WIS: 155 Legitimates Filtered in 00mn 49s



---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 26/10/2011 37280 | (ADExchange) . (.ArcSoft Inc..) - C:\Program Files\Fichiers communs\ArcSoft\esinter\Bin\eservutil.exe
SS - | Demand 08/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 10/09/2013 622648 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 10/09/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 30/09/2009 602112 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Auto 29/09/2009 593920 | (ATI Smart) . (...) - C:\WINDOWS\system32\ati2sgag.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 06/03/2010 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 10/04/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/04/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/04/2010 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 30/05/2010 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SR - | Auto 08/12/2010 374152 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
SR - | Auto 08/12/2010 136584 | (LMIMaint) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\RaMaint.exe
SR - | Auto 08/11/2010 390528 | (LogMeIn) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\LogMeIn.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 02/11/2011 68896 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\WINDOWS\system32\NLSSRV32.exe
SS - | Demand 25/01/2007 93048 | (rpcapd) . (.CACE Technologies.) - C:\Program Files\WinPcap\rpcapd.exe
SR - | Auto 08/07/2013 129112 | (SbieSvc) . (.Sandboxie Holdings, LLC.) - C:\Program Files\Sandboxie\SbieSvc.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 01/10/2013 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 14/02/2010 52888 | (VRAID Log Service) . (...) - C:\Program Files\VIA\RAID\vialogsv.exe
~ Services: Scanned in 00mn 53s



---\\ Scan Additionnel (O88)
Database Version : 12949 - (18/10/2013)
Cl�s trouv�es (Keys found) : 3
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PageshotsPro_is1] =>Adware.ADON^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90d46c30-9f25-4104-aea9-35c3f84477ff}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90d46c30-9f25-4104-aea9-35c3f84477ff}] =>Toolbar.Conduit
C:\Documents and Settings\All Users\Application Data\PageshotsPro =>Adware.ADON^
C:\WINDOWS\Tasks\Gejoosrp.job =>Adware.iHaveNet^
~ Additionnel Scan: 313761 Items scanned in 02mn 01s



---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27154930-adware-adon =>Adware.ADON
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 2 link(s) detected in 02mn 01s



~ 1358 Legitimates filtered by white list
End of the scan (544 lines in 06mn 06s)(0)

Publicité


Signaler le contenu de ce document

Publicité