cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.3.29.112 par Nicolas Coolman, Update du 29/03/2013
Run by SEBASTIEN CALVAYRAC at 30/03/2013 01:50:16
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1978 MB (40% free)
System Restore: Activ� (Enable)
System drive C: has 154 GB (70%) free of 220 GB

---\\ Logged in mode
~ Computer Name: LUMINELEC64
~ User Name: SEBASTIEN CALVAYRAC
~ All Users Names: SEBASTIEN CALVAYRAC, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\SEBASTIEN CALVAYRAC\AppData\Roaming\
~ %Desktop% : C:\Users\SEBASTIEN CALVAYRAC\Desktop\
~ %Favorites% : C:\Users\SEBASTIEN CALVAYRAC\Favorites\
~ %LocalAppData% : C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\
~ %StartMenu% : C:\Users\SEBASTIEN CALVAYRAC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 154 Go of 220 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/1181
~ Mes musiques (My Musics) : 2/1095
~ Mes Videos (My Videos) : 0/1
~ Mes Favoris (My Favorites) : 0/57
~ Mes Documents (My Documents) : 0/127
~ Mon Bureau (My Desktop) : 0/12
~ Menu demarrer (Programs) : 0/22
~ Hidden Files: Scanned in 00mn 07s



---\\ Processus lanc�s
[MD5.30CCA31D938B70FB98343EB857F02945] - (.Pas de propri�taire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [PID.1788]
[MD5.76605731B6C6DD30BB8D151832322C1C] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144] [PID.1968]
[MD5.65B8106CB122142FD0A4A26783D7963F] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232] [PID.1976]
[MD5.36318C725C216E1D810C546163F859C0] - (.Samsung Electronics - Pas de description.) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560] [PID.1552]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.2236]
[MD5.DD7DAE4E8F169D1FF4511FC292FF6FF6] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2408]
[MD5.522EEC6D2CAF10ADF7D9B6868A5BDEA9] - (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1300560] [PID.2416]
[MD5.3B78ACCCAA5132638E7CF419F4A965C7] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe [1185112] [PID.2432]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2452]
[MD5.DD707F2B859929C7429070DF88971E40] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128] [PID.2460]
[MD5.3E4E76D2AD42B4D9C868A381F51B683A] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [297040] [PID.2624]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2916]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.2988]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe [1312720] [PID.3168]
[MD5.F3069D7809F3C39CDF0EB982C6C45D95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6223360] [PID.1320]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1520]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1764]
[MD5.61E894FE1E9CC720C909E6E343351794] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [325200] [PID.1904]
[MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584] [PID.1072]
[MD5.AD5DF6F4FBBC798636EDC66BFEC7D0DE] - (.Pas de propri�taire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [116104] [PID.1328]
[MD5.B5071E15D4C3F5EF5018AFF7E85A85E5] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.1244]
[MD5.5F731DD45D3B176C071E4CCEEB87B06B] - (.Pas de propri�taire - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912] [PID.2348]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232] [PID.2676]
[MD5.48362E5DB5CB2C000C514EE1F3890ACD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2776]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [SEBASTIEN CALVAYRAC] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\avg_igeared.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO [64Bits] - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} . (.CANON INC. - Easy-WebPrint EX.) -- C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter [64Bits] - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Cl� orpheline
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
~ BHO: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propri�taire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [KiesAirMessage] . (.Samsung Electronics - Pas de description.) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Cl� orpheline
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [KiesPDLR] . (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [KiesAirMessage] . (.Samsung Electronics - Pas de description.) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
O4 - HKUS\S-1-5-21-3521845584-3582443301-2805107734-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: AtooWin.lnk . (.Evoclic - Pas de description.) -- C:\Program Files (x86)\Atoowin\Atoowin.exe
O4 - GS\QuickLaunch: iLivid.lnk . (...) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\iLivid\iLivid.exe (.not file.)
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Samsung Kies (Lite).lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung Kies.lnk . (...) -- C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
O4 - GS\QuickLaunch: Samsung PC Studio 3.lnk . (...) -- C:\Program Files (x86)\Samsung\Samsung PC Studio 3\Launcher.exe
O4 - GS\QuickLaunch: Video Converter.lnk . (...) -- C:\Program Files (x86)\VideoConverter\VideoConverter.exe
O4 - GS\QuickLaunch: WildTangent Games App - emachines.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop: SopCast.lnk . (.www.sopcast.com - SopCast Main Application.) -- C:\Program Files (x86)\SopCast\SopCast.exe
O4 - GS\Desktop: Video Converter.lnk . (...) -- C:\Program Files (x86)\VideoConverter\VideoConverter.exe
O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{154B5338-689A-4315-968B-16B6DC02A80B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C6C6D2-1E19-4AFE-A119-B43E303DB29E}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0FAFBD4-0565-46EC-A06C-DFBCDFB891F6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{154B5338-689A-4315-968B-16B6DC02A80B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30C6C6D2-1E19-4AFE-A119-B43E303DB29E}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{B0FAFBD4-0565-46EC-A06C-DFBCDFB891F6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{154B5338-689A-4315-968B-16B6DC02A80B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30C6C6D2-1E19-4AFE-A119-B43E303DB29E}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{B0FAFBD4-0565-46EC-A06C-DFBCDFB891F6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{170AF9AB-FA5F-40BD-BFF8-68856CDB00AD}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Dritek WMI Service (DsiWMIService) . (.Dritek System Inc. - Dritek WMI Service.) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) . (.Acer Incorporated - ePowerSvc.) - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
O23 - Service: Updater Service (Updater Service) . (.Acer Group - Updater Service.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
~ Services: 12 Legitimates Scanned in 00mn 07s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001Core.job [962]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001UA.job [984]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1090]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1094]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001Core.job [1082]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001UA.job [1134]
[MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001Core] (.Facebook Inc..) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001UA] (.Facebook Inc..) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001Core] (.Google Inc..) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3521845584-3582443301-2805107734-1001UA] (.Google Inc..) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.00000000000000000000000000000000] [APT] [Registration Trigger IBM Lotus Symphony Task] (...) -- C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\rcplauncher.exe (.not file.) [0]
[MD5.F7B9D59EB32E6B94A021523580E1E158] [APT] [{1F44888A-4D7C-49AC-B641-62DF3A42D2C0}] (.Moore Computer Consultants, Inc..) -- C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe [53760]
[MD5.F7B9D59EB32E6B94A021523580E1E158] [APT] [{39A6189D-79EC-4899-A800-2F5CF7E720C6}] (.Moore Computer Consultants, Inc..) -- C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe [53760]
[MD5.6F58A1D8E7B031C6F2A60BA04D1A0B7D] [APT] [{3ECCAA61-32A6-4D56-B248-796E16D2E8F6}] (.Macrovision Corporation.) -- C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe [372736]
[MD5.00000000000000000000000000000000] [APT] [{6252A528-FD01-452A-84A8-C696F6E968D0}] (...) -- C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{64E63135-EDE3-4245-B5D7-41DB4C304CF3}] (...) -- C:\Users\SEBASTIEN CALVAYRAC\Downloads\emule_emule_0.50a_francais_10876.exe (.not file.) [0]
[MD5.1976DF6DD55D1F678CB372FDBD6CA33C] [APT] [{ADF0B62A-CA84-4198-AF28-572BBFBF40C9}] (.NewTech Infosystems.) -- C:\Program Files (x86)\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe [311296]
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984]
~ Scheduled Task: Scanned in 00mn 04s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 60 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: 1-2-3 Sch�ma - (...) [HKLM][64Bits] -- 1-2-3 Sch�ma
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.6) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AA1000000001}
O42 - Logiciel: Adobe Reader X (10.1.6) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Atoowin - (...) [HKLM][64Bits] -- ATOOWINGestion_concours
O42 - Logiciel: IPTInstaller - (.HTC.) [HKLM][64Bits] -- {6965F2F4-1CD2-4F42-A8EF-9EF433F9AA72}
O42 - Logiciel: Java(TM) 6 Update 39 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216035FF}
O42 - Logiciel: Mod�les pour Office - (.Micro Application.) [HKLM][64Bits] -- InstallShield_{EB2D7803-D46E-44A0-B544-6DF35815F07D}
O42 - Logiciel: Semiolog - (...) [HKLM][64Bits] -- Semiolog2
O42 - Logiciel: Video Web Camera Ver:1.0.31.325 - (.Chicony Electronics Co.,Ltd..) [HKLM][64Bits] -- {17C50809-F2E0-4DD8-84D7-55FF74615723}
~ Logic: 165 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABB]
[HKCU\Software\Applications WinDev]
[HKCU\Software\Ares]
[HKCU\Software\Badoo]
[HKCU\Software\DFX]
[HKCU\Software\Evoclic]
[HKCU\Software\Hager]
[HKCU\Software\PMU]
[HKCU\Software\PowerTechnology]
[HKCU\Software\SiteRanker]
[HKCU\Software\WhoIsLive]
[HKCU\Software\[Kortal_Ltd.]]
[HKLM\Software\DFX]
[HKLM\Software\SearchCore for Browsers]
[HKLM\Software\Wow6432Node\Adobee]
[HKLM\Software\Wow6432Node\DFX]
[HKLM\Software\Wow6432Node\Hager]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Mobtool]
[HKLM\Software\Wow6432Node\PowerTechnology]
[HKLM\Software\Wow6432Node\Software]
[HKLM\Software\Wow6432Node\Tidestone Technologies]
~ Key Software: 285 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/10/2012 - 17:42:48 - [3,061] ----D C:\Program Files (x86)\Ares
O43 - CFD: 24/03/2013 - 20:42:01 - [27,525] ----D C:\Program Files (x86)\Atoowin
O43 - CFD: 24/09/2011 - 19:53:43 - [0,078] ----D C:\Program Files (x86)\Chrome
O43 - CFD: 24/09/2011 - 22:23:16 - [0,000] ----D C:\Program Files (x86)\fliptoast
O43 - CFD: 11/10/2011 - 10:22:17 - [83,217] ----D C:\Program Files (x86)\GaleoPrint
O43 - CFD: 30/03/2012 - 18:00:46 - [4,470] ----D C:\Program Files (x86)\GUM11F3.tmp
O43 - CFD: 30/03/2012 - 23:28:40 - [0,029] ----D C:\Program Files (x86)\GUME8CE.tmp
O43 - CFD: 07/02/2013 - 22:00:46 - [0] ----D C:\Program Files (x86)\IBM
O43 - CFD: 04/10/2012 - 18:05:43 - [0,000] ----D C:\Program Files (x86)\LimeWire
O43 - CFD: 19/06/2010 - 23:00:51 - [1,338] ----D C:\Program Files (x86)\Video Web Camera
O43 - CFD: 19/08/2012 - 19:56:05 - [13,520] ----D C:\Program Files (x86)\VideoConverter
O43 - CFD: 22/10/2012 - 15:27:22 - [0,000] ----D C:\ProgramData\Atoowin
O43 - CFD: 11/01/2011 - 19:17:22 - [0,000] ----D C:\ProgramData\DFX
O43 - CFD: 07/10/2012 - 23:41:36 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 11/10/2011 - 10:26:48 - [0,001] ----D C:\ProgramData\GaleoPrint
O43 - CFD: 28/11/2011 - 17:54:01 - [0] ----D C:\ProgramData\whoislive
O43 - CFD: 29/09/2011 - 00:35:07 - [6,140] --H-D C:\ProgramData\{F2213FEC-3C17-4AAD-8CAE-F67400E8ACAC}
O43 - CFD: 04/10/2012 - 17:57:36 - [0,030] ----D C:\Users\SEBASTIEN CALVAYRAC\AppData\Roaming\eMule
O43 - CFD: 02/09/2011 - 09:43:26 - [0,000] ----D C:\Users\SEBASTIEN CALVAYRAC\AppData\Roaming\HTML Executable
O43 - CFD: 04/10/2012 - 17:29:02 - [0,025] ----D C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Ares
O43 - CFD: 14/03/2013 - 20:32:28 - [0] ----D C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Avg2013
O43 - CFD: 11/01/2011 - 19:18:03 - [0,004] ----D C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\DFX
~ Program Folder: 244 Legitimates Scanned in 01mn 30s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D37CBB76BE16B61A1A379E9566D33D1B] - 30/03/2013 - 01:44:18 ---A- . (...) -- C:\AdwCleaner[S1].txt [936]
O44 - LFC:[MD5.F791C2D7BF13C788FAA47E03296488C4] - 16/03/2013 - 00:13:13 ---A- . (...) -- C:\Ad-Report-SCAN[2].txt [2569]
~ Files: 52 Legitimates Scanned in 00mn 11s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.E23B220102A78C968AFC6FEF4BC37E88] - 27/03/2013 - 12:18:44 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER64.EXE-894CE26E.pf
O45 - LFCP:[MD5.4C49B9734C83A14EE353C60BA95BE222] - 27/03/2013 - 18:34:36 ---A- - C:\Windows\Prefetch\SCHED.EXE-2B7A34D7.pf
O45 - LFCP:[MD5.B0447E1844E7406B8A2A00899A5949AE] - 27/03/2013 - 18:35:08 ---A- - C:\Windows\Prefetch\AVRESTART.EXE-39DF4997.pf
O45 - LFCP:[MD5.A841E22F23079D3D16B3446A761F64C2] - 27/03/2013 - 21:38:35 ---A- - C:\Windows\Prefetch\ROGUEKILLER-8.5.4.EXE-0609FA20.pf
O45 - LFCP:[MD5.5C45BEA41F11102748B26074BDC18E22] - 27/03/2013 - 21:57:19 ---A- - C:\Windows\Prefetch\GEPLUGIN.EXE-19936A8E.pf
O45 - LFCP:[MD5.F9492CC286BDFC34E5972A71D0DC2459] - 28/03/2013 - 01:45:15 ---A- - C:\Windows\Prefetch\LPREMOVE.EXE-570BDFF7.pf
O45 - LFCP:[MD5.BA0D5B555E9A277E16F147250D6EE638] - 28/03/2013 - 17:05:51 ---A- - C:\Windows\Prefetch\EHPRIVJOB.EXE-B398AE2E.pf
O45 - LFCP:[MD5.5ACB2F9B21BAFD589AE1DA24E77E41BF] - 28/03/2013 - 21:39:39 ---A- - C:\Windows\Prefetch\AVSCAN.EXE-3D14B848.pf
O45 - LFCP:[MD5.CC9141935E7B9A80FECA258E9A609CB9] - 29/03/2013 - 03:57:10 ---A- - C:\Windows\Prefetch\EPOWEREVENT.EXE-632A27DF.pf
O45 - LFCP:[MD5.B183EEBF6FB908B307E5089B6BB0CB22] - 29/03/2013 - 03:57:20 ---A- - C:\Windows\Prefetch\AVMAILC.EXE-0FF0824D.pf
O45 - LFCP:[MD5.B14010361594EA4F21E7A1428ECE7EB4] - 29/03/2013 - 03:57:21 ---A- - C:\Windows\Prefetch\AVWEBGRD.EXE-9969B3DE.pf
O45 - LFCP:[MD5.F39782036374D11EC10B655CD73A9467] - 29/03/2013 - 03:57:26 ---A- - C:\Windows\Prefetch\ALG.EXE-DE62A969.pf
O45 - LFCP:[MD5.177985D1FE24263EC0993BA94B476FB8] - 29/03/2013 - 04:17:55 ---A- - C:\Windows\Prefetch\GUARDGUI.EXE-F5BE2664.pf
O45 - LFCP:[MD5.410F1900D55CBF9148E18AD452515204] - 29/03/2013 - 04:21:22 ---A- - C:\Windows\Prefetch\APNSTUB.EXE-5B731B15.pf
O45 - LFCP:[MD5.27F12EF37789F9966D546F8D48BAC7B5] - 29/03/2013 - 04:21:42 ---A- - C:\Windows\Prefetch\LICMGR.EXE-00BAFE2A.pf
O45 - LFCP:[MD5.F146E58BFB6853D86AB9377A25536865] - 29/03/2013 - 04:21:50 ---A- - C:\Windows\Prefetch\INSSDA64.EXE-6A8CCE50.pf
O45 - LFCP:[MD5.F7673DEA6AB5FEC77C17A09AF92A2E6B] - 29/03/2013 - 04:22:29 ---A- - C:\Windows\Prefetch\AVRESTART.EXE-672F4CF8.pf
O45 - LFCP:[MD5.DE943C67B93AC51F11BD55298A95552D] - 29/03/2013 - 22:09:07 ---A- - C:\Windows\Prefetch\WORDPAD.EXE-48C494BC.pf
O45 - LFCP:[MD5.D59F48E81592BA2D699ABE15FB53303F] - 29/03/2013 - 22:09:40 ---A- - C:\Windows\Prefetch\CNMSEA9.EXE-8A2F5282.pf
O45 - LFCP:[MD5.CBE8C6323E66B167BBA71DF79A7148BB] - 30/03/2013 - 01:37:02 ---A- - C:\Windows\Prefetch\EWPEXDL.EXE-C90DE0BD.pf
O45 - LFCP:[MD5.B2B58677E2736F9CB386D9BA2BED12A9] - 30/03/2013 - 01:37:09 ---A- - C:\Windows\Prefetch\MMDX64FX.EXE-2FA50F32.pf
O45 - LFCP:[MD5.1CC1756D33B8E298B674A3411028F3AA] - 30/03/2013 - 01:37:41 ---A- - C:\Windows\Prefetch\LMWORKER.EXE-15877053.pf
~ Prefetcher: 139 Legitimates Scanned in 00mn 00s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{22267107-4928-11e2-8eff-705ab6fcb18d}\AutoRun\command. (...) -- F:\HTC_Sync_Manager_PC.exe (.not file.)
O51 - MPSK:{59a7a59e-4f46-11e2-96a5-705ab6fcb18d}\AutoRun\command. (...) -- G:\LGAutoRun.exe (.not file.)
O51 - MPSK:{61bac6b3-613f-11e2-8a52-705ab6fcb18d}\AutoRun\command. (...) -- G:\HTC_Sync_Manager_PC.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O53 - SMSR:HKLM\...\startupreg\KiesTrayAgent [Key] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O53 - SMSR:HKLM\...\startupreg\Media Finder [Key] . (...) -- C:\Program Files (x86)\Media Finder\Media Finder.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SweetIM [Key] . (...) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (.not file.)
~ SMSR Keys: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Keys: Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.4C44D82E372A87B3CB439A7F14CFEF03] - 09/07/2010 - 14:08:14 ---A- . (.BitDefender - BitDefender AntiVirus FS filter driver.) -- C:\Windows\SysWOW64\drivers\bdfsfltr.sys [327368]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 27/03/2013 - 21:38:12 ---A- C:\Users\SEBASTIEN CALVAYRAC\Downloads\RogueKiller-8.5.4.exe [816128]
O61 - LFC: 29/03/2013 - 03:59:39 ---A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\setup.exe [1642448]
O61 - LFC: 29/03/2013 - 04:00:21 R--A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\26.0.1410.43\Installer\chrome.7z [122395900]
O61 - LFC: 29/03/2013 - 04:00:48 ---A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\VisualElementsManifest.xml [396]
O61 - LFC: 29/03/2013 - 14:47:03 ---A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\Dictionaries\fr-FR-3-0.bdic [1074744]
O61 - LFC: 29/03/2013 - 22:07:40 ---A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270806]
O61 - LFC: 29/03/2013 - 22:08:38 ---A- C:\Users\SEBASTIEN CALVAYRAC\Downloads\TC_CR_R�union_template_20130325_v100.docx [395130]
O61 - LFC: 30/03/2013 - 01:43:00 ---A- C:\Users\SEBASTIEN CALVAYRAC\Downloads\adwcleaner.exe [609993]
O61 - LFC: 30/03/2013 - 01:44:28 --HA- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\IconCache.db [785300]
O61 - LFC: 30/03/2013 - 01:48:27 ---A- C:\Users\SEBASTIEN CALVAYRAC\Downloads\ZHPDiag2.exe [5485603]
O61 - LFC: 30/03/2013 - 01:52:29 ---A- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\User Data\Local State [37937]
~ 25 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 228 Legitimates Scanned in 00mn 23s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover By C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 20/01/2011 - C:\Windows\system32\Drivers\TFsExDisk.sys (TFsExDisk) .(.Teruten Inc - File System Mini Filter Drvier.) - LEGACY_TFSEXDISK
~ Legacy: 95 Legitimates Scanned in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} - (Search) - http://badoo.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.4B42F97FE15C962A9DE2FC69B8512F41] [SPRF][23/07/2011] (...) -- C:\ProgramData\bdinstall.bin [76147]
[MD5.F999CD3187343D45328EC0CD36FDE5C3] [SPRF][14/03/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][01/09/2012] (...) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\dt.dat [27520]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/01/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.9317C6023CF83EA237D0BD18F72E0941] [SPRF][27/03/2013] (...) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\dump.dat [1814528]
[MD5.AF21471072A837998506122CBBC1D26A] [SPRF][02/03/2013] (...) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\Execute2App.exe [65536]
[MD5.DA625B41B36D22E26FED7DAB0008E80F] [SPRF][02/03/2013] (.TODO: - TODO: .) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\Kies2RemoveAll.exe [327680]
[MD5.6DE5C66E434A9C1729575763D891C6C2] [SPRF][02/03/2013] (.Microsoft Corporation - Microsoft� C++ Runtime Library.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\msvcp90.dll [568832]
[MD5.E7D91D008FE76423962B91C43C88E4EB] [SPRF][02/03/2013] (.Microsoft Corporation - Microsoft� C Runtime Library.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\msvcr90.dll [655872]
[MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][27/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\uninst1.exe [372736]
[MD5.45256EF7A52558B20978880AFDA34312] [SPRF][10/01/2013] (...) -- C:\Users\SEBASTIEN CALVAYRAC\AppData\Roaming\wklnhst.dat [1000]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{05DB6495-A7C7-4C96-AB09-3F6F70901280}C:\program files (x86)\sopcast\sopcast.exe" | In - Private - P6 - TRUE | .(.www.sopcast.com - SopCast Main Application.) -- C:\program files (x86)\sopcast\sopcast.exe
O87 - FAEL: "UDP Query User{48494247-21B4-487C-B9D1-01F0C4CCF715}C:\program files (x86)\sopcast\sopcast.exe" | In - Private - P17 - TRUE | .(.www.sopcast.com - SopCast Main Application.) -- C:\program files (x86)\sopcast\sopcast.exe
O87 - FAEL: "TCP Query User{028CBDC4-A0D8-4DA7-98DE-492D8CA23444}C:\program files (x86)\sopcast\adv\sopadver.exe" | In - Private - P6 - TRUE | .(.www.sopcast.com - SopCast Adver.) -- C:\program files (x86)\sopcast\adv\sopadver.exe
O87 - FAEL: "UDP Query User{4345CBFB-DBAC-4179-B5F3-38DC4335748B}C:\program files (x86)\sopcast\adv\sopadver.exe" | In - Private - P17 - TRUE | .(.www.sopcast.com - SopCast Adver.) -- C:\program files (x86)\sopcast\adv\sopadver.exe
O87 - FAEL: "TCP Query User{8189D0E3-2290-404C-8FED-6E1148177658}C:\hager\taloha\apps\rteng6.exe" | In - Private - P6 - TRUE | .(...) -- C:\hager\taloha\apps\rteng6.exe
O87 - FAEL: "UDP Query User{C217DE0E-3C8D-4E35-AF75-FD01AE8ED684}C:\hager\taloha\apps\rteng6.exe" | In - Private - P17 - TRUE | .(...) -- C:\hager\taloha\apps\rteng6.exe
O87 - FAEL: "TCP Query User{248755B7-741E-4B3B-95C6-5B9806CD26D2}C:\hager\taloha\apps\rteng6.exe" | In - Public - P6 - TRUE | .(...) -- C:\hager\taloha\apps\rteng6.exe
O87 - FAEL: "UDP Query User{9B3F792C-0CE0-495C-A66A-13CEC4122A0C}C:\hager\taloha\apps\rteng6.exe" | In - Public - P17 - TRUE | .(...) -- C:\hager\taloha\apps\rteng6.exe
O87 - FAEL: "TCP Query User{2D0D2B1E-7E68-4FC0-9E73-DA34D46AF838}C:\program files (x86)\sopcast\sopcast.exe" | In - Public - P6 - TRUE | .(.www.sopcast.com - SopCast Main Application.) -- C:\program files (x86)\sopcast\sopcast.exe
O87 - FAEL: "UDP Query User{4B10FA44-0715-4088-98CB-9B4B9A996C3D}C:\program files (x86)\sopcast\sopcast.exe" | In - Public - P17 - TRUE | .(.www.sopcast.com - SopCast Main Application.) -- C:\program files (x86)\sopcast\sopcast.exe
O87 - FAEL: "TCP Query User{EE7FB712-5E0C-4191-B3EA-F4F6BA8F211B}C:\program files (x86)\sopcast\adv\sopadver.exe" | In - Public - P6 - TRUE | .(.www.sopcast.com - SopCast Adver.) -- C:\program files (x86)\sopcast\adv\sopadver.exe
O87 - FAEL: "UDP Query User{63989035-080B-4854-A03C-BE95A32F84C3}C:\program files (x86)\sopcast\adv\sopadver.exe" | In - Public - P17 - TRUE | .(.www.sopcast.com - SopCast Adver.) -- C:\program files (x86)\sopcast\adv\sopadver.exe
O87 - FAEL: "TCP Query User{01B0CCD0-C40A-4357-B58A-AA9F5FBFEFF3}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{AF1083AA-3D4D-4253-A64B-4949D7BCDDA9}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{9C2ED8A0-928C-48E6-97AA-74942ABABF6A}C:\program files (x86)\emule\emule.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{3354005C-9079-4C43-AA02-F570DDB61B92}C:\program files (x86)\emule\emule.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\emule\emule.exe (.not file.)
O87 - FAEL: "{D5E42750-5564-4A5D-8319-24DFBA1FC97E}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "{C415C99C-A346-4178-BFC1-0444B0905233}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.)
O87 - FAEL: "TCP Query User{718161B1-8E4F-4CBB-9203-5C98A4BCE333}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{F8DF289B-C5DA-4C43-AA62-4AED6E62F591}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
~ Firewall: 247 Legitimates Scanned in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11340 - (29/03/2013)
Cl�s trouv�es (Keys found) : 19
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM] =>PUP.SweetIM
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox
[HKLM\Software\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\Tuto4pcFrSolimbaBHO.DLL] =>Spyware.AgenceExclusive
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Users\SEBASTIEN CALVAYRAC\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
~ Additionnel: Scanned in 00mn 53s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "3087D2BEE64D0A445B44D63F85510FD7" . (.Mod�les pour Office.) -- C:\Windows\Installer\{EB2D7803-D46E-44A0-B544-6DF35815F07D}\ARPPRODUCTICON.exe
~ Update Products: 60 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 03/03/2010 325200 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 05/02/2010 865824 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
SS - | Auto 01/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 24/12/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SR - | Auto 116104 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 06/11/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SR - | Auto 06/11/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SR - | Auto 166912 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by SEBASTIEN CALVAYRAC at 30/03/2013 01:55:09

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by SEBASTIEN CALVAYRAC at 30/03/2013 01:55:11

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (743 lines in 04mn 55s)(0)

Publicité


Signaler le contenu de ce document

Publicité