~ Rapport de ZHPDiag v2013.11.11.25 - Nicolas Coolman (11/11/2013)
~ Lancé par perso (11/11/2013 18:08:31)
~ Adresse du Site Web
http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection :
http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Bitdefender Total Security 2012 v15.0.38
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 263 GB (56%) free of 466 GB
---\\ Mode de connexion au système
~ Computer Name: PERSO-PC
~ User Name: perso
~ All Users Names: UpdatusUser, perso, HomeManagementComm, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\perso\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\perso\AppData\Roaming\
~ %Desktop% : C:\Users\perso\Desktop\
~ %Favorites% : C:\Users\perso\Favorites\
~ %LocalAppData% : C:\Users\perso\AppData\Local\
~ %StartMenu% : C:\Users\perso\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 263 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
E: Hard drive, Flash drive, Thumb drive (Free 71 Go of 466 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
L: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4181
~ Mes musiques (My Musics) : 123/845
~ Mes Videos (My Videos) : 2/14
~ Mes Favoris (My Favorites) : 1/144
~ Mes Documents (My Documents) : 3/844
~ Mon Bureau (My Desktop) : 1/3995
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 05s
---\\ Processus lancés
[MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe [149824] [PID.2604]
[MD5.2A614C7FE070AF8791BA73618E21F527] - (.Creative Technology Ltd. - Live! Cam Manager Application.) -- C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [155648] [PID.2276]
[MD5.448B572F9505CE50A21BBD9312AEAAB4] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208] [PID.2284]
[MD5.9D294186F5246F0A207E57533B31E919] - (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0410Mon.exe [32768] [PID.2652]
[MD5.CDB517386A26AE420CB24BDB3CD88779] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448] [PID.1428]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe [1612920] [PID.2676]
[MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe [13446464] [PID.2116]
[MD5.8D719B9FA96856E8E550EEAEAF23EEBE] - (.Pas de propriétaire - Orange Wifi Application.) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe [1852880] [PID.2900]
[MD5.CE42DFE915F78246364D464902E47360] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.1424]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2416]
[MD5.8334E5088E74401490001EF65E07CAC5] - (.CANON INC. - Canon Solution Menu EX Updater.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.exe [593032] [PID.4884]
[MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.5356]
[MD5.BB4F6465EEB9ACAA5C60C36983740219] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [310352] [PID.4068] =Toolbar.Google
[MD5.6DD6ECC359E09C4D6CE8DC2043C1D55B] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe [13016248] [PID.3472]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] - (...) -- C:\Users\perso\Desktop\adwcleaner-3.012.exe [1085542] [PID.1016]
[MD5.0248882379D37F3DC3EA1C721803B645] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8202752] [PID.7044]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.1124]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.3684]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.3752]
[MD5.9D519AAA21E622DF7DF27041E0917499] - (.Pas de propriétaire - DedicarzService.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe [1966960] [PID.4084]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [138192] [PID.3388]
[MD5.A21E58F345F337316A98C5121CBE17E8] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.3528]
~ Processes Running: Scanned in 00mn 10s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:56847 =Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{4F524A2D-5637-006A-76A7-7A786E7484D7} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Canon MG5300 series Manuel en ligne.lnk . (.CANON INC. - Easy Guide Viewer.) -- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
O4 - GS\Desktop [Public]: créer des vidéos et des diaporamas.lnk . (.muvee Technologies Pte Ltd - muveeNow.) -- C:\Program Files (x86)\muvee Technologies\muveeNow 2.0 - Creative\muveeapp.exe
O4 - GS\Desktop [Public]: Enregistrement du produit Creative.lnk . (.Creative Technology Ltd - Product Registration Program.) -- C:\Program Files (x86)\Creative\Enregistrement du produit\French\InetReg.exe
O4 - GS\Desktop [Public]: MP Navigator EX 2.0.lnk . (.CANON INC. - MP Navigator EX.) -- C:\Program Files (x86)\Canon\MP Navigator EX 2.0\mpnex20.exe
O4 - GS\Desktop [Public]: Orange Portail.lnk . (...) -- C:\Program Files\Orange\Orange Portail.exe
O4 - GS\Desktop [Public]: VAFPlayer.lnk . (...) -- C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}\_5A7BEEAA8B494FA662219A.exe =PUP.VAFPlayer
O4 - GS\Desktop [Public]: wifi d'Orange.lnk . (...) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe
O4 - GS\Program [Public]: Webplayer.lnk . (...) -- C:\Program Files (x86)\Webplayer\Webplayer.exe (.not file.) =Adware.SocialSkinz
O4 - GS\QuickLaunch [perso]: créer des vidéos et des diaporamas.lnk . (.muvee Technologies Pte Ltd - muveeNow.) -- C:\Program Files (x86)\muvee Technologies\muveeNow 2.0 - Creative\muveeapp.exe
O4 - GS\QuickLaunch [perso]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [perso]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [perso]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [perso]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [perso]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
O4 - GS\Desktop [perso]: Easy Burner.lnk . (.Aedge Performance BCN SL - Easy Burner.) -- C:\Program Files (x86)\EasyBurner\EasyBurner.exe
O4 - GS\Desktop [perso]: G200 (V1).lnk . (...) -- C:\Program Files\G200_V1_2.exe
O4 - GS\Desktop [perso]: IPCamSetup.lnk . (...) -- C:\Program Files (x86)\IPCamSetup\IPCam3.6.exe
O4 - GS\Desktop [perso]: PDF-Viewer.lnk . (.Tracker Software Products (Canada) Ltd. - PDF-XChange Viewer.) -- C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
O4 - GS\Desktop [perso]: tarif timbres.lnk . (...) -- C:\Users\perso\Downloads\TarifsRésumé_Part_FM_noirETblanc.pdf
O4 - GS\Desktop [perso]: TarifsRésumé_Part_FM_noirETblanc - Raccourci.lnk . (...) -- C:\Users\perso\Downloads\TarifsRésumé_Part_FM_noirETblanc.pdf
~ Global Startup: 83 Legitimates Filtered in 00mn 09s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [BDAgent] . (.Bitdefender - Bitdefender Agent.) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKCU\..\Run: [Creative Live! Cam Manager] . (.Creative Technology Ltd. - Live! Cam Manager Application.) -- C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [V0410Mon.exe] . (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0410Mon.exe =.Creative Technology Ltd
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScanUtility] . (.CANON INC. - Canon IJ Network Scan Utility.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_OrangeWifi_{9d78a505-6248-4d1b-81b6-df69655beccf}] . (.Pas de propriétaire - Orange Wifi Application.) -- c:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe
O4 - HKLM\..\Wow6432Node\Run: [Start_Update_{9d78a505-6248-4d1b-81b6-df69655beccf}] . (.Pas de propriétaire - Orange Updater.) -- c:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\UpdteApp.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [fst_fr_16] Clé orpheline =PUA.FSTfr9
O4 - HKUS\S-1-5-18\..\Run: [orangeinside] C:\Windows\system32\config\systemprofile\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-2472763746-2919212830-2396285452-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-2472763746-2919212830-2396285452-1000\..\Run: [Creative Live! Cam Manager] . (.Creative Technology Ltd. - Live! Cam Manager Application.) -- C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
O4 - HKUS\S-1-5-21-2472763746-2919212830-2396285452-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-2472763746-2919212830-2396285452-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =Toolbar.Google
~ Application: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} ((no name)) -
http://logicielsgratuits.orange.fr/down ... taller.cab
~ Objets ActiveX Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31D85B11-A993-4B12-9C84-4F964318573A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E990F0-BE1B-46F3-B909-783C63502905}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3A0E4B7-923F-446A-AF5A-49DADB194D94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{31D85B11-A993-4B12-9C84-4F964318573A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{49E990F0-BE1B-46F3-B909-783C63502905}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E3A0E4B7-923F-446A-AF5A-49DADB194D94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{31D85B11-A993-4B12-9C84-4F964318573A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{49E990F0-BE1B-46F3-B909-783C63502905}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E3A0E4B7-923F-446A-AF5A-49DADB194D94}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) . (.Bitdefender - Bitdefender Security Service.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
~ Services: 14 Legitimates Filtered in 00mn 08s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [SpyHunter4Startup] (...) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (.not file.) [0] =Crapware.SpyHunter
[MD5.00000000000000000000000000000000] [APT] [{29CB5B51-A222-4A8C-B5C1-3166E85DD2ED}] (...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.) [0]
[MD5.8D719B9FA96856E8E550EEAEAF23EEBE] [APT] [{390A92C1-572A-491B-B302-CAB239082430}] (...) -- C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe [1852880]
[MD5.AB0D19F4226361B45F5A78493946B030] [APT] [{3E2BEB82-23EA-4D74-A358-29B329CBCA4E}] (.object.) -- C:\Program Files (x86)\lh\Device Client\DeviceClient.exe [516608]
[MD5.CCB92FD20CEB060BE89600864B7BD745] [APT] [{56E68A10-7281-4C59-B1B2-A2CD1B71298F}] (.Linasoft.) -- D:\Autorun.exe [1504768]
[MD5.00000000000000000000000000000000] [APT] [{9359F2DA-5B35-427C-A0BE-BE07B1C25096}] (...) -- C:\Program Files (x86)\Webplayer\uninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DB3A809D-5A6E-4134-A660-500C17BD46E9}] (...) -- C:\Program Files (x86)\LimeWire\LimeWire.exe (.not file.) [0]
[MD5.AB0D19F4226361B45F5A78493946B030] [APT] [{EE74AD78-D486-4847-8873-6F4A24E55D04}] (.object.) -- C:\Program Files (x86)\lh\Device Client\DeviceClient.exe [516608]
[MD5.00000000000000000000000000000000] [APT] [{F4F282B8-811F-4786-84A6-3F19C9AA40D1}] (...) -- C:\Users\perso\Downloads\flashplayer_9_ax_debug.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 07s
---\\ Logiciels installés (O42)
O42 - Logiciel: Device Client - (.lh.) [HKLM][64Bits] -- {72EEBDFE-367B-43D9-BF38-DBA35F4E0135}
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM][64Bits] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =Adware.SocialSkinz
O42 - Logiciel: oPlayer - (.object.) [HKLM][64Bits] -- {AA1B7F27-A49D-4D7F-9755-570AF5597160}
~ Logic: 104 Legitimates Filtered in 00mn 00s
---\\ HKCU HKLM Software Keys
[HKCU\Software\11111111]
[HKCU\Software\31257InstEnd]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKCU\Software\PMU]
[HKCU\Software\Vittalia] =PUP.Vittalia
[HKCU\Software\object client by rs]
~ Key Software: 211 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/11/2013 - 17:44:21 - [0] ----D C:\Program Files (x86)\BuzzSearch
O43 - CFD: 27/10/2013 - 11:59:20 - [13,447] ----D C:\Program Files (x86)\lh
O43 - CFD: 11/11/2013 - 17:52:24 - [0,015] ----D C:\Program Files (x86)\MyPC Backup =PUP.MyPCBackup
O43 - CFD: 14/02/2012 - 10:58:40 - [0] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 11/11/2013 - 17:47:05 - [0,005] ----D C:\ProgramData\eSafe =PUP.eSafeSecurity
O43 - CFD: 03/06/2011 - 16:51:58 - [17,670] -SH-D C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
O43 - CFD: 11/11/2013 - 17:39:33 - [1,273] ----D C:\Users\perso\AppData\Roaming\dosearches =PUP.DoSearches
O43 - CFD: 24/11/2012 - 17:26:30 - [0,008] ----D C:\Users\perso\AppData\Roaming\MOBILedit
O43 - CFD: 10/11/2013 - 09:27:23 - [0,876] ----D C:\Users\perso\AppData\Local\BeamriseUninstall =Hijacker.Beamrise
O43 - CFD: 14/02/2012 - 10:58:37 - [0] ----D C:\Users\perso\AppData\Local\PokerStars.FR
O43 - CFD: 17/07/2012 - 05:18:23 - [0,016] ----D C:\Users\perso\AppData\Local\SafeBox
O43 - CFD: 15/09/2013 - 11:57:06 - [9,272] ----D C:\Users\perso\AppData\Local\SelfExtractible
~ Program Folder: 194 Legitimates Filtered in 00mn 12s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.167A5646D3DBA02B1B8D5556D5ACD1FB] - 09/11/2013 - 07:53:02 ---A- . (...) -- C:\Windows\SysNative\checkdnsid.xml [361]
O44 - LFC:[MD5.167A5646D3DBA02B1B8D5556D5ACD1FB] - 09/11/2013 - 07:53:02 ---A- . (...) -- C:\Windows\System32\checkdnsid.xml [361]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 09/11/2013 - 18:37:05 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.E5E910CC7EB842E7DA912989235A69A7] - 10/11/2013 - 08:28:21 ---A- . (...) -- C:\Windows\SysNative\bdsandbox.txt [56]
O44 - LFC:[MD5.E5E910CC7EB842E7DA912989235A69A7] - 10/11/2013 - 08:28:21 ---A- . (...) -- C:\Windows\System32\bdsandbox.txt [56]
O44 - LFC:[MD5.0094CEEF6AC0BB3F53D4B9E19BFE7DC6] - 11/11/2013 - 17:39:34 ---A- . (.Systweak Inc., (
http://www.systweak.com) - Regclean Pro.) -- C:\Windows\SysNative\roboot64.exe [20312] =Rogue.RegistryPowerCleaner
O44 - LFC:[MD5.0094CEEF6AC0BB3F53D4B9E19BFE7DC6] - 11/11/2013 - 17:39:34 ---A- . (.Systweak Inc., (
http://www.systweak.com) - Regclean Pro.) -- C:\Windows\System32\roboot64.exe [20312] =Rogue.RegistryPowerCleaner
O44 - LFC:[MD5.BC0BA9F5B6A829A353FDBF7A102BD32A] - 11/11/2013 - 17:43:45 ---A- . (...) -- C:\bdlog.txt [140808]
~ Files: 33 Legitimates Filtered in 00mn 34s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.7E4C321E808B5984E8FEE034515855D2] - 25/09/2006 - 16:37:59 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\Windows\System32\Drivers\aavmker4.sys [24920]
~ Drivers: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\perso\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- searches.com\?utm_source=butm_medium=corutm_campaign=rgutm_content=scfrom=coruid=WDCXWD5000AAKS-00V1A0_WD-WCAWF855120251202ts=1384187966 C:\Program Files (x86)\Internet Explorer\iexplore.exe
http://www.do =Hijacker.wwwDo
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) -
http://rws.search.ke.voila.fr
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) -
http://rws.search.ke.voila.fr
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.BCD27C82E67016348F2C5B2AAA98C8C1] [SPRF][06/05/2012] (...) -- C:\ProgramData\1336286596.bdinstall.bin [509399]
[MD5.AF924EF9C4F2B719465E74B72A05D468] [SPRF][23/05/2012] (...) -- C:\ProgramData\1337797451.bdinstall.bin [242567]
[MD5.7332FD96940FA3ABF4DF8313B5EE6191] [SPRF][23/05/2012] (...) -- C:\ProgramData\1337797752.bdinstall.bin [265121]
[MD5.6AEBCB833851D791A3ADCC41D0544730] [SPRF][23/09/2012] (...) -- C:\ProgramData\1348407147.bdinstall.bin [34115]
[MD5.A3C5E9A8D8852B90A610F75CD0240E56] [SPRF][26/09/2012] (...) -- C:\ProgramData\1348596091.bdinstall.bin [250225]
[MD5.52A6DBA356568971865137684705A4BD] [SPRF][26/09/2012] (...) -- C:\ProgramData\1348663486.bdinstall.bin [231401]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][11/11/2013] (...) -- C:\Users\perso\Desktop\adwcleaner-3.012.exe [1085542]
~ Files: 7 Legitimates Filtered in 00mn 10s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{078E3F08-2BF7-4E13-90BE-62933A7EC133}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =PUP.eSafeSecurity
~ Firewall: 182 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.6C2A473485E172E8BBEF920E56EF209F] [WIS][10/11/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\4173ce.msi [10248192] =Adware.IMBooster
[MD5.995875E3DC1D98FF3D424EE6ED815BD8] [WIS][15/10/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\e9f2f4b.msi [21504] =Adware.SocialSkinz
~ WIS: 57 Legitimates Filtered in 00mn 10s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 07/06/2007 85504 | (AEV0410) . (.Creative Technology Ltd..) - C:\Windows\System32\V0410Aps.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
SS - | Auto 27/06/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/06/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 07/02/2011 138192 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Demand 16/08/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Demand 26/09/2012 75384 | (SafeBox) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 12/02/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SS - | Demand 14/10/2011 466736 | (Update Server) . (.BitDefender.) - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
SR - | Auto 26/09/2012 67904 | (UPDATESRV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
SR - | Auto 14/12/2012 1957912 | (VSSERV) . (.Bitdefender.) - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scan Additionnel (O88)
Database Version : 12994 - (11/11/2013)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 5
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}] =Adware.SocialSkinz^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =Toolbar.Conduit
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =PUP.Tarma
[HKLM\Software\Classes\Interface\{03480F0D-7897-4FC0-86D8-18B6FF450D2A}] =Adware.MapsGalaxy
[HKLM\Software\Classes\Interface\{09B8C335-1622-42C7-8650-A79D56551343}] =Adware.MapsGalaxy
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =Adware.IMBooster
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC] =PUP.VAFPlayer
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC] =PUP.VAFPlayer
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =PUP.DealPly
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_16 =PUA.FSTfr9^
C:\Program Files (x86)\MyPC Backup =PUP.MyPCBackup^
C:\ProgramData\eSafe =PUP.eSafeSecurity^
C:\Users\perso\AppData\Roaming\dosearches =PUP.DoSearches^
C:\Users\perso\AppData\Local\BeamriseUninstall =Hijacker.Beamrise^
C:\Users\perso\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\
gophoto@gophoto.it.xpi =Spyware.GophotoIt
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =Toolbar.Google^
[HKCU\Software\Vittalia] =PUP.Vittalia^
C:\Windows\Installer\4173ce.msi =Adware.IMBooster^
C:\Windows\Installer\e9f2f4b.msi =Adware.SocialSkinz^
~ Additionnel Scan: 273889 Items scanned in 00mn 39s
---\\ Récapitulatif des détections trouvées sur votre station
~
http://nicolascoolman.webs.com/apps/blo ... bar-google =Toolbar.Google
~
http://nicolascoolman.webs.com/apps/blo ... cker-proxy =Hijacker.Proxy
~
http://nicolascoolman.webs.com/apps/blo ... -vafplayer =PUP.VAFPlayer
~
http://nicolascoolman.webs.com/apps/blo ... ocialskinz =Adware.SocialSkinz
~
http://nicolascoolman.webs.com/apps/blo ... pua-fstfr9 =PUA.FSTfr9
~
http://nicolascoolman.webs.com/apps/blo ... -spyhunter =Crapware.SpyHunter
~
http://nicolascoolman.webs.com/apps/blo ... nstallcore =Adware.InstallCore
~
http://nicolascoolman.webs.com/apps/blo ... p-vittalia =PUP.Vittalia
~
http://nicolascoolman.webs.com/apps/blo ... mypcbackup =PUP.MyPCBackup
~
http://nicolascoolman.webs.com/apps/blo ... fesecurity =PUP.eSafeSecurity
~
http://nicolascoolman.webs.com/apps/blo ... dosearches =PUP.DoSearches
~
http://nicolascoolman.webs.com/apps/blo ... r-beamrise =Hijacker.Beamrise
~
http://nicolascoolman.webs.com/apps/blo ... wercleaner =Rogue.RegistryPowerCleaner
~
http://nicolascoolman.webs.com/apps/blo ... cker-wwwdo =Hijacker.wwwDo
~
http://nicolascoolman.webs.com/apps/blo ... -imbooster =Adware.IMBooster
~
http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~
http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~
http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =PUP.Tarma
~
http://nicolascoolman.webs.com/apps/blo ... mapsgalaxy =Adware.MapsGalaxy
~
http://nicolascoolman.webs.com/apps/blo ... up-dealply =PUP.DealPly
~
http://nicolascoolman.webs.com/apps/blo ... -gophotoit =Spyware.GophotoIt
~ MSI: 21 link(s) detected in 00mn 39s
~ 1065 Legitimates filtered by white list
End of the scan (520 lines in 02mn 57s)(0)
Bonjour,