Forum d'Entraide Informatique (FEI)

Site d'assistance et de sécurité informatique
https://www.forum-entraide-informatique.com/support/

Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

https://www.forum-entraide-informatique.com/support/viewtopic.php?f=3&t=8229

Page 1 sur 1

Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : dim. 11 août 2013 23:35
par piouc07
Bien le bonsoir !
Je cherche quelqu'un-e qui voudrait bien analyser mon fichier "ZHPDiag.txt" copié ci-dessous :

Rapport de ZHPDiag v2013.8.10.15 par Nicolas Coolman, Update du 10/08/2013
Run by Bruno at 11/08/2013 22:35:11
WebSite: http://nicolascoolman.webs.com
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v28.0.1500.95 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System Protection
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v4.04  =Piriform Ltd

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25

---\\ System Information
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2815 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 105 GB (35%) free of 298 GB

---\\ Logged in mode
~ Computer Name: IND_PC
~ User Name: Bruno
~ All Users Names: UpdatusUser, SUPPORT_388945a0, HelpAssistant, Bruno, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Bruno\Application Data\
~ %Desktop% : C:\Documents and Settings\Bruno\Bureau\
~ %Favorites% : C:\Documents and Settings\Bruno\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Bruno\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Bruno\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 105 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Hard drive, Flash drive, Thumb drive (Free 717 Go of 1863 Go)
G:\ CD-ROM drive (Not Inserted)
H:\ Hard drive, Flash drive, Thumb drive (Free 402 Go of 932 Go)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)



---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  Out Of Date
~ Security Center: 30 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.08125B740C62E6DEA9483A15043AD0D5] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/06/2013 - 22:48:38.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.4F11912E3B579013BE7B1628791EBBCD] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0.) (.17/03/2004 - 14:12:12.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [135168]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/8644
~ Mes musiques (My Musics) : 1/677
~ Mes Videos (My Videos) : 2/475
~ Mes Favoris (My Favorites) : 1/742
~ Mes Documents (My Documents) : 2/28695
~ Mon Bureau (My Desktop) : 0/5269
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 58s



---\\ Processus lancés
[MD5.3CC5914797E99032DBDB15CFEEBE0774] - (.BillP Studios - WinPatrol System Monitor.) -- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe   [404712] [PID.928]
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe   [356376] [PID.936]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDLL32.exe   [0] [PID.992]
[MD5.DFF3638D9E2748ABF1E5F68D6051AE0B] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe   [830376] [PID.360]
[MD5.051B0369593D350A0610FC2E3F1F8AFD] - (.Acronis - File Level CDP Manager Service.) -- C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe   [3783672] [PID.512]
[MD5.F06B1A8096504F8FC71D97B2C9071668] - (.Systweak Inc., (http://www.systweak.com) - Advanced System Optimizer - Defrag Service.) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe   [240480] [PID.556]  =PUP.AdvancedSystemOptimizer
[MD5.793EF38A5FD086C3C8E48A8A861562ED] - (.Microsoft Corporation - Content Index service.) -- C:\WINDOWS\system32\cisvc.exe   [5632] [PID.2056]
[MD5.2A90DF1996B2BE2C3FB679C90F7678FD] - (.Portrait Displays, Inc. - DTSRVC.) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe   [137112] [PID.2332]
[MD5.5F697C5802709FF9A8CEA22D088E7806] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe   [68168] [PID.2536]
[MD5.3B56627C838CFB7314570A7FCBC83C04] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe   [23624] [PID.2640]
[MD5.9ECF00E19736054E019C532AED8228FC] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe   [182184] [PID.2916]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.3228]
[MD5.1982E96B2C5C2EFFEF38EFC37293A42E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.8.) -- C:\WINDOWS\system32\nvsvc32.exe   [156448] [PID.2148]
[MD5.70042E6C2B695E2978B2E13654EF276E] - (.Acronis - TrueImage Sync Agent Service.) -- C:\Program Files\Fichiers communs\Acronis\SyncAgent\syncagentsrv.exe   [7084672] [PID.3356]
[MD5.747AE9D7C5489455E2E3CA9459419E17] - (.TuneUp Software - TuneUp Utilities Service.) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe   [1529152] [PID.3652]
[MD5.00C00F62801F5980517A55105F396D38] - (...) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe   [885096] [PID.3724]
[MD5.34D2E12226269789BB5F292915B089D7] - (.Pas de propriétaire - app_filter Module.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe   [457248] [PID.484]
[MD5.0DC1D52722CEBA645B4D460E66D58AEE] - (.Pas de propriétaire - NVIDIA Corporation.) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe   [191008] [PID.2244]
[MD5.3D1EB71373A344446A507E6025EA9395] - (.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe   [2251360] [PID.2288]
[MD5.9E5794DAE3639E722AE8AE218D616FA5] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe   [1220928] [PID.3896]
[MD5.5D6F2732C470AF780F1990C04698236D] - (.VS Revo Group - Revo Uninstaller Pro.) -- C:\Program Files\Revo Uninstaller Pro\RevoUninPro.exe   [14068792] [PID.4576]
[MD5.72999AA48322DA948CE50C08B414A0EC] - (.Microsoft Corporation - Indexing Service filter daemon.) -- C:\WINDOWS\system32\cidaemon.exe   [8192] [PID.5652]
[MD5.ECCA7F72A24C7CF43131946C076689D1] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [846288] [PID.332]
[MD5.2300108F6605BDCD33DC98C7A321671D] - (.Microsoft Corporation - Microsoft Word.) -- C:\Program Files\Microsoft Office\Office14\WINWORD.exe   [1422168] [PID.4936]
[MD5.D8DBE084F97536D7FDE2EE9B4574FB23] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7691264] [PID.4600]
[MD5.E6568D2D90028207587CB43CD8E5FD01] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe   [1259296] [PID.2204]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe   [44544] [PID.856]
[MD5.358A9CCA612C68EB2F07DDAD4CE1D8D7] - (.Microsoft Corporation - Microsoft Office Software Protection Platfo.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.exe   [4640000] [PID.5272]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Bruno\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Kaspersky URL Advisor v.13.0.1.4190 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hakdifolhalapjijoafobooafbilfakh] Safe Money v.13.0.1.4190 (Désactivé)
G2 - GCE: Preference [User Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.1.4190 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.1.4190 (Désactivé)
~ Google Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Documents and Settings\Bruno\Application Data\Mozilla\Firefox\Profiles\0\prefs.js (.not file.)
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 906



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll  =P2P.BitComet
O2 - BHO: Messenger Plus Community Toolbar - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} . (.Pas de propriétaire - Messenger Plus Community Toolbar Link Libra.) -- C:\Program Files\msgplscomtb\MsgPlsComDx.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} . (.A Part of the LessCliX Suite by Alianyn - FindeXer.) -- C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Messenger Plus Community Toolbar - [HKLM]{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} . (.Pas de propriétaire - Messenger Plus Community Toolbar Link Libra.) -- C:\Program Files\msgplscomtb\MsgPlsComDx.dll
O3 - Toolbar: (no name) - [HKCU]{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} Clé orpheline
O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [CoolSwitch] . (...) -- C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [UX Launcher] . (...) -- C:\Program Files\UX Pack\uxlaunch.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [WinPatrol] . (.BillP Studios - WinPatrol System Monitor.) -- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKLM\..\Run: [PivotSoftware] . (...) -- C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe
O4 - HKLM\..\Run: [DT PLP] . (.Portrait Displays, Inc. - DT_Startup.) -- C:\Program Files\Fichiers communs\Portrait Displays\Shared\DT_startup.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [2A73C3CA74AB3B2DEC2FCD23B3C0AEEFE10A79E9._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\ccleaner.exe  =Piriform Ltd
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1417001333-343818398-682003330-1009\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1417001333-343818398-682003330-1009\..\Run: [2A73C3CA74AB3B2DEC2FCD23B3C0AEEFE10A79E9._service_run] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1417001333-343818398-682003330-1009\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\ccleaner.exe  =Piriform Ltd
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader X.lnk . (...)  -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.)  -- C:\Program Files\CDBurnerXP\cdbxpp.exe
O4 - GS\Programs: Inkscape.lnk . (.inkscape.org - Inkscape.)  -- C:\Program Files\Inkscape\inkscape.exe
O4 - GS\Programs: Microsoft Money.lnk . (.Microsoft(R) Corporation - Microsoft Money.)  -- C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
O4 - GS\Programs: Windows Live ID.lnk . (.Microsoft Corporation - Sign in Options.)  -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\SIGNINOPTIONS.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.)  -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.)  -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.)  -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.)  -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Windows Install Clean Up.lnk . (...)  -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll  =P2P.BitComet
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: Microsoft XML Parser for Java -  (Microsoft XML Parser for Java) - (.not file.) - C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} ((no name)) - http://office.microsoft.com/sites/produ ... wsdc32.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} ((no name)) - https://fr.mayetic.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} ((no name)) - http://kitchenplanner.ikea.com/fr/Core/ ... _Win32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} ((no name)) - https://fr.mayetic.com/download/dolcontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microso ... 3083308593
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} ((no name)) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://www.ma-config.com/plugins/MaConfig_5_2_2_0.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} ((no name)) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} ((no name)) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3695A9EC-27E4-4BC9-9EE6-6D4D76994446}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (...) --
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ASO3DiskOptimizer (ASO3DiskOptimizer) . (.Systweak Inc., (http://www.systweak.com) - Advanced System Optimizer - Defrag Service.) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe  =PUP.AdvancedSystemOptimizer
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) . (.Portrait Displays, Inc. - DTSRVC.) - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) . (...) - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
~ Services: 18 Legitimates Filtered in 00mn 10s



---\\ Enumération Active Desktop MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Word.) - C:\Program Files\Microsoft Office\Office14\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Windows 7 RC1 Wallpapers 3.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\Windows 7 RC1 Wallpapers 3.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-AutoCheckUpdate7Days.job   [454]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-DiskOptimizer.job   [432]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-OneClickCare.job   [408]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-PrivacyProtector.job   [438]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-RegistryCleaner.job   [420]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-RegistryOptimizer.job   [444]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-System Protector.job   [436]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\ASO-SystemCleaner.job   [426]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\At1.job   [452]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\At2.job   [452]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\At3.job   [452]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\At4.job   [452]
O39 - APT:Automatic Planified Task  - C:\WINDOWS\Tasks\Registry First Aid auto.job   [352]
[MD5.B9577011CE1868D733E3BE6BD21E39DD] [APT] [ASO-AutoCheckUpdate7Days] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\CheckUpdate.exe   [3244384]  =PUP.AdvancedSystemOptimizer
[MD5.3127146904C902BCAF220CF1EB6E3CB5] [APT] [ASO-DiskOptimizer] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\DiskOptimizer.exe   [296800]  =PUP.AdvancedSystemOptimizer
[MD5.9EB4B9F24C13632D3F293C1C9E7C533D] [APT] [ASO-OneClickCare] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\ASO3.exe   [3235168]  =PUP.AdvancedSystemOptimizer
[MD5.D8721A810FF49FEA0A5933B51927EF56] [APT] [ASO-PrivacyProtector] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\PrivacyProtector.exe   [1531744]  =PUP.AdvancedSystemOptimizer
[MD5.D523DE5554D1C2481ABAD2B1966EBA2E] [APT] [ASO-RegistryCleaner] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\RegClean.exe   [1117536]  =PUP.AdvancedSystemOptimizer
[MD5.D72BCAA2DA8827D85B35C222656B638F] [APT] [ASO-RegistryOptimizer] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\RegistryOptimizer.exe   [248160]  =PUP.AdvancedSystemOptimizer
[MD5.00000000000000000000000000000000] [APT] [ASO-System Protector] (...) -- C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe (.not file.)   [0]  =PUP.AdvancedSystemOptimizer
[MD5.3427ABE77B88991C2ECA6F99F9A40079] [APT] [ASO-SystemCleaner] (.Systweak Inc., (http://www.systweak.com).) -- C:\Program Files\Advanced System Optimizer 3\SystemCleaner.exe   [1468768]  =PUP.AdvancedSystemOptimizer
[MD5.6CCF30E1CAE0D662C247F71F492CF1C2] [APT] [Registry First Aid auto] (.KsL Software.) -- C:\Program Files\RFA 9\reg1aid32.exe   [4324440]
~ Scheduled Task: 42 Legitimates Filtered in 00mn 01s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (Pivot) . (.Portrait Displays, Inc. - Pivot Software Miniport Driver.) - C:\WINDOWS\system32\drivers\pivot.sys
~ Drivers: 32 Legitimates Filtered in 00mn 00s



---\\ HKCU HKLM Software Keys
[HKCU\Software\AncestrArbres]
[HKCU\Software\BitComet]  =P2P.BitComet
[HKCU\Software\ConvertVideoFiles.Net]
[HKCU\Software\LD2M]
[HKCU\Software\LOCKimmo.com]
[HKCU\Software\OptimCredit]
[HKCU\Software\SweetIM]  =PUP.SweetIM
[HKCU\Software\mogumbo]
[HKLM\Software\AltrixSoft]
[HKLM\Software\Colors Of Nature]
[HKLM\Software\EIPC]
[HKLM\Software\Hard Drive Inspector]
[HKLM\Software\MLSoft]
[HKLM\Software\MegaTec]
[HKLM\Software\My GeneStore]
[HKLM\Software\PS]
[HKLM\Software\Planets Windows Theme]
[HKLM\Software\Sunlit]
[HKLM\Software\SweetIM]  =PUP.SweetIM
[HKLM\Software\Winsudate]
~ Key Software: 360 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/05/2013 - 10:56:38 - [0] ----D C:\Program Files\4U Computing
O43 - CFD: 15/11/2010 - 14:43:44 - [5,374] ----D C:\Program Files\AOR
O43 - CFD: 07/05/2013 - 12:49:25 - [76,041] ----D C:\Program Files\BitComet  =P2P.BitComet
O43 - CFD: 03/12/2009 - 17:30:46 - [26,506] ----D C:\Program Files\CometBird
O43 - CFD: 13/12/2012 - 00:53:53 - [30,860] ----D C:\Program Files\Etatdeslieuxfacile
O43 - CFD: 26/08/2009 - 19:41:29 - [6,072] ----D C:\Program Files\FamilySearch
O43 - CFD: 24/09/2010 - 18:12:14 - [0,963] ----D C:\Program Files\GedCom-Vision
O43 - CFD: 22/10/2012 - 22:02:44 - [91,221] ----D C:\Program Files\Gestion locative
O43 - CFD: 17/12/2012 - 22:36:32 - [11,290] ----D C:\Program Files\H
O43 - CFD: 27/08/2012 - 13:43:20 - [9,614] ----D C:\Program Files\Hard Drive Inspector
O43 - CFD: 10/08/2013 - 18:34:03 - [0,076] ----D C:\Program Files\impotwin
O43 - CFD: 08/07/2013 - 22:52:47 - [2,140] ----D C:\Program Files\llionsoft
O43 - CFD: 13/12/2012 - 01:15:53 - [0,345] ----D C:\Program Files\lockimmo
O43 - CFD: 19/03/2013 - 14:24:01 - [17,672] ----D C:\Program Files\LogiLoc Etat des lieux
O43 - CFD: 02/02/2013 - 23:11:27 - [2,246] ----D C:\Program Files\MaCalculatrice 2.3
O43 - CFD: 14/03/2009 - 23:36:11 - [2,238] ----D C:\Program Files\MLSofts
O43 - CFD: 18/02/2012 - 04:15:57 - [3,299] ----D C:\Program Files\msgplscomtb
O43 - CFD: 29/06/2013 - 21:58:42 - [17,449] ----D C:\Program Files\Play65
O43 - CFD: 10/08/2013 - 18:38:11 - [13,318] ----D C:\Program Files\RFA 9
O43 - CFD: 06/03/2013 - 02:23:46 - [14,748] ----D C:\Program Files\ScreenSaverGift
O43 - CFD: 09/02/2012 - 22:20:25 - [0,007] ----D C:\Program Files\The Bat!
O43 - CFD: 01/12/2012 - 14:28:32 - [33,680] ----D C:\Program Files\Total PDF Converter
O43 - CFD: 28/02/2013 - 00:49:15 - [3,474] ----D C:\Program Files\Translate Client
O43 - CFD: 28/10/2012 - 12:18:46 - [0,126] ----D C:\Program Files\vdticons
O43 - CFD: 03/10/2010 - 20:18:59 - [0,457] ----D C:\Program Files\ViGlance
O43 - CFD: 10/08/2013 - 18:37:04 - [0,028] ----D C:\Program Files\ViSplore
O43 - CFD: 03/10/2010 - 20:18:59 - [0,740] ----D C:\Program Files\Vista Rainbar
O43 - CFD: 03/10/2010 - 20:40:42 - [0,596] ----D C:\Program Files\WinFlip
O43 - CFD: 24/11/2010 - 00:18:41 - [0,994] ----D C:\Program Files\Fichiers communs\AltrixSoft
O43 - CFD: 29/04/2012 - 11:36:46 - [0,471] ----D C:\Program Files\Fichiers communs\HP(2)
O43 - CFD: 02/03/2009 - 03:05:56 - [0] ----D C:\Program Files\Fichiers communs\NSV
O43 - CFD: 03/03/2013 - 03:49:42 - [16,953] ----D C:\Program Files\Fichiers communs\ST2 System Shared
O43 - CFD: 06/04/2013 - 01:34:16 - [6,757] ----D C:\Documents and Settings\Bruno\Application Data\8C7C8550-D72C-4BDC-B059-EF3E62CDAC89
O43 - CFD: 11/08/2013 - 10:52:12 - [84,915] ----D C:\Documents and Settings\Bruno\Application Data\BitComet  =P2P.BitComet
O43 - CFD: 16/02/2013 - 10:43:45 - [1,572] ----D C:\Documents and Settings\Bruno\Application Data\France Bleu
O43 - CFD: 18/12/2012 - 03:45:03 - [0,000] ----D C:\Documents and Settings\Bruno\Application Data\Mick@ël
O43 - CFD: 21/11/2012 - 17:46:54 - [0] ----D C:\Documents and Settings\Bruno\Application Data\msgplscomtb
O43 - CFD: 24/01/2013 - 23:13:34 - [0,057] ----D C:\Documents and Settings\Bruno\Application Data\translateclient
O43 - CFD: 18/12/2012 - 03:44:42 - [0,000] ----D C:\Documents and Settings\Bruno\Local Settings\Application Data\Mick@ël
O43 - CFD: 23/11/2012 - 17:11:00 - [0,004] ----D C:\Documents and Settings\Bruno\Menu Démarrer\Programmes\Immobilier Loyer
~ Program Folder: 338 Legitimates Filtered in 00mn 45s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.916D243F81E1185A7A4839177B4828A0] - 11/08/2013 - 21:19:26 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/08/2013 - 21:19:25 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log   [0]
O44 - LFC:[MD5.7D4AEDE79919FB933122C3A7E3C0194B] - 11/08/2013 - 21:19:25 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [159]
O44 - LFC:[MD5.1D4F6B958360E362A6B5D3FAAD9C51AD] - 11/08/2013 - 02:59:17 ---A- . (...) -- C:\csb.log   [10]
O44 - LFC:[MD5.5DCA1183E736CE36D0D38978C84F54B9] - 11/08/2013 - 01:33:18 ---A- . (...) -- C:\WINDOWS\system32\ASOROSet.bin   [2400]
O44 - LFC:[MD5.46989159059F99B1954B5EB53D696947] - 11/08/2013 - 01:31:33 ---A- . (...) -- C:\WINDOWS\system32\Drivers\DTSU2P.DAT   [1332]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 11/08/2013 - 01:23:04 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini   [116]
O44 - LFC:[MD5.F7B13E0DE5CA5AEED0E349C973976675] - 10/08/2013 - 23:31:14 ---A- . (...) -- C:\DelFix.txt   [2610]
~ Files: 22 Legitimates Filtered in 00mn 06s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - (no name) - {56F9679E-7826-4C84-81F3-532071A8BCC5} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\msgplscomtb\dtUser.exe" [Disabled] .(.Visicom Media Inc..) -- C:\Program Files\msgplscomtb\dtUser.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ImmobilierLoyer\rocherdigital\GUI.exe" [Enabled] .(..) -- C:\Program Files\ImmobilierLoyer\rocherdigital\GUI.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ImmobilierLoyer\rocherdigital\mysql\bin\mysqld.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\ImmobilierLoyer\rocherdigital\mysql\bin\mysqld.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe" [Enabled] .(.BSD Concept.) -- C:\Program Files\BSD Concept\Heredis 13\Heredis13.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\Acronis\SyncAgent\syncagentsrv.exe" [Enabled] .(.Acronis.) -- C:\Program Files\Fichiers communs\Acronis\SyncAgent\syncagentsrv.exe
O47 - AAKE:Key Export SP - "C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" [Enabled] .(.CHENGDU YIWO Tech Development Co., Ltd.) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O47 - AAKE:Key Export SP - "C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" [Enabled] .(.CHENGDU YIWO Tech Development Co., Ltd.) -- C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe
O47 - AAKE:Key Export SP - "C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" [Enabled] .(.CHENGDU YIWO Tech Development Co., Ltd.) -- C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Winamp\winamp.exe" [Enabled] .(.Nullsoft, Inc..) -- C:\Program Files\Winamp\winamp.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Ace Translator\AceTrans.exe" [Enabled] .(...) -- C:\Program Files\Ace Translator\AceTrans.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files\Winamp\winamp.exe" [Enabled] .(.Nullsoft, Inc..) -- C:\Program Files\Winamp\winamp.exe
~ Keys Export: 31 Legitimates Filtered in 00mn 01s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\WINDOWS\system32\:.dll
~ LSA: 6 Legitimates Filtered in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll
~ TDSD: 20 Legitimates Filtered in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\DrvIcon  [Key] . (.artArmin - Changes "My Computer" drive icons to Window.) -- C:\Program Files\Vista Drive Icon\DrvIcon.exe
O53 - SMSR:HKLM\...\startupreg\Execute  [Key] . (.ELITGROUP COMPUTER SYSTEMS CO., LTD. - Delete Folders.) -- C:\WINDOWS\System32\Tools\DelFolders.exe
O53 - SMSR:HKLM\...\startupreg\Hyperappel de l'Encyclopédie Universelle Larousse  [Key] . (.Pas de propriétaire - Application MFC hyperappel.) -- C:\Program Files\Larousse\Encyclopédie Universelle Larousse 2008\bin\Hyperappel.exe
O53 - SMSR:HKLM\...\startupreg\Rainlendar2  [Key] . (.Pas de propriétaire - Rainlendar2.) -- C:\Program Files\Rainlendar2\Rainlendar2.exe
O53 - SMSR:HKLM\...\startupreg\vilaunch  [Key] . (...) -- C:\WINDOWS\system32\vilaunch.exe
O53 - SMSR:HKLM\...\startupreg\WinPatrol  [Key] . (.BillP Studios - WinPatrol System Monitor.) -- C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O53 - SMSR:HKLM\...\startupreg\WinThemePack Logon  [Key] . (.WinThemePack.com - Tweak Planets Logon Screen.) -- C:\Program Files\WinThemePack\Planets Logon Screen\tweak.exe
~ SMSR Keys: 37 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.DF139E5866C19E0B3217EF210198D875] - 06/04/2013 - 00:35:52 ---A- . (.Acronis - File Level CDP Kernel Helper.) -- C:\WINDOWS\system32\Drivers\afcdp.sys   [234752]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9037]
~ Drivers:  Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1
~ ADS:  Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 04/10/2012 - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe (ASO3DiskOptimizer)  .(.Systweak Inc., (http://www.systweak.com) - Advanced System Optimizer - Defrag Service.) - LEGACY_ASO3DISKOPTIMIZER  =PUP.AdvancedSystemOptimizer
O64 - Services: CurCS - 18/09/2012 - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe (DTSRVC)  .(.Portrait Displays, Inc. - DTSRVC.) - LEGACY_DTSRVC
O64 - Services: CurCS - 16/03/2013 - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (EaseUS Agent)  .(.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - LEGACY_EASEUS_AGENT
O64 - Services: CurCS - 16/03/2013 - C:\WINDOWS\system32\drivers\eubakup.sys (EUBAKUP)  .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver.) - LEGACY_EUBAKUP
O64 - Services: CurCS - 16/03/2013 - Pas de propriétaire (EUBKMON)  .(...) - LEGACY_EUBKMON
O64 - Services: CurCS - 16/03/2013 - C:\WINDOWS\system32\drivers\eudskacs.sys (EUDSKACS)  .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) - LEGACY_EUDSKACS
O64 - Services: CurCS - 16/03/2013 - C:\WINDOWS\system32\drivers\EuFdDisk.sys (EUFDDISK)  .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) - LEGACY_EUFDDISK
O64 - Services: CurCS - 16/03/2013 - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (Guard Agent)  .(.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - LEGACY_GUARD_AGENT
O64 - Services: CurCS - 25/05/2012 - C:\Program Files\Fichiers communs\AltrixSoft\HDDInfoService\HDDSvc.exe (HDDSvc)  .(.AltrixSoft (http://www.altrixsoft.com/) - HDDSvc Module.) - LEGACY_HDDSVC
O64 - Services: CurCS - 21/09/2008 - Pas de propriétaire (Intrchs)  .(...) - LEGACY_INTRCHS
O64 - Services: CurCS - 05/06/2010 - C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lbd)  .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD
O64 - Services: CurCS - 08/03/2011 - Pas de propriétaire (LiveTunerPM)  .(...) - LEGACY_LIVETUNERPM
O64 - Services: CurCS - 27/06/2005 - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe (Rupsmon)  .(.Belkin - Rupsmon Application.) - LEGACY_RUPSMON
O64 - Services: CurCS - 08/06/2001 - C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe (USBMate)  .(.Mega Corp. - Mega usb client  program.) - LEGACY_USBMATE
O64 - Services: CurCS - 08/03/2013 - Pas de propriétaire (WO_LiveService)  .(...) - LEGACY_WO_LIVESERVICE
~ Legacy: 196 Legitimates Filtered in 00mn 01s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\NOTEPAD.exe
O67 - Shell Spawning: [HKLM\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\NOTEPAD.exe
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: [HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: [HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\NOTEPAD.exe
O67 - Shell Spawning: [HKCR\..\open\Command] (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\NOTEPAD.exe
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\CometBird.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.B1A68DD430A0DCF65CBE13C532E5629A] [SPRF][26/11/2012] (...) -- C:\Documents and Settings\Bruno\Local Settings\Application Data\fusioncache.dat   [128]
[MD5.F10E8E18700B3A3C10D0B953DD10D284] [SPRF][06/07/2013] (.cobena.org - OptimImpots2007.) -- C:\Documents and Settings\Bruno\Bureau\Calcul_Impots_2008.exe   [141312]
[MD5.45FC5785693F22F904081D8E977CA407] [SPRF][23/07/2013] (.Imbue Software Pvt. Ltd. - Image to PDF Creator 4.3.2.1 Installation.) -- C:\Documents and Settings\Bruno\Bureau\Convertimage-to-pdf.exe   [520708]
[MD5.3E1674363E0DCC8CC4B3A7C19DF8CCAC] [SPRF][12/05/2013] (...) -- C:\Documents and Settings\Bruno\Bureau\easeus_todo_backup_5_8_fr_307534.exe   [102408992]
[MD5.E1B6A2BEF1AD495ACFE5C3A2CD3668F3] [SPRF][11/08/2013] (...) -- C:\Documents and Settings\Bruno\Bureau\HijackThis.exe   [63153]
[MD5.970C573BE76459F3C31C44868741BA94] [SPRF][06/07/2013] (.©XGI  1994-2013 - Impotwin Setup.) -- C:\Documents and Settings\Bruno\Bureau\ir_install.exe   [6156831]
[MD5.788FCDDD88240A85039F7F561093B118] [SPRF][30/03/2013] (.OldTimer Tools - Pas de description.) -- C:\Program Files\TFC.exe   [448512]
[MD5.29CFE9ED23C55E55838A789EB1182A9B] [SPRF][04/10/2008] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe   [1887080]
[MD5.46E2D72A986DCEF5B2827311E3B5C2EC] [SPRF][15/01/2009] (.Kiwee - Installer Control.) -- C:\WINDOWS\Downloaded Program Files\InstallerControl.dll   [204800]
[MD5.D0B44E2C5647DF13212819FFACEC028C] [SPRF][08/08/2008] (.IBM Corporation - Lotus DOLS Web Control.) -- C:\WINDOWS\Downloaded Program Files\npdolctl.dll   [300464]
[MD5.6C1B0DA8C8ACBCC183656E13A46FDBCB] [SPRF][22/04/2011] (.IBM Corporation - Upload Module.) -- C:\WINDOWS\Downloaded Program Files\qp2.dll   [546192]
[MD5.2FD994827193B68DD301F80BDF744231] [SPRF][03/04/2009] (.Husdawg, LLC - System Requirements Lab.) -- C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll   [354608]
~ Files:  Scanned in 00mn 03s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "79407899D9A1CF9449F9CE4F89A6ABF1" . (.ForceDownload.) -- C:\WINDOWS\Installer\{99870497-1A9D-49FC-949F-ECF4986ABA1F}\ARPPRODUCTICON.exe
~ Update Products: 123 Legitimates Filtered in 00mn 00s



---\\ Windows Installer Scan (O93) (NTFS)
[MD5.B16569F74C13859A59AAD83999E1BB02] [WIS][25/11/2011] (.Aedge Performance BCN SL - ForceDownload.) -- C:\Windows\Installer\10a9f1.msi   [2985472]
[MD5.65D795B0DBA3A78C13FC993FEF7FCBCD] [WIS][18/02/2009] (.SDLL - Nom de votre produit SYSTEM_GENERATED.) -- C:\Windows\Installer\13df6a.msi   [208384]
[MD5.52F751552D8ACFE1B802048BACD8AADD] [WIS][01/07/2012] (.Kaspersky Lab - Kaspersky Internet Security 2012.) -- C:\Windows\Installer\145390.msi   [2676736]
[MD5.4DF201562B56A7317E8C8C4FB84DFAD2] [WIS][28/06/2013] (.Rovio Entertainment Ltd. - Angry Birds Star Wars.) -- C:\Windows\Installer\187faaf.msi   [1509888]
[MD5.22D49DEE9436F0097D87A1685F8D283D] [WIS][03/10/2010] (.The J2SE Runtime Environment with European - Additional Font and Media Support.) -- C:\Windows\Installer\18dd0b.msi   [180224]
[MD5.482A88E5E164A984E188215562D8B4C3] [WIS][29/04/2012] (.Hewlett-Packard - HP Software Update.) -- C:\Windows\Installer\1a7e6d.msi   [314880]
[MD5.9C80FF5FC395B0E92A6947F5CC8D255B] [WIS][16/01/2010] (.Microsoft - .) -- C:\Windows\Installer\1b8e38.msi   [53760]
[MD5.834AE5E014CEF4E76C257B26E6D9CBAD] [WIS][16/01/2010] (.Microsoft - .) -- C:\Windows\Installer\1b8e3e.msi   [291840]
[MD5.F7919CF846C6D9913C1D2BB4033A2FDA] [WIS][18/09/2009] (.Microsoft - Microsoft Calculator Plus.) -- C:\Windows\Installer\1ce9de.msi   [152064]
[MD5.177FE970A3A6CB0155972D3BC41BDAE9] [WIS][11/02/2012] (.Adrian Schlesinger - .) -- C:\Windows\Installer\1e1b0b.msi   [131584]
[MD5.7B1219FD756FAFB88C63C9FFC163312A] [WIS][31/05/2013] (.Hewlett Packard - HP Deskjet 2510 series Get product specific help to easily trou.) -- C:\Windows\Installer\1e29725.msi   [78336]
[MD5.C58F619E34EC421114BFDA643E3DC1B6] [WIS][31/05/2013] (.Hewlett Packard - HP Deskjet 2510 series Get product specific help to easily trou.) -- C:\Windows\Installer\1e29749.msi   [133632]
[MD5.C58F619E34EC421114BFDA643E3DC1B6] [WIS][31/05/2013] (.Hewlett Packard - HP Deskjet 2510 series Get product specific help to easily trou.) -- C:\Windows\Installer\1e29749.msi   [133632]
[MD5.A9055C6D9DA2E3FD125FE61EC0B3B75B] [WIS][02/03/2009] (.Microsoft - Microsoft  Plus!.) -- C:\Windows\Installer\1eb2a.msi   [4705280]
[MD5.37128ED55C10C15F67C28CF810E7A739] [WIS][01/06/2013] (.Hewlett Packard - HP Deskjet 2510 series Get product specific help to easily trou.) -- C:\Windows\Installer\1ffd66.msi   [82944]
[MD5.329563C4051237EDB5DCD07342052D23] [WIS][01/06/2013] (.Hewlett Packard - HP Deskjet 2510 series Get product specific help to easily trou.) -- C:\Windows\Installer\1ffd7f.msi   [137728]
[MD5.9DE95933213457B0E1B40B70A684F9DD] [WIS][06/04/2013] (.Paragon Software - Program.) -- C:\Windows\Installer\2b4e02.msi   [6561280]
[MD5.438F256DB0B9C6BDAC36CFF0189E7A5A] [WIS][12/03/2013] (.Rovio - Angry Birds.) -- C:\Windows\Installer\2d00beb.msi   [740864]
[MD5.438F256DB0B9C6BDAC36CFF0189E7A5A] [WIS][12/03/2013] (.Rovio - Angry Birds.) -- C:\Windows\Installer\2d00beb.msi   [740864]
[MD5.3254D69905B2D1E0E1B0A76B71154DBD] [WIS][25/06/2009] (.SDLL - Nom de votre produit SYSTEM_GENERATED.) -- C:\Windows\Installer\399b43.msi   [198144]
[MD5.EFDE96A4C5107879E09C3600AE1872E0] [WIS][03/07/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\3e41c4.msi   [29696]  =Toolbar.Babylon
[MD5.B7A947503E952EABB0DBC1DA363BDA27] [WIS][31/05/2012] (.Microsoft - Windows Rights Management Client with Service Pack 2.) -- C:\Windows\Installer\4d70d95.msi   [214528]
[MD5.3129BC16407E24D007801D9B3EAA693A] [WIS][31/05/2012] (.Microsoft - Windows Rights Management Client Backwards Compatibility SP2.) -- C:\Windows\Installer\4d70d9c.msi   [25088]
[MD5.7D986CA4684EC6CEFDD4408C4BDA34D9] [WIS][21/02/2013] (.Kaspersky Lab - Kaspersky Internet Security 2013.) -- C:\Windows\Installer\543dd.msi   [2750464]
[MD5.9DFBBD8BB4E0BFCFA4C99AFA03FFBDAC] [WIS][16/03/2011] (.3DVIA - Installs the 3Dvia Player 4.1..) -- C:\Windows\Installer\71abed.msi   [67072]
[MD5.A21C68E463F18A5CB23B13E0B34A0157] [WIS][26/02/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\cb3b20.msi   [1638912]
[MD5.9A1B1D90B3D088D211FC4638B890C806] [WIS][17/02/2009] (.tjbroom@hotmail.com - .) -- C:\Windows\Installer\d73e.msi   [129536]
[MD5.5FFC5211A7BCCD7E31D10D7DE8EC24D6] [WIS][17/02/2009] (.Microsoft - Microsoft Money 2004.) -- C:\Windows\Installer\d74a.msi   [336384]
[MD5.FA9C6C7D4555F16D9EEB18622F32ED99] [WIS][17/02/2009] (.Microsoft - Microsoft Money 2004.) -- C:\Windows\Installer\d74f.msi   [1332224]
[MD5.96EB92418955108AF0AE15E562FCB679] [WIS][14/03/2009] (.Michel Lemaitre - .) -- C:\Windows\Installer\da0c5.msi   [352256]
[MD5.A64FEC0F5475DBF48C3EB85061BD1FD5] [WIS][22/07/2011] (.IBM - Lotus Quickr connectors.) -- C:\Windows\Installer\eacd9.msi   [17880064]
~ WIS: 164 Legitimates Filtered in 00mn 33s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 15/02/2013 830376 |  (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
SS - | Demand 12/06/2013 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 06/04/2013 3783672 |  (afcdpsrv) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\CDP\afcdpsrv.exe
SR - | Auto 04/10/2012 240480 |  (ASO3DiskOptimizer) . (.Systweak Inc., (http://www.systweak.com).) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe  =PUP.AdvancedSystemOptimizer
SR - | Auto 21/02/2013 356376 |  (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SS - | Demand 14/04/2008 225280 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 18/09/2012 137112 |  (DTSRVC) . (.Portrait Displays, Inc..) - C:\Program Files\Fichiers communs\Portrait Displays\Shared\dtsrvc.exe
SR - | Auto 16/03/2013 68168 |  (EaseUS Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
SR - | Auto  457248 |  (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 16/03/2013 23624 |  (Guard Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
SS - | Auto 15/01/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/05/2012 484304 |  (HDDSvc) . (.AltrixSoft (http://www.altrixsoft.com/).) - C:\Program Files\Fichiers communs\AltrixSoft\HDDInfoService\HDDSvc.exe
SS - | Demand 04/04/2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 22/07/2013 182184 |  (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 04/04/2013 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 04/04/2013 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto  191008 |  (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 31/01/2013 156448 |  (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 31/01/2013 1259296 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 18/03/2004 65536 |  (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SS - | Disabled 27/06/2005 192512 |  (Rupsmon) . (.Belkin.) - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe
SS - | Auto 07/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 |  (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
SR - | Auto 20/03/2013 7084672 |  (syncagentsrv) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\SyncAgent\syncagentsrv.exe
SR - | Auto 09/02/2012 1529152 |  (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
SS - | Disabled 08/06/2001 146944 |  (USBMate) . (.Mega Corp..) - C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe
SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe
SR - | Auto  885096 |  (WO_LiveService) . (...) - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe
~ Services:  Scanned in 00mn 33s



---\\ Scan Additionnel (O88)
Database Version : v2.12849 - (10/08/2013)
Clés trouvées (Keys found) : 19
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 9

[HKLM\SYSTEM\CurrentControlSet\Services\ASO3DiskOptimizer]   =PUP.AdvancedSystemOptimizer^
[HKLM\Software\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}]   =PUP.BearShare
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]   =PUP.SpecialSavings
[HKLM\Software\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}]   =PUP.BearShare
[HKLM\Software\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}]   =PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]   =Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]   =Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]   =Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]   =Toolbar.Conduit
[HKLM\Software\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}]   =PUP.iMesh
[HKLM\Software\Classes\AppID\NCTAudioCompress3.DLL]   =PUP.BearShare
[HKLM\Software\Classes\.bk1]   =Adware.VirtualGirl
[HKLM\Software\Classes\.bk2]   =Adware.VirtualGirl
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINSVC]   =Adware.Gibmedia
[HKCU\Software\SweetIM]   =PUP.SweetIM
[HKLM\Software\SweetIM]   =PUP.SweetIM
[HKLM\Software\Winsudate]   =Adware.Gibmedia
[HKLM\SYSTEM\CurrentControlSet\Services\RKHit]   =Rogue.SpywareCease
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}]   =PUP.CrossRider
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\CheckUpdate.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\DiskOptimizer.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\ASO3.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\PrivacyProtector.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\RegClean.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\RegistryOptimizer.exe   =PUP.AdvancedSystemOptimizer^
C:\Program Files\Advanced System Optimizer 3\SystemCleaner.exe   =PUP.AdvancedSystemOptimizer^
C:\Windows\Installer\3e41c4.msi   =Toolbar.Babylon^
~ Additionnel Scan: 343737 Items scanned in 00mn 29s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... moptimizer   =PUP.AdvancedSystemOptimizer
~ http://nicolascoolman.webs.com/apps/blo ... up-sweetim   =PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon  =Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... -bearshare   =PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blo ... ialsavings   =PUP.SpecialSavings
~ http://nicolascoolman.webs.com/apps/blo ... -pup-imesh   =PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit   =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... irtualgirl   =Adware.VirtualGirl
~ http://nicolascoolman.webs.com/apps/blo ... ywarecease   =Rogue.SpywareCease
~ http://nicolascoolman.webs.com/apps/blo ... crossrider   =PUP.CrossRider
~ MSI: 10 link(s) detected in 00mn 29s



~ 1439 Legitimates filtered by white list
End of the scan (714 lines in 03mn 23s)(0)

Je souhaite, en effet connaître quelles lignes de ce rapport "ZHPDiag.txt" sont à coller dans ZHPFix.
Je veux "éradiquer" ce "PUP.Optional.AdvancedSystemProtector.A" !!!
Je peux envoyer, si nécessaire, les fichiers :
  • "AdwCleaner[S1].txt"
et
  • "mbam-log-2013-08-11 (10-59-18).txt"

Merci pour votre aide
Piouc07
Ardéchois cœur fidèle !!!

Re: Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : dim. 11 août 2013 23:43
par g3n-h@ckm@n
salut

execute ceci directement en suppression :

http://www.security-helpzone.com/blog/a ... ws-13.html

==

puis fais ceci :

http://security-helpzone.com/gen-hackma ... ed-speech/

Suite à Désinfection de "PUP.Optional.AdvancedSystemProtecto

Posté : lun. 12 août 2013 01:31
par Piouc07
 
Super
Et en plus je suis aussi de Valence....
Et cela serait bien de boire un pot ensemble !
Bon revenons à nos moutons
  • Je me suis un peu affolé qd tout s'est bloqué avec la non lecture de Win 32...
Différentes petites remarques :
  • Au redémarrage cela a aussi bloqué sur le dossier Pre_Scan/process avec un "UDS:DangerousObject.Multi.Généric"
  • D'autre part cela a réinitialisé mon fichier "Hosts"
  • Je pense remettre mon ancien "Hosts" Quand penses-tu ?
  • Ci-joint le lien pour le fichier : "Pre_Scan_12_08_2013_00_40_22.txt"
http://cjoint.com/?0HmbvzJFw36

Confirme-moi que t'as bien reçu "Pre_Scan_12_08_2013_00_40_22.txt"
A te lire
Piouc07

Re: Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : lun. 12 août 2013 01:41
par g3n-h@ckm@n
re

c'est bon on a fait sauter pas mal de cochonneries , je peux avoir mon rapport d'adwcleaner aussi ? (sinon je suis pas loin de la prison

RE,RE Désinfection de "PUP.Optional.AdvancedSystemProtector.

Posté : lun. 12 août 2013 08:17
par Piouc07
Re, Re
 
 
Je te souhaite, tout d'abord une belle journée

Voilà le rapport rapport d'adwcleaner :

# AdwCleaner v2.306 - Rapport créé le 11/08/2013 à 23:49:08
# Mis à jour le 19/07/2013 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Bruno - IND_PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Documents and Settings\Bruno\Mes documents\Sauvegardes\Désinfection de PUP-Optional.AdvancedSystemProtectorA\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v28.0.1500.95

Fichier : C:\Documents and Settings\Bruno\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

Fichier : C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [1346 octets] - [11/08/2013 22:06:04]
AdwCleaner[S1].txt - [1407 octets] - [11/08/2013 22:06:52]
AdwCleaner[S2].txt - [1189 octets] - [11/08/2013 23:49:08]

########## EOF - C:\AdwCleaner[S2].txt - [1249 octets] ##########

Tout "ça" me semble "correct", non ?

Pars "bosser"
Je te recontacte dans la soirée

 

 

Piouc07

Re: Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : lun. 12 août 2013 08:27
par g3n-h@ckm@n
re

desinstalle zhpdiag je n'utilise pas ce logiciel de diagnostic , trop incomplet à mon goût

==

je vois que tu as des restes de rogues donc je me dis que ton registre doit en avoir subi les conséquences , on va donc remettre tout ca en place en executant ceci :

http://security-helpzone.com/gen-hackma ... ed-speech/

RE, RE : Désinfection de "PUP.Optional.AdvancedSystemProtect

Posté : mar. 13 août 2013 01:27
par Piouc07
 
Suis revenu
Je pense que ZHPfix est dorénavant inutile...
Je vais le désinstaller, n'est-ce-pas ?
Si tu ne ne réponds pas : je le le désinstalle donc
 
Vais refaire canned-speech et te tiens au courant
 

Ardéchois mais aussi Valentinois : cœur fidèle
Piouc07

Re-Re-Re Désinfection de "PUP.Optional.AdvancedSystemProtect

Posté : mar. 13 août 2013 02:55
par Piouc07
Re-Ave g3n-h@ckm@n,
Ci-joint le Ci-joint : http://cjoint.com/?3HncUnUA598 pour enlever ces rogues
 
Merci de m'avoir encore de nouvelles "choses"...
Moi, le petit jeunot qui a +20
 
 
Je suis près à prendre des cours qd tu veux
 
Piouc07

Re: Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : mar. 13 août 2013 08:58
par g3n-h@ckm@n
desinstalle Tuneup utilities , c'est un fracasse systeme

==

relance pre_scan , clique sur diag , puis heberge c:\pre_diag_xx_xx_xx.txt sur http://cjoint.com et donne le lien

Nettoyage Ordi après Désinfection de "PUP.Optional.AdvancedS

Posté : mar. 13 août 2013 14:28
par Piouc07
Je te propose de continuer ce travail de nettoyage la semaine prochaine, à partir de jeudi 22/08.
Je me suis prévu une petite semaine de vacances à partir d'aujourd'hui... en Ardèche justement !
Je désinstalle déjà Tuneup utilities
Je relancerais pre_scan la semaine prochaine.
Je te souhaite une bonne semaine, d'ici là
A la semaine prochaine
Je te recontacterais alors.
@+
Piouc07

Désinfection après le "PUP.Optional.AdvancedSystemProtector.

Posté : mar. 13 août 2013 15:51
par Piouc07
Bon
En fin de compte voilà le pre_scan !
http://cjoint.com/?CHnpJaZjPcp

A l'ouverture d'Xp, J'ai simplement noté :
  • au démarrage l'ouverture de cette fenêtre "Windows Developper Preview" qui me demande un eventuel M.P. pas mis.
Y-a-t-il possibilité de "shunter" cette fenêtre inutile pour et par moi ?
  • Présence, après, d'une fenêtre "Winpatrol" proposant I.E comme page de démarrage à la place de Google
Mais, je veux garder Google, moi !!!

Voilà mes 2 remarques
A la semaine prochaine pour continuer ce travail, à partir de tes commentaires !
D'ici-là, je te souhaite du "bon temps"
Comme le disent nos amis les saxons :
See you later = Alligator
In a While = Crocodile
Soon = Racoon

Piouc07

Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : mer. 14 août 2013 09:22
par g3n-h@ckm@n
bien tu relanceras l'outil , puis cliques sur diag , puis heberge le rapport c:\pre_diag xx_xx_xx.txt sur http://cjoint.com et donne le lien

Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : dim. 8 sept. 2013 12:45
par 2011N2
ImageOù en-est votre problème ?

Deux solutions,
  • Votre problème est résolu, dans ce cas pensez à nous en faire part.
  • Votre problème est toujours d'actualité, merci de nous renseigner sur ce qui ne va pas, et donner des nouvelles régulièrement.


    À bientôt sur FEI !

Désinfection de "PUP.Optional.AdvancedSystemProtector.A"

Posté : jeu. 12 sept. 2013 06:58
par 2011N2
Image   Bonjour,

Nous n'avons plus de nouvelle de l'auteur de ce sujet depuis plus d'une semaine Nous considérons donc ce problème comme résolu ou abandonné par son auteur. La prochaine fois, merci de nous tenir au courant de l'évolution de votre problème, ou à faire un UP régulièrement !

Ce sujet est verrouillé, si vous souhaitez le reprendre, merci de contacter par message privé un membre de l'équipe de modération du forum.

À bientôt sur FEI !
Heures au format UTC+01:00
Page 1 sur 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/