~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014) ~ Lancé par Frank (21/02/2014 09:03:09) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 27.0 GCIE: Google Chrome v31.0.1650.63 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Avira Free Antivirus v14.0.2.286 Malwarebytes Anti-Malware version 1.75.0.1300 Secunia PSI ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer eMule Partfile Access Module for VLC 1.0.5 v0.5.1 ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Java 7 Update 51 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (39% free) System Restore: Activé (Enable) System drive C: has 26 GB (34%) free of 76 GB ---\\ Mode de connexion au système ~ Computer Name: PC-FRANK ~ User Name: Frank ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Frank, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\Frank\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\Frank\Application Data\ ~ %Desktop% : C:\Documents and Settings\Frank\Bureau\ ~ %Favorites% : C:\Documents and Settings\Frank\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Frank\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Frank\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 76 Go) D: Hard drive, Flash drive, Thumb drive (Free 47 Go of 149 Go) E: Hard drive, Flash drive, Thumb drive (Free 37 Go of 73 Go) F: CD-ROM drive (Not Inserted) G: CD-ROM drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.2988BFF8257A55EA8AFD038F49F81A34] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/02/2014 - 00:20:01.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 12:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/169 ~ Mes musiques (My Musics) : 13/33 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/29 ~ Mes Documents (My Documents) : 7/18358 ~ Mon Bureau (My Desktop) : 1/2200 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 43s ---\\ Processus lancés [MD5.FAC0EA5A580C8768E20826BAA475A22F] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [483328] [PID.452] [MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1172] [MD5.A3E3552E9E99E9A690A12A25973EF30A] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [364629] [PID.1200] [MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376] [PID.1268] [MD5.39E435C90C9C4F780FA0ED05CA3C3A1B] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\WINDOWS\system32\agrsmsvc.exe [9216] [PID.1368] [MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1444] [MD5.F7E87E927F236755287B28DFBB546A8C] - (...) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe [195536] [PID.1544] [MD5.3CB0CC8879956C187E87E18634EE5164] - (.TOSHIBA CORPORATION - Service of ConfigFree..) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960] [PID.1640] [MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5120] [PID.744] [MD5.0796C1E47ADB9825269E64B9DAB4E741] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.1264] [MD5.5EF3427AE503B5C03A48F7C9FF458B69] - (.Pas de propriétaire - DCSHOST.) -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe [271712] [PID.1848] [MD5.6F95324909B502E2651442C1548AB12F] - (.Macrovision Corporation - IDriverT Module.) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728] [PID.456] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.2052] [MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.2232] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2712] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2764] [MD5.398A81D590424441B2F5C5C08073CADB] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [1229528] [PID.3936] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2628] [MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.2804] [MD5.D859A9D2F026CE5804485068FFD6EAF2] - (.Microsoft Corporation - Telnet.) -- C:\WINDOWS\system32\tlntsvr.exe [75264] [PID.3516] [MD5.5A4DA252B2C0550AB83D129C02CF6C19] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\WINDOWS\System32\vssvc.exe [295424] [PID.3604] [MD5.86D38DBB614B475F5308D28EBD7288A6] - (.Avira Operations GmbH & Co. KG - Avira.OE.ServiceHost.) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [109112] [PID.380] [MD5.EAD2B8AAEB16E538106D295CD7BD7A48] - (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) -- C:\WINDOWS\System32\dmadmin.exe [225280] [PID.2664] [MD5.D6F801AFF5D095BF11FFB40EC4A75522] - (.TOSHIBA Corporation - TDispVol.) -- C:\WINDOWS\system32\TDispVol.exe [73728] [PID.2524] [MD5.93E9E2F7E303C6C85F162D1D2E6AA67B] - (.TOSHIBA - TOSHIBA Control Utility Hotkey Hook.) -- C:\WINDOWS\system32\TCtrlIOHook.exe [28672] [PID.3488] [MD5.489E0CCA53056F270E93EB7A1AFC262A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16841216] [PID.1464] [MD5.8AB98285FE54A53FBEBBD0DF5870371D] - (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [172600] [PID.2616] [MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3972] [MD5.3CD80A372422C50828E52E631A4EF052] - (.Pas de propriétaire - Notifier Orange.) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SMSNotifier.exe [1375696] [PID.2548] [MD5.1047FAB7E9BFAC6D4E40C4E52CA9B170] - (.TOSHIBA Corporation - Pas de description.) -- C:\WINDOWS\system32\TPSBattM.exe [40960] [PID.2104] [MD5.A5CC836910E4717F69218AA3F316AEFE] - (.Pas de propriétaire - Business Everywhere.) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe [3455456] [PID.3012] [MD5.E681281D9BFC9D45D3B72532717E5880] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [49152] [PID.3024] [MD5.C7F05A3FD4A8DC4EE7A7866876E1534C] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.3536] [MD5.2E0524F31E6D8315B71AC0681BAEA1A0] - (.COMPAL ELECTRONIC INC. - TOSHIBA HotKey Utility.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [651264] [PID.2576] [MD5.FEBC1591E5C0DC87EF9CF3D657B65FC2] - (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536] [PID.4240] [MD5.0FD5010AA50FDBC9B83955BC712C9444] - (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784] [PID.4264] [MD5.90B0AEA1FFA2CAC78C2CB64BDEFE3C4B] - (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\Frank\Application Data\Orange\OrangeInside\one\OrangeInside.exe [1526272] [PID.4336] [MD5.143ECB242AF6ECE366AB477828E29D44] - (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe [561320] [PID.4404] [MD5.25CA1677AAA3CDC99CD4FCF940886F3C] - (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [49152] [PID.4716] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648] [PID.2052] [MD5.465680BDE344CE4FF6646626AA3A9125] - (.Google Inc. - Google Crash Handler.) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe [223112] [PID.4776] [MD5.61C028ABA5E49573A6332F4A7C744E87] - (.Pas de propriétaire - SpywareGuard.) -- C:\Program Files\SpywareGuard\sgmain.exe [360448] [PID.3500] [MD5.8C2D3A80FC90A860F0F24DEB67471481] - (.Secunia - Secunia Update Agent.) -- C:\Program Files\Secunia\PSI\sua.exe [662232] [PID.5748] [MD5.A80D0704537C0EF97DB2BEF24B99AF1A] - (.Pas de propriétaire - SG Browser Hijacking Protection.) -- C:\Program Files\SpywareGuard\sgbhp.exe [233472] [PID.2316] [MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.1436] [MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8338432] [PID.4100] [MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5880] ~ Processes Running: Scanned in 00mn 03s ---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1) B0 - SPO: operaprefs.ini [Frank] Home URL=http://badoo.com/startpage/ B1 - OSP: search.ini [Frank] URL=http://badoo.com/startpage ~ Opera Browser: 2 Legitimates Filtered in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\94ad4cvs.default\prefs.js C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\l8xoises.default-1389632907546\prefs.js M3 - MFPP: Plugins - [Frank] -- C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\94ad4cvs.default\searchplugins\googlecustomsearch.xml M0 - MFSP: prefs.js [Frank - 94ad4cvs.default] http://www.gsrch.com M2 - MFEP: prefs.js [Frank - 94ad4cvs.default\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com] [] MediaPlayerEnhance v (..) M2 - MFEP: prefs.js [Frank - 94ad4cvs.default\searchads@instair.net] [] AD Block v1.0.0 (..) M2 - MFEP: prefs.js [Frank - l8xoises.default-1389632907546\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com] [] MediaPlayerEnhance v (..) M2 - MFEP: prefs.js [Frank - l8xoises.default-1389632907546\quick_start@gmail.com] [] Quick Start v (..) M2 - MFEP: prefs.js [Frank - l8xoises.default-1389632907546\searchads@instair.net] [] AD Block v1.0.0 (..) P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.6] - (...) -- C:\Program Files\adslTV\VLC\npvlc.dll (.not file.) P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (...) -- C:\Program Files\adslTV\VLC\npvlc.dll (.not file.) P2 - FPN: [HKCU] [samsung.com/SamsungLinkPCPlugin] - (...) -- C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (.not file.) ~ Firefox Browser: 35 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.) ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 01s ~ Nombre de lignes (Lines number): 15515 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} . (.Pas de propriétaire - SpywareGuard Download Protection.) -- C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Shareiiit - {E7AB3DAE-5A7A-41A7-8258-BD60657392E2} . (.Pas de propriétaire - ScriptHost.) -- C:\Program Files\Shareiiit\ScriptHost.dll O2 - BHO: Adblock - {EF5F59BA-B2AB-48D8-9747-54DF806C73B8} . (...) -- C:\Program Files\Secure Speed Dial\IE\ADBlock\IE\Adblock.dll (.not file.) ~ BHO: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: &RoboForm Toolbar - [HKLM]{724d43a0-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: NO-SPAMS.lnk . (...) -- C:\Program Files\NO-SPAMS\NoSpams.jar O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Program [Frank]: Create Amazing Presentations.lnk - Clé orpheline O4 - GS\Program [Frank]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Frank]: Box Sync.lnk . (...) -- C:\Documents and Settings\Frank\Box Sync ~ Global Startup: 16 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: Bluetooth Manager.lnk . (.TOSHIBA CORPORATION. - Bluetooth Manager.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe O4 - GS\Program [AllUsers]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe O4 - GS\Program [Frank]: OpenOffice.org 3.4.1.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe (.not file.) O4 - GS\Program [Frank]: SpywareGuard.lnk . (...) -- C:\Program Files\SpywareGuard\sgmain.exe O4 - HKLM\..\Run: [TDispVol] . (.TOSHIBA Corporation - TDispVol.) -- C:\WINDOWS\system32\TDispVol.exe O4 - HKLM\..\Run: [TCtryIOHook] . (.TOSHIBA - TOSHIBA Control Utility Hotkey Hook.) -- C:\WINDOWS\system32\TCtrlIOHook.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [fst_fr_77] Clé orpheline =>PUA.FSTfr9 O4 - HKLM\..\Run: [Avira Systray] . (.Avira Operations GmbH & Co. KG - Avira.OE.Systray.) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [TPSMain] . (.TOSHIBA Corporation - Pas de description.) -- C:\WINDOWS\system32\TPSMain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe (.not file.) =>.Oracle Corporation O4 - HKLM\..\Run: [Start_Update_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] . (.Pas de propriétaire - Orange Updater.) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe O4 - HKLM\..\Run: [Start_SMSNotifier_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] . (.Pas de propriétaire - Notifier Orange.) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SMSNotifier.exe O4 - HKLM\..\Run: [Start_BusinessEverywhere_{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}] . (.Pas de propriétaire - Business Everywhere.) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe O4 - HKLM\..\Run: [StartCCC] . (...) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe =>.Logitech Inc O4 - HKLM\..\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [CeEKEY] . (.COMPAL ELECTRONIC INC. - TOSHIBA HotKey Utility.) -- C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [Camera Assistant Software] . (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe O4 - HKLM\..\Run: [BoxSync] . (.Box, Inc. - Box Sync.) -- c:\Program Files\Box\Box Sync\BoxSync.exe O4 - HKCU\..\Run: [TOSCDSPD] . (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\Frank\Application Data\Orange\OrangeInside\one\OrangeInside.exe O4 - HKCU\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe O4 - HKCU\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [Free Mahjong Games] C:\Documents and Settings\Frank\Local Settings\Application Data\WebPlayer\Free Mahjong Games\WebPlayer.exe (.not file.) =>Adware.SocialSkinz O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [TOSCDSPD] . (.TOSHIBA - CD/DVD Drive Acoustic Silencer.) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [RoboForm] . (.Siber Systems - RoboForm TaskBar Icon.) -- C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Documents and Settings\Frank\Application Data\Orange\OrangeInside\one\OrangeInside.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [Orange Installer] . (...) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [Logitech Vid] . (.Logitech Inc. - Logitech Vid HD.) -- C:\Program Files\Logitech\Vid HD\Vid.exe O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-117609710-1682526488-1801674531-1003\..\Run: [Free Mahjong Games] C:\Documents and Settings\Frank\Local Settings\Application Data\WebPlayer\Free Mahjong Games\WebPlayer.exe (.not file.) =>Adware.SocialSkinz ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Enregistrer les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F49} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Shareiiit options - {38771E1F-85E0-4A3E-92D8-1D7E62C32719} . (...) -- C:\Program Files\Shareiiit\32x32.png O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} . (.Siber Systems Inc. - RoboForm Main Module.) -- C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1356049882187 ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6250E525-CF07-42B1-A440-8DDDFF36FEB6}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CCS\Services\Tcpip\..\{94E520A3-87FC-4D98-9AE3-D0790FFBC6CA}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CCS\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CCS\Services\Tcpip\..\{9AF09262-8BE9-4FF7-A208-52A7EC25C49A}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7C65EE-6974-43AB-B9BC-1BAD6D88C864}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CCS\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BC66683A-1448-4DA9-9521-67B033BA29A4}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{6250E525-CF07-42B1-A440-8DDDFF36FEB6}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{94E520A3-87FC-4D98-9AE3-D0790FFBC6CA}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{9AF09262-8BE9-4FF7-A208-52A7EC25C49A}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{EE7C65EE-6974-43AB-B9BC-1BAD6D88C864}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{BC66683A-1448-4DA9-9521-67B033BA29A4}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{6250E525-CF07-42B1-A440-8DDDFF36FEB6}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS2\Services\Tcpip\..\{94E520A3-87FC-4D98-9AE3-D0790FFBC6CA}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS2\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS2\Services\Tcpip\..\{9AF09262-8BE9-4FF7-A208-52A7EC25C49A}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS2\Services\Tcpip\..\{EE7C65EE-6974-43AB-B9BC-1BAD6D88C864}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS2\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{BC66683A-1448-4DA9-9521-67B033BA29A4}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{6250E525-CF07-42B1-A440-8DDDFF36FEB6}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS3\Services\Tcpip\..\{94E520A3-87FC-4D98-9AE3-D0790FFBC6CA}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS3\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS3\Services\Tcpip\..\{9AF09262-8BE9-4FF7-A208-52A7EC25C49A}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS3\Services\Tcpip\..\{EE7C65EE-6974-43AB-B9BC-1BAD6D88C864}: NameServer = 50.7.75.30,76.73.6.110 O17 - HKLM\System\CS3\Services\Tcpip\..\{994C31BC-DA67-4156-88D9-E0E96C8AC033}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{BC66683A-1448-4DA9-9521-67B033BA29A4}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BEWConfigSrv (BEWConfigSrv) . (...) - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe O23 - Service: SecureUpdate (SecureUpdateSvc) . (...) - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe (.not file.) O23 - Service: (UMVPFSrv) . (.Logitech Inc. - Logitech User mode UMVPF service.) - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe ~ Services: 22 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Activation de Windows.job [282] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [410] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [398] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At6.job [410] [MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\Frank\APPLIC~1\HOOLAP~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [At2] (...) -- C:\DOCUME~1\Frank\APPLIC~1\HOOLAP~1\Hoolapp.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [At6] (...) -- C:\DOCUME~1\Frank\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] ~ Scheduled Task: 19 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (ejifesie) . (. - .) - C:\WINDOWS\system32\drivers\ejifesie.sys (.not file.) ~ Drivers: 108 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Helium - (.ClockworkMod.) [HKLM] -- {9A781940-AC41-4D5E-8E1E-76A04B916FB9} O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM] -- {232F1B14-7126-491F-AC8C-6123BA58FDE2} =>PUP.QuickShare ~ Logic: 22 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AskPartnerNetwork] [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\BitComet] =>P2P.BitComet [HKCU\Software\BrowseForTheCause] =>Adware.BrowseForTheCause [HKCU\Software\Hoolapp] [HKCU\Software\IncrediMail] [HKCU\Software\Memopal] [HKCU\Software\Shareiiit] [HKCU\Software\SingAlong] =>Adware.Singalng [HKLM\Software\ADBlock] [HKLM\Software\VBMZ] =>PUP.Duuqu [HKLM\Software\anset] ~ Key Software: 374 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 10/02/2014 - 01:04:51 - [11,011] ----D C:\Program Files\ClockworkMod O43 - CFD: 02/02/2014 - 13:28:50 - [0,007] ----D C:\Program Files\M-Downloader O43 - CFD: 21/01/2014 - 22:12:19 - [13,679] ----D C:\Program Files\MobileWiFi O43 - CFD: 21/02/2014 - 02:58:52 - [18,934] ----D C:\Program Files\NO-SPAMS O43 - CFD: 09/01/2014 - 17:11:16 - [0,952] ----D C:\Program Files\Shareiiit O43 - CFD: 19/09/2013 - 11:46:25 - [0] ----D C:\Program Files\tuto4pc_fr_45 =>PUP.AgenceExclusive O43 - CFD: 04/02/2014 - 10:40:56 - [0,045] ----D C:\Program Files\Uninstaller O43 - CFD: 10/01/2014 - 18:03:01 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN O43 - CFD: 24/05/2013 - 17:09:39 - [0] ----D C:\Documents and Settings\All Users\Application Data\IM O43 - CFD: 24/05/2013 - 17:07:44 - [0,012] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail O43 - CFD: 02/02/2014 - 00:17:08 - [27,641] -SH-D C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 09/01/2014 - 16:31:40 - [0,214] ----D C:\Documents and Settings\Frank\Application Data\BitComet =>P2P.BitComet O43 - CFD: 16/01/2014 - 23:00:33 - [5,040] ----D C:\Documents and Settings\Frank\Application Data\download.am-data O43 - CFD: 12/01/2014 - 21:08:14 - [0,011] ----D C:\Documents and Settings\Frank\Application Data\esuivi O43 - CFD: 02/02/2014 - 00:51:28 - [0] ----D C:\Documents and Settings\Frank\Application Data\TFP O43 - CFD: 02/02/2014 - 10:57:17 - [0,078] ----D C:\Documents and Settings\Frank\Application Data\{5682CA62-1A80-40AE-82A0-B67833CE75FF} O43 - CFD: 09/10/2013 - 06:50:28 - [0] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\AppsHat Mobile Apps =>Adware.MegaSearch O43 - CFD: 22/08/2012 - 02:38:08 - [0,028] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\Ares O43 - CFD: 24/05/2013 - 17:10:27 - [11,119] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\IM O43 - CFD: 14/01/2014 - 11:31:39 - [35,327] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\SelfExtractible O43 - CFD: 11/02/2014 - 17:17:27 - [0] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\Unzip Wizard O43 - CFD: 14/05/2013 - 11:43:54 - [0,001] ----D C:\Documents and Settings\Frank\Local Settings\Application Data\_ O43 - CFD: 10/02/2014 - 01:04:51 - [0,002] ----D C:\Documents and Settings\Frank\Menu Démarrer\Programmes\ClockworkMod O43 - CFD: 20/02/2014 - 19:46:23 - [0] ----D C:\Documents and Settings\Frank\Menu Démarrer\Programmes\Download.am ~ Program Folder: 260 Legitimates Filtered in 00mn 20s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.DE02C4D04088B69E64ECC30A3D9E22E5] - 09/02/2014 - 13:05:00 ---A- . (...) -- C:\WINDOWS\system32\ztvunace26.dll [77312] O44 - LFC:[MD5.EEA6103D96B51E41C058AD2676CDF53E] - 09/02/2014 - 13:05:00 ---A- . (...) -- C:\WINDOWS\system32\ztvunrar36.dll [162304] O44 - LFC:[MD5.A2CB40CDD8BA0B3617F167538DDAE8CA] - 10/02/2014 - 02:36:50 ---A- . (...) -- C:\WINDOWS\Filzip.ini [41] O44 - LFC:[MD5.3B3668512171A7070A9DBECACEC7F555] - 10/02/2014 - 22:29:58 ---A- . (...) -- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt [8302] O44 - LFC:[MD5.E68BCD5A4159667A0DFCF24C0224524C] - 15/02/2014 - 00:49:02 ---A- . (...) -- C:\WINDOWS\system32\lvcoinst.log [34724] O44 - LFC:[MD5.9BF1F5F8FC502AF808729E64DC8BDF9B] - 20/02/2014 - 19:42:12 ---A- . (...) -- C:\WINDOWS\system32\sqlite3.dll [268968] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/02/2014 - 22:23:14 ---A- . (...) -- C:\asc_rdflag [0] O44 - LFC:[MD5.254FFD9FE6CACC8E9D9EC8547973C924] - 21/02/2014 - 01:17:29 ---A- . (...) -- C:\WINDOWS\system.ini [246] O44 - LFC:[MD5.F5C397BEFBE878EBBAA17055D06359C7] - 21/02/2014 - 01:17:29 ---A- . (...) -- C:\WINDOWS\win.ini [507] O44 - LFC:[MD5.D94D009199DE4ACF78586C5231A8FE18] - 21/02/2014 - 02:08:22 ---A- . (...) -- C:\WINDOWS\wininit.ini [17274] O44 - LFC:[MD5.5F46A0008724AEED06461C8B2D345839] - 21/02/2014 - 02:59:39 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log [5532] O44 - LFC:[MD5.7A3BBAC3E6DD861889B1DC15F5377D89] - 21/02/2014 - 03:06:37 ---A- . (...) -- C:\UsbFix [Scan 1] PC-FRANK.txt [12293] O44 - LFC:[MD5.7B3CFAAD280555D7748761D475DBE1EA] - 21/02/2014 - 07:11:34 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.4599E83C283B253BF4A130F8303A3BEE] - 21/02/2014 - 07:11:36 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] ~ Files: 60 Legitimates Filtered in 00mn 05s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - SpywareGuard - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Frank\Mes documents\Downloads\incredimail_install.exe" [Enabled] .(..) -- C:\Documents and Settings\Frank\Mes documents\Downloads\incredimail_install.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Frank\Mes documents\Downloads\incredimail_install (1).exe" [Enabled] .(..) -- C:\Documents and Settings\Frank\Mes documents\Downloads\incredimail_install (1).exe O47 - AAKE:Key Export SP - "C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe" [Enabled] .(...) -- C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe O47 - AAKE:Key Export SP - "C:\Program Files\MobileWiFi\MobileWiFi.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\MobileWiFi\MobileWiFi.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe" [Enabled] .(..) -- C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BusinessEverywhere.exe O47 - AAKE:Key Export SP - "C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Orange\Orange Installer\OrangeInstaller.exe ~ Keys Export: 34 Legitimates Filtered in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{15ac3360-83ab-11e3-940b-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{183e4c63-871f-11e3-9412-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{183e4c64-871f-11e3-9412-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{1eff290a-8453-11e3-940c-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{246e41a7-87e1-11e3-9416-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{29493f80-8770-11e3-9414-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{2bd86905-8df5-11e3-9427-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{2bd8694a-8df5-11e3-9427-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{2bd86976-8df5-11e3-9427-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{2bd8697e-8df5-11e3-9427-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{375ac757-935b-11e3-9431-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{3dfcd9f2-885e-11e3-9418-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{49ac2ece-8d58-11e3-9424-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{58f03e76-89a2-11e3-941b-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{6bcae854-924d-11e3-942e-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{6bcae887-924d-11e3-942e-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{6c9dcb14-82e0-11e3-9409-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{6c9dcb15-82e0-11e3-9409-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{919754b6-7c8d-11e3-93ed-001b9e75246f}\AutoRun\command. (...) -- G:\AutoRunCardDetector.exe (.not file.) O51 - MPSK:{a0e0b0ea-88a2-11e3-9419-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{a0e0b0eb-88a2-11e3-9419-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{a24e4002-89c7-11e3-941c-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{a24e4003-89c7-11e3-941c-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{a24e4004-89c7-11e3-941c-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b26ac7eb-89ed-11e3-941d-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b26ac7fb-89ed-11e3-941d-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b26ac7fc-89ed-11e3-941d-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b26ac806-89ed-11e3-941d-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b26ac83d-89ed-11e3-941d-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b737306e-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b737307f-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b7373080-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b7373087-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b7373088-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{b7373089-8904-11e3-941a-001b9e75246f}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{bae8384b-8b5b-11e3-9420-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{cbd512b6-91b5-11e3-942d-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{cbd51302-91b5-11e3-942d-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{d9636da1-9044-11e3-9428-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{db245ae6-7c94-11e3-93ef-001b9e75246f}\AutoRun\command. (...) -- G:\AutoRunCardDetector.exe (.not file.) O51 - MPSK:{f3645515-98cb-11e3-943f-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{f3645519-98cb-11e3-943f-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{f3645523-98cb-11e3-943f-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{f5eee9a2-8c3b-11e3-9423-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe O51 - MPSK:{f5eee9ca-8c3b-11e3-9423-00037ab64bb6}\AutoRun\command. (.Pas de propriétaire - AutoRun.) -- G:\AutoRun.exe ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.FDB152102B95C804974A8919AFB47717] - 12/06/2013 - 13:10:56 ---A- . (...) -- C:\WINDOWS\system32\Drivers\DasPtct.SYS [31848] O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 30/10/2013 - 12:06:42 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032] O58 - SDL:[MD5.21B9BACDD4418B59B546C42B4C5A084A] - 08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ewdcsc.sys [25856] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/04/2008 - 12:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.F5F91FA6FE7E4AF269873CAA5F5B370E] - 06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\WINDOWS\system32\Drivers\mod7700.sys [861696] O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 11:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 11:23:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 13/04/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 11:23:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 06/12/2013 - 15:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\WINDOWS\system32\Drivers\psi_mf_x86.sys [16024] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/04/2008 - 12:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 11:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 13/04/2008 - 11:23:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 11:23:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 11:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 11:23:48 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 09/12/2013 - 11:37:21 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520] O58 - SDL:[MD5.560B0DCE52DFED6623B27C9BAFA6F236] - 23/01/2014 - 04:21:04 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudbus.sys [88576] O58 - SDL:[MD5.585FDB94DB04AC1C56298D1FD1F1389E] - 23/01/2014 - 04:21:04 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\WINDOWS\system32\Drivers\ssudmdm.sys [184192] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/04/2008 - 12:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.3712CA0811A4F2DBAD9459F96F001500] - 07/05/2013 - 16:29:29 ---A- . (...) -- C:\WINDOWS\system32\Drivers\WPRO_40_1340.sys [34576] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 18/07/2013 - 06:34:28 ---A- . (...) -- C:\WINDOWS\system32\FsUsbExDisk.Sys [37344] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/04/2008 - 12:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 5 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 29/10/2012 - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe (BEWConfigSrv) .(...) - LEGACY_BEWCONFIGSRV O64 - Services: CurCS - 14/03/2011 - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe (HWDeviceService.exe) .(.Pas de propriétaire - DCSHOST.) - LEGACY_HWDEVICESERVICE.EXE O64 - Services: CurCS - 06/12/2013 - C:\Program Files\Secunia\PSI\sua.exe (Secunia Update Agent) .(.Secunia - Secunia Update Agent.) - LEGACY_SECUNIA_UPDATE_AGENT ~ Legacy: 224 Legitimates Filtered in 00mn 01s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe (.not file.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Documents and Settings\Frank\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" http://www.awesomehp.com =>PUP.Awesomehp O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Opera.exe (.not file.) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Opera.exe (.not file.) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {247E19AA-BA0C-3537-E394-3D4FDD90A2A3} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} - (Yahoo! Search) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {BA53769A-BE85-4998-88C4-A24123697C7C} - (Google Custom Search) - http://www.gsrch.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][18/07/2013] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Documents and Settings\Frank\Bureau\FLVMPlayer.exe [4953944] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.C93DCD486FD9F26B38A221160AC32D4B] [WIS][30/01/2014] (.Google, Inc. - Google Drive.) -- C:\Windows\Installer\14d4325.msi [123392] [MD5.A297FFF55F27E1DCB549F652684A251B] [WIS][14/02/2014] (.Box, Inc. - Box Sync.) -- C:\Windows\Installer\39b673.msi [910336] [MD5.A955DCC932530B0B89BA612BC9832B9D] [WIS][24/05/2013] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\891f8.msi [2687488] ~ WIS: 128 Legitimates Filtered in 00mn 14s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 08/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 09/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.exe SS - | Demand 14/01/2014 21504 | (BoxSyncUpdateService) . (.Box Inc..) - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe SS - | Auto 14/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 14/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 28/01/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 25/06/2010 117264 | (rpcapd) . (.CACE Technologies, Inc..) - C:\Program Files\WinPcap\rpcapd.exe SS - | Auto 10/07/1658 0 | (SecureUpdateSvc) . (...) - C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe SS - | Demand 01/04/2011 152496 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe SR - | Auto 17/04/2007 364629 | (ACS) . (.Atheros.) - C:\WINDOWS\system32\acs.exe SR - | Auto 15/08/2012 9216 | (AgereModemAudio) . (.Agere Systems.) - C:\WINDOWS\system32\agrsmsvc.exe SR - | Auto 09/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 09/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 15/08/2012 483328 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SR - | Auto 29/01/2014 109112 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe SR - | Auto 29/10/2012 195536 | (BEWConfigSrv) . (...) - C:\Program Files\Orange\Orange Clé 3G+\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\BEWConfigSrv.exe SR - | Auto 19/11/2007 40960 | (CFSvcs) . (.TOSHIBA CORPORATION.) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe SR - | Auto 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 18/07/2013 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe SR - | Auto 14/03/2011 271712 | (HWDeviceService.exe) . (...) - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe SR - | Auto 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe SR - | Auto 16/02/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 06/12/2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe SR - | Auto 06/12/2013 662232 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\sua.exe SR - | Auto 18/01/2012 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe ~ Services: Scanned in 00mn 15s ---\\ Scan Additionnel (O88) Database Version : 13031 - (17/02/2014) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{232F1B14-7126-491F-AC8C-6123BA58FDE2}] =>PUP.QuickShare^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange [HKCU\Software\BrowseForTheCause] =>Adware.BrowseForTheCause [HKLM\Software\VBMZ] =>Toolbar.Conduit [HKCU\Software\SingAlong] =>Adware.Singalng [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake [HKCU\Software\USyndication] =>Trojan.USyndication [HKCU\Software\usyndication.com] =>Trojan.USyndication [HKLM\Software\Classes\SpeedDial.TSpeedDial] =>PUP.SpeedDial [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_77 =>PUA.FSTfr9^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Free Mahjong Games =>Adware.SocialSkinz^ C:\Program Files\tuto4pc_fr_45 =>PUP.AgenceExclusive^ C:\Documents and Settings\Frank\Application Data\BitComet =>P2P.BitComet^ C:\Documents and Settings\Frank\Local Settings\Application Data\AppsHat Mobile Apps =>Adware.MegaSearch^ C:\Documents and Settings\Frank\Local Settings\Application Data\Software =>Adware.Boxore C:\Documents and Settings\Frank\Local Settings\Application Data\Temp\Iminent =>Adware.IMBooster [HKCU\Software\BearShare] =>PUP.BearShare^ [HKCU\Software\BitComet] =>P2P.BitComet^ ~ Additionnel Scan: 200073 Items scanned in 00mn 16s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9 ~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz ~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare =>PUP.QuickShare ~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare ~ http://nicolascoolman.webs.com/apps/blog/show/26627928-adware-browseforthecause =>Adware.BrowseForTheCause ~ http://nicolascoolman.webs.com/apps/blog/show/27423721-adware-singalng =>Adware.Singalng ~ http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu ~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27328365-trojan-usyndication =>Trojan.USyndication ~ http://nicolascoolman.webs.com/apps/blog/show/32720552-pup-speeddial =>PUP.SpeedDial ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ MSI: 15 link(s) detected in 00mn 16s ~ 1352 Legitimates filtered by white list End of the scan (744 lines in 02mn 14s)(0)