pouvez vous me dire se qui ne va pas , merci
Rapport de ZHPDiag v2013.3.28.105 par Nicolas Coolman, Update du 28/03/2013
Run by ThierryGr at 29/03/2013 18:58:38
State : Version à jour.
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521
GCIE: Google Chrome v25.0.1364.172 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4090 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 236 GB (82%) free of 286 GB
---\\ Logged in mode
~ Computer Name: PC-THIERRYGR
~ User Name: ThierryGr
~ All Users Names: ThierryGr, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\ThierryGr\AppData\Roaming\
~ %Desktop% : C:\Users\ThierryGr\Desktop\
~ %Favorites% : C:\Users\ThierryGr\Favorites\
~ %LocalAppData% : C:\Users\ThierryGr\AppData\Local\
~ %StartMenu% : C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 236 Go of 286 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.27/02/2013 - 04:38:48.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/03/2013 - 09:56:41.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/02/2013 - 04:46:24.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.28/02/2013 - 21:14:03.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/78
~ Mon Bureau (My Desktop) : 1/646
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.B95AC0CDB8F068F0C024CD344B354298] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1274320] [PID.2908]
[MD5.D488A250019E213C8FB3B20E4DEA6D2A] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3573624] [PID.3784]
[MD5.FAA729BC3B4EC2900D14E1F0F4D30ED0] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [268248] [PID.1768]
[MD5.5397E32E882C0148CEC13D9EACFB7157] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [222208] [PID.1612]
[MD5.D54EAB26A6060E8A6318A947C8541B79] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6184448] [PID.776]
[MD5.0F5FAAC852DB4C340B7A2F187E3358B8] - (.Egis Technology Inc. - MyWinLocker Service.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [311592] [PID.1684]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\ThierryGr\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.fr/?gws_rd=ssl
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://www.microsoft.com/fr-fr/
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.microsoft.com/fr-fr/
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: IDM Helper [64Bits] - {0055C089-8582-441B-A0BF-17B458C2A3A8} . (.Internet Download Manager, Tonec Inc. - IDM Browser Helper Object.) -- C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection [64Bits] - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} . (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
~ BHO: Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-288523959-3676502038-438742901-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Internet Download Manager.lnk . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\system32\SnippingTool.exe
O4 - GS\TaskBar: Veille.lnk . (...) -- ystem32\rundll32.exe (.not file.)
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Poker 770.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Poker 770\casino.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\QuickLaunch: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\QuickLaunch: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\ThierryGr\Desktop\6 . pour plus des logiciels et astuces cliquez ici.url . (.Skype Technologies S.A. - Skype.) -- C:\Users\ThierryGr\Desktop\6 . pour plus des logiciels et astuces cliquez ici.url
O4 - GS\Desktop: Charlie Poker.lnk . (...) -- C:\Users\ThierryGr\Downloads\Programs\CharliePoker.exe
O4 - GS\Desktop: EverestPoker.fr.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\EverestPoker.fr\casino.exe
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Free Alarm Clock.lnk . (.Comfort Software Group - Free Alarm Clock.) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
O4 - GS\Desktop: Partouche Poker.fr.lnk . (...) -- C:\Program Files (x86)\Partouche Poker.fr\PartouchePoker.exe
O4 - GS\Desktop: PartyPoker.fr.lnk . (...) -- C:\Programs\PartyFrance\PartyFrance.exe
O4 - GS\Desktop: PMU Poker.lnk . (...) -- C:\Programs\PMU\PMU.exe
O4 - GS\Desktop: Poker 770.lnk . (.Playtech - Playtech Client Engine Application.) -- C:\Poker\Poker 770\casino.exe
O4 - GS\Desktop: PokerStars.fr.lnk . (.PokerStars - PokerStars Update.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
O4 - GS\SendTo: SendTo - Raccourci.lnk . (...) -- C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\SendTo
~ Global Startup: Scanned in 00mn 00s
---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 6 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{17A84B06-4747-48A0-8A40-55144FCDF6F0}: NameServer = 78.47.115.195,86.64.145.143
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{52C08618-7E1D-400D-A34C-68579460E9DD}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DE6153-82E2-48A1-B6E3-8153394333D4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: MyWinLocker Service (MWLService) . (.Egis Technology Inc. - MyWinLocker Service.) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
~ Services: 1 Legitimates Scanned in 00mn 04s
---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1070]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1074]
[MD5.5A78D672EAE975D40DE35CE6B650282B] [APT] [ASC6_PerformanceMonitor] (.IObit.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [703808]
[MD5.74660C1E9139D95F4E006E8E49EA4986] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3273136]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648]
[MD5.7F59E4F51DA9C9C6B29B881D8DD92400] [APT] [Burn Notification] (.Acer.) -- C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [675840]
~ Scheduled Task: Scanned in 00mn 04s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 7 Legitimates Scanned in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 78 Legitimates Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.02) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Bundled software uninstaller - (...) [HKLM][64Bits] -- bi_uninstaller
O42 - Logiciel: ExpressFiles - (.http://www.express-files.com/.) [HKCU][64Bits] -- ExpressFiles
O42 - Logiciel: Free Alarm Clock 2.7.0 - (.Comfort Software Group.) [HKLM][64Bits] -- {8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1
O42 - Logiciel: Hola(TM) 1.0.241 - Better Internet - (.Hola Networks Ltd..) [HKLM][64Bits] -- Hola
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: MediaMonkey 4.0 - (.Ventis Media Inc..) [HKLM][64Bits] -- MediaMonkey_is1
O42 - Logiciel: PMU Poker - (.PMU.) [HKLM][64Bits] -- PMUPoker
O42 - Logiciel: Partouche Poker.fr - (.Partouche.) [HKLM][64Bits] -- Partouche Poker.fr
O42 - Logiciel: PartyPoker.fr - (.PartyFrance.) [HKLM][64Bits] -- PartyPokerFr
O42 - Logiciel: Poker 770 - (...) [HKCU][64Bits] -- Poker 770
O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM][64Bits] -- PokerStars.fr
O42 - Logiciel: Sandboxie 3.76 (64-bit) - (.SANDBOXIE L.T.D.) [HKLM][64Bits] -- Sandboxie
O42 - Logiciel: Tixati - (...) [HKLM][64Bits] -- tixati
O42 - Logiciel: UnibetFR Poker 1.0.0 - (.Unibet.) [HKLM][64Bits] -- UnibetFR Poker_is1
O42 - Logiciel: VpnOneClick - (.VpnOneClick.) [HKCU][64Bits] -- 31dfee6c296bca85
O42 - Logiciel: Winamax Poker - (.Winamax.) [HKLM][64Bits] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O42 - Logiciel: Winamax Poker - (.Winamax.) [HKLM][64Bits] -- {4C7445F5-21FF-8D8B-B620-3A69444E3695}
~ Logic: 103 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\BitTorrent]
[HKCU\Software\ComfortSoftware]
[HKCU\Software\MediaMonkey]
[HKCU\Software\PMU]
[HKCU\Software\PTECH]
[HKCU\Software\Partouche Technologies]
[HKCU\Software\Partouche]
[HKCU\Software\PartyFrance]
[HKCU\Software\geissplugin]
[HKLM\Software\Wow6432Node\ExpressFiles]
[HKLM\Software\Wow6432Node\Partouche]
[HKLM\Software\cFos]
~ Key Software: 172 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/03/2013 - 01:59:02 - [0,003] ----D C:\Program Files (x86)\Driver Fusion
O43 - CFD: 04/03/2013 - 06:42:56 - [9,090] ----D C:\Program Files (x86)\ExpressFiles
O43 - CFD: 27/02/2013 - 03:33:12 - [2,712] ----D C:\Program Files (x86)\FreeAlarmClock
O43 - CFD: 07/03/2013 - 12:00:36 - [4,634] ----D C:\Program Files (x86)\GUM6490.tmp
O43 - CFD: 07/03/2013 - 11:36:36 - [4,634] ----D C:\Program Files (x86)\GUM698F.tmp
O43 - CFD: 19/03/2013 - 18:00:11 - [50,122] ----D C:\Program Files (x86)\MediaMonkey
O43 - CFD: 14/03/2013 - 18:34:54 - [135,426] ----D C:\Program Files (x86)\Partouche Poker.fr
O43 - CFD: 06/03/2013 - 06:27:14 - [70,517] ----D C:\Program Files (x86)\PokerStars.FR
O43 - CFD: 07/03/2013 - 19:59:35 - [4,732] ----D C:\Program Files (x86)\Winamax Poker
O43 - CFD: 19/03/2013 - 17:59:59 - [0,535] ----D C:\ProgramData\MediaMonkey
O43 - CFD: 27/02/2013 - 15:25:39 - [0,000] ----D C:\ProgramData\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 26/02/2013 - 18:49:38 - [0,000] ----D C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
O43 - CFD: 27/02/2013 - 15:25:39 - [0,000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 27/02/2013 - 03:30:12 - [0] -SH-D C:\Users\ThierryGr\AppData\Roaming\.#
O43 - CFD: 14/03/2013 - 17:13:29 - [0] ----D C:\Users\ThierryGr\AppData\Roaming\.Temp_Updater_Directory
O43 - CFD: 28/02/2013 - 23:18:53 - [6,178] ----D C:\Users\ThierryGr\AppData\Roaming\1
O43 - CFD: 25/03/2013 - 01:53:49 - [0,003] ----D C:\Users\ThierryGr\AppData\Roaming\adma
O43 - CFD: 18/03/2013 - 08:50:26 - [11,071] ----D C:\Users\ThierryGr\AppData\Roaming\cef-cache
O43 - CFD: 18/03/2013 - 23:24:44 - [6,178] ----D C:\Users\ThierryGr\AppData\Roaming\CharliePoker
O43 - CFD: 04/03/2013 - 06:48:10 - [0,008] ----D C:\Users\ThierryGr\AppData\Roaming\ExpressFiles
O43 - CFD: 28/03/2013 - 02:20:40 - [1,721] ----D C:\Users\ThierryGr\AppData\Roaming\MediaMonkey
O43 - CFD: 19/03/2013 - 16:00:09 - [13,624] ----D C:\Users\ThierryGr\AppData\Roaming\OpenCandy
O43 - CFD: 18/03/2013 - 08:50:13 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\PartyFrance
O43 - CFD: 28/02/2013 - 13:23:56 - [0] ----D C:\Users\ThierryGr\AppData\Roaming\PDAppFlex
O43 - CFD: 07/03/2013 - 17:20:44 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\PMU
O43 - CFD: 24/03/2013 - 09:34:18 - [0,695] ----D C:\Users\ThierryGr\AppData\Roaming\tixati
O43 - CFD: 25/03/2013 - 01:08:16 - [0,001] ----D C:\Users\ThierryGr\AppData\Local\BACS
O43 - CFD: 26/02/2013 - 22:19:00 - [0,214] ----D C:\Users\ThierryGr\AppData\Local\Bundled software uninstaller
O43 - CFD: 19/03/2013 - 18:14:52 - [0] ----D C:\Users\ThierryGr\AppData\Local\MediaMonkey
O43 - CFD: 28/02/2013 - 01:40:33 - [0,151] ----D C:\Users\ThierryGr\AppData\Local\P5
O43 - CFD: 27/02/2013 - 18:44:18 - [0,000] ----D C:\Users\ThierryGr\AppData\Local\Partouche Technologies
O43 - CFD: 25/03/2013 - 19:19:11 - [3,255] ----D C:\Users\ThierryGr\AppData\Local\PokerStars.FR
O43 - CFD: 06/03/2013 - 06:25:48 - [0,003] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
O43 - CFD: 04/03/2013 - 06:33:36 - [0,001] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
O43 - CFD: 27/02/2013 - 23:45:59 - [0,000] ----D C:\Users\ThierryGr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VpnOneClick
~ Program Folder: 193 Legitimates Scanned in 00mn 24s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D99ECBC985B621682AEA20CE3E1620C0] - 26/03/2013 - 22:47:58 ---A- . (...) -- C:\AdwCleaner[R10].txt [1845]
O44 - LFC:[MD5.E92772058A3F40B568789D6C53FD350B] - 26/03/2013 - 19:33:57 ---A- . (...) -- C:\AdwCleaner[R9].txt [1784]
O44 - LFC:[MD5.B235883236189ECF02860EECEDF5D88A] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Adapter.) -- C:\Windows\System32\Drivers\hola_net.sys [86512]
O44 - LFC:[MD5.02B4CBF7C17A164E28173F461E16C511] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Management Driver.) -- C:\Windows\System32\Drivers\hola_drv.sys [570480]
O44 - LFC:[MD5.91855D950C56B1CF4CCA15F212ADB672] - 25/03/2013 - 20:16:29 RSHAD . (.Hola Networks Ltd. - Hola Network Monitor Driver.) -- C:\Windows\System32\Drivers\hola_mon_drv.sys [86256]
O44 - LFC:[MD5.D84F5E8901FCABA3495FB3F40A4960A4] - 25/03/2013 - 05:12:17 ---A- . (...) -- C:\AdwCleaner[R8].txt [1582]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 09:56:41 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 09:56:41 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.F5C7EAE8B2247F40F7B8B600072D667B] - 22/03/2013 - 19:31:18 ---A- . (...) -- C:\AdwCleaner[R7].txt [1521]
O44 - LFC:[MD5.551B4A8BCEAE93CC5EF1B2A8653B0364] - 22/03/2013 - 18:53:36 ---A- . (...) -- C:\Windows\Sandboxie.ini [1612]
O44 - LFC:[MD5.A55BD908C70E528237D9642AE7F6A271] - 19/03/2013 - 15:33:01 ---A- . (...) -- C:\AdwCleaner[R6].txt [1388]
O44 - LFC:[MD5.3D384E18A0C7FCB605D13E1E46BF862A] - 17/03/2013 - 13:08:36 ---A- . (...) -- C:\AdwCleaner[R5].txt [1339]
O44 - LFC:[MD5.A7C6FDA563AB8295B649DD416CDF3AD6] - 15/03/2013 - 04:32:25 ---A- . (...) -- C:\AdwCleaner[R4].txt [1278]
O44 - LFC:[MD5.A41EBAA9418FBA438375380C35E59AD9] - 07/03/2013 - 10:34:52 ---A- . (...) -- C:\Windows\win.ini [419]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/03/2013 - 14:11:45 RSHAD . (...) -- C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01009.Wdf [0]
O44 - LFC:[MD5.D6FCCE1CC439D6E3238393F1E34C48D2] - 05/03/2013 - 14:44:39 ---A- . (...) -- C:\AdwCleaner[S3].txt [3857]
O44 - LFC:[MD5.B85BF5AE9DE91AFF40F072554A219650] - 05/03/2013 - 10:33:02 ---A- . (...) -- C:\AdwCleaner[R3].txt [3755]
O44 - LFC:[MD5.1EB47301104C576B7B77AC07F6982631] - 03/03/2013 - 11:09:20 ---A- . (...) -- C:\AdwCleaner[R2].txt [1146]
O44 - LFC:[MD5.99D120F8E107AD2437E75DFA0EF8B714] - 03/03/2013 - 07:50:12 ---A- . (...) -- C:\AdwCleaner[S2].txt [25989]
O44 - LFC:[MD5.C87DAD3F7B698D2865FE4154E1623459] - 03/03/2013 - 07:49:44 ---A- . (...) -- C:\AdwCleaner[R1].txt [25787]
O44 - LFC:[MD5.9A67F4489F341AFFDC92D7926A8B3299] - 03/03/2013 - 04:23:19 ---A- . (...) -- C:\AdwCleaner[S1].txt [3218]
O44 - LFC:[MD5.DD72849FE94E6F49732E1E9A6484FBAF] - 28/02/2013 - 23:50:31 ---A- . (.Microsoft - Filtre du convertisseur RDP (redirecteur).) -- C:\Windows\SysNative\DShowRdpFilter.dll [281600]
O44 - LFC:[MD5.DD72849FE94E6F49732E1E9A6484FBAF] - 28/02/2013 - 23:50:31 ---A- . (.Microsoft - Filtre du convertisseur RDP (redirecteur).) -- C:\Windows\System32\DShowRdpFilter.dll [281600]
O44 - LFC:[MD5.0A551CCDEF9D6F99A008B5B075354650] - 28/02/2013 - 23:50:04 ---A- . (.Microsoft - robocopy.) -- C:\Windows\SysNative\Robocopy.exe [128000]
O44 - LFC:[MD5.0A551CCDEF9D6F99A008B5B075354650] - 28/02/2013 - 23:50:04 ---A- . (.Microsoft - robocopy.) -- C:\Windows\System32\Robocopy.exe [128000]
O44 - LFC:[MD5.345BC7CADBE91E78B52497EF3B0D910B] - 28/02/2013 - 23:47:57 ---A- . (.Windows (R) Codename Longhorn DDK provider - Services de gestion des polices.) -- C:\Windows\SysNative\fms.dll [116224]
O44 - LFC:[MD5.345BC7CADBE91E78B52497EF3B0D910B] - 28/02/2013 - 23:47:57 ---A- . (.Windows (R) Codename Longhorn DDK provider - Services de gestion des polices.) -- C:\Windows\System32\fms.dll [116224]
O44 - LFC:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 28/02/2013 - 23:47:03 RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\Drivers\HpSAMD.sys [78720]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 28/02/2013 - 21:19:04 ---A- . (...) -- C:\Windows\SysNative\locale.nls [420064]
O44 - LFC:[MD5.1153AC6E133AA849853DFD407B086B80] - 28/02/2013 - 21:19:04 ---A- . (...) -- C:\Windows\System32\locale.nls [420064]
O44 - LFC:[MD5.A2E0F1E01A0983E9C94565BBEC862BF7] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification COB-AU.) -- C:\Windows\SysNative\cob-au.rs [40960]
O44 - LFC:[MD5.A2E0F1E01A0983E9C94565BBEC862BF7] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification COB-AU.) -- C:\Windows\System32\cob-au.rs [40960]
O44 - LFC:[MD5.65A8302C7551CFE45FAA2BC085C9E7E2] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification DJCTQ.) -- C:\Windows\SysNative\djctq.rs [15360]
O44 - LFC:[MD5.65A8302C7551CFE45FAA2BC085C9E7E2] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification DJCTQ.) -- C:\Windows\System32\djctq.rs [15360]
O44 - LFC:[MD5.54B11BB2AFBC3D5EBA9C96F0C1820B9B] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification FPB.) -- C:\Windows\SysNative\fpb.rs [46592]
O44 - LFC:[MD5.54B11BB2AFBC3D5EBA9C96F0C1820B9B] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification FPB.) -- C:\Windows\System32\fpb.rs [46592]
O44 - LFC:[MD5.997938D423CE830161CB6059434E3C9F] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification OFLC-NZ.) -- C:\Windows\SysNative\oflc-nz.rs [45568]
O44 - LFC:[MD5.997938D423CE830161CB6059434E3C9F] - 28/02/2013 - 21:17:19 ---A- . (.Microsoft - Système de classification OFLC-NZ.) -- C:\Windows\System32\oflc-nz.rs [45568]
O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 28/02/2013 - 21:15:49 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [3]
O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 28/02/2013 - 21:15:30 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [3]
O44 - LFC:[MD5.018423F8F2FB945B039A16D05F3B1D50] - 19/06/2012 - 13:31:00 RSHAD . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [293889]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/11/2010 - 02:48:34 ---A- . (...) -- C:\Windows\SysNative\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/11/2010 - 02:48:34 RSHAD . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 05/11/2010 - 03:20:53 ---A- . (...) -- C:\Windows\SysNative\systemsf.ebd [347904]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 05/11/2010 - 03:20:53 RSHAD . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 05/11/2010 - 03:20:45 ---A- . (...) -- C:\Windows\SysNative\RacRules.xml [105559]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 05/11/2010 - 03:20:45 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
~ Files: 1831 Legitimates Scanned in 01mn 07s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 8 Legitimates Scanned in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Advanced SystemCare 6 [Key] . (.IObit - ASCTray.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
O53 - SMSR:HKLM\...\startupreg\IDMan [Key] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O53 - SMSR:HKLM\...\startupreg\MSC [Key] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O53 - SMSR:HKLM\...\startupreg\NoIE4StubProcessing [Key] . (.Microsoft Corporation - Outil de Registre de la console.) -- C:\Windows\system32\reg.exe
~ SMSR Keys: 5 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInternetOpenWith"=1
~ Keys: Scanned in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.D5BCB77BE83CF99F508943945D46343D] - 26/03/2009 - 20:16:08 ---A- . (.Dritek System Inc. - Dritek 64-bit PS/2 Keyboard Filter Driver.) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys [25608]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 25/03/2013 - C:\Windows\System32\DRIVERS\hola_drv.sys (hola-drv) .(.Hola Networks Ltd. - Hola Network Management Driver.) - LEGACY_HOLA-DRV
O64 - Services: CurCS - 25/03/2013 - C:\Windows\System32\DRIVERS\hola_mon_drv.sys (hola-mon-drv) .(.Hola Networks Ltd. - Hola Network Monitor Driver.) - LEGACY_HOLA-MON-DRV
O64 - Services: CurCS - 16/12/2012 - C:\Program Files\Sandboxie\SbieDrv.sys (SbieDrv) .(.SANDBOXIE L.T.D - Sandboxie Kernel Mode Driver.) - LEGACY_SBIEDRV
~ Legacy: 82 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) -
https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.62B7C506B092D460898F3296DA94B728] [SPRF][18/07/2009] (.Oberon Media - FullRemove.) -- C:\ProgramData\FullRemove.exe [36136]
[MD5.0E0045E0BE24AADE596C83E52D58F683] [SPRF][29/03/2013] (...) -- C:\Users\ThierryGr\AppData\Local\Temp\~gu-ver.dat [116]
[MD5.E12994628BCFA505B4C21EFFF18F1FCB] [SPRF][18/03/2013] (.France Telecom - DSLtest.) -- C:\Users\ThierryGr\Desktop\DSLtest2105.exe [1551872]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{42F0998B-EDE0-4932-B35A-64B8E6FF4BFB}" | In - None - P6 - TRUE | .(.Acer Incorporated - Acer Arcade Deluxe.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
O87 - FAEL: "{FAFA97D6-AD3A-4AD6-BC93-3C1777A6BE8A}" | In - None - P6 - TRUE | .(.Acer Corp. - Acer Arcade Deluxe PlayMovie.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
O87 - FAEL: "{012851C1-A837-4E95-8930-94B3EF610700}" | In - None - P6 - TRUE | .(.Acer Corp. - Acer Arcade Deluxe PlayMovie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
O87 - FAEL: "{F225FA05-9897-4EF1-9C2E-1CB07862F482}" | In - None - P6 - TRUE | .(.Acer Incorporated - Acer HomeMedia.) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
O87 - FAEL: "TCP Query User{64E5982C-C5DD-4F17-B97B-CCA46632B38E}C:\program files\tixati\tixati.exe" | In - Private - P6 - TRUE | .(.Tixati Software Inc. - Tixati.) -- C:\program files\tixati\tixati.exe
O87 - FAEL: "UDP Query User{7D23861D-D432-4D0B-B921-32F4ED670AED}C:\program files\tixati\tixati.exe" | In - Private - P17 - TRUE | .(.Tixati Software Inc. - Tixati.) -- C:\program files\tixati\tixati.exe
O87 - FAEL: "{0014639D-70DF-4658-8876-E27E70AF36D3}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe
O87 - FAEL: "{3123EA61-96B9-42EF-80A5-EDC51818EAED}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressDL Application.) -- C:\Program Files (x86)\ExpressFiles\expressdl.exe
O87 - FAEL: "{F5F585D8-8AD5-4AE7-8E79-140213B5816F}" | In - Private - P6 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
O87 - FAEL: "{49C27F38-BE4C-4EA6-9CD5-D34BF469CE6A}" | In - Private - P17 - TRUE | .(.http://www.express-files.com/ - ExpressFiles Application.) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
O87 - FAEL: "{6FC0CAE8-58FD-4BEE-916E-FFE6D6E5934E}" | In - Private - P6 - TRUE | .(.Hola Networks Ltd. - Hola Service.) -- C:\Program Files\Hola\app\hola_svc.exe
O87 - FAEL: "{2A28CE90-183F-454B-9C23-6FA07687439C}" | In - Private - P17 - TRUE | .(.Hola Networks Ltd. - Hola Service.) -- C:\Program Files\Hola\app\hola_svc.exe
~ Firewall: 151 Legitimates Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11334 - (28/03/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\482AA67AD25E6E74E9F48BD5FBE8533C] =>Adware.IMBooster
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\poker 770] =>Adware.Casino
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED] =>Adware.IMBooster
C:\Users\ThierryGr\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\ThierryGr\AppData\Local\Bundled software uninstaller =>Adware.MegaSearch
~ Additionnel: Scanned in 00mn 14s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9EC6D81181F59F2459A84176A626F9ED" . (.Iminent.) -- C:\Windows\Installer\{118D6CE9-5F18-42F9-958A-14676A629FDE}\imbooster.ico
~ Update Products: 82 Legitimates Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 15/01/2013 465216 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Disabled 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Disabled 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Disabled 02/08/2012 204288 | (BrcmMgmtAgent) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
SS - | Disabled 05/08/2009 844320 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SS - | Disabled 26/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 26/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Disabled 26/02/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Disabled 25/03/2013 5309552 | (hola_svc) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_svc.exe
SS - | Disabled 25/03/2013 5309552 | (hola_updater) . (.Hola Networks Ltd..) - C:\Program Files\Hola\app\hola_updater.exe
SS - | Disabled 11/12/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/08/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Disabled 21/08/2009 62720 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SS - | Disabled 18/06/2009 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
SS - | Disabled 18/06/2009 144640 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
SS - | Disabled 16/12/2012 123664 | (SbieSvc) . (.SANDBOXIE L.T.D.) - C:\Program Files\Sandboxie\SbieSvc.exe
SS - | Disabled 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
End of the scan (647 lines in 02mn 30s)(0)
Afficher la suite
