Piratage

Fermé
penetfred Messages postés 153 Date d'inscription lundi 18 août 2008 Statut Membre Dernière intervention 1 novembre 2020 - Modifié par baladur13 le 21/04/2013 à 10:43
Bonjour!?
Pourriez vous me dire si mon ordi est pirater ou infecter
Rapport de ZHPDiag v2013.4.19.112 par Nicolas Coolman, Update du 19/04/2013
Run by FRED at 20/04/2013 11:35:12
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Microsoft Security Client v4.2.0223.1
Windows Defender W7

---\\ System Optimizer

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 199 GB (70%) free of 281 GB

---\\ Logged in mode
~ Computer Name: FRED-PC
~ User Name: FRED
~ All Users Names: UpdatusUser, HomeGroupUser$, FRED, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\FRED\AppData\Roaming\
~ %Desktop% : C:\Users\FRED\Desktop\
~ %Favorites% : C:\Users\FRED\Favorites\
~ %LocalAppData% : C:\Users\FRED\AppData\Local\
~ %StartMenu% : C:\Users\FRED\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 199 Go of 281 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B8965FB53551B5455630A4B804D0791F] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 07:04:53.) -- C:\Windows\system32\Drivers\ntfs.sys [1655656]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/732
~ Mes musiques (My Musics) : 14/71
~ Mes Favoris (My Favorites) : 1/41
~ Mes Documents (My Documents) : 9/1782
~ Mon Bureau (My Desktop) : 2/398
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.F6573840989C4E8ED2EBF8B0644CF500] - (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\Neuf\Kit\9props.exe [959880] [PID.2504]
[MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\FRED\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.2828]
[MD5.448B572F9505CE50A21BBD9312AEAAB4] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208] [PID.2848]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3044]
[MD5.0540C38069CD5212B241E62AC1990201] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe [611872] [PID.2868]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.1268]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4064]
[MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.364]
[MD5.774CD0E47EB7CB97A225AD120CD85CFD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6879744] [PID.3000]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1360]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496] [PID.1568]
[MD5.A21E58F345F337316A98C5121CBE17E8] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.1772]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232] [PID.1928]
[MD5.9BFC39609262E19654BE75F5A34CAB50] - (.MusicLab, LLC - Data Manager.) -- C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe [1684544] [PID.3024] =>PUP.BearShare
~ Processes Running: Scanned in 00mn 02s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\FRED\AppData\Roaming\Mozilla\Firefox\Profiles\bioh5z47.default\prefs.js
C:\Users\FRED\AppData\Roaming\Mozilla\Firefox\Profiles\bioh5z47.default\user.js
M3 - MFPP: Plugins - [FRED] -- C:\Users\FRED\AppData\Roaming\Mozilla\Firefox\Profiles\bioh5z47.default\searchplugins\delta.xml
M3 - MFPP: Plugins - [FRED] -- C:\Users\FRED\AppData\Roaming\Mozilla\Firefox\Profiles\bioh5z47.default\searchplugins\Search_Results.xml
M3 - MFPP: Plugins - [FRED] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon
M3 - MFPP: Plugins - [FRED] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\glarysearch.xml
M3 - MFPP: Plugins - [FRED] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
M0 - MFSP: prefs.js [FRED - bioh5z47.default] www.sfr.fr
M2 - MFEP: prefs.js [FRED - bioh5z47.default\{000F1EA4-5E08-4564-A29B-29076F63A37A}] [] SOE Web Installer v1.0.3.154 (..)
M2 - MFEP: prefs.js [FRED - bioh5z47.default\{C9B68337-E93A-44EA-94DC-CB300EC06444}] [] IMinent Toolbar v3.26.0 (..) =>Adware.IMBooster
P2 - FPN: [HKCU] [@soe.sony.com/installer,version=1.0.3] - (...) -- C:\Users\FRED\AppData\Roaming\Mozilla\Firefox\Profiles\bioh5z47.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: DataMngr [64Bits] - {B939CF93-F2CB-443d-956C-DC523D85C9DB} . (.MusicLab, LLC - Url Helper.) -- C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\BrowserConnection.dll =>PUP.BearShare
~ BHO: 6 Legitimates Filtered in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\Neuf\Kit\9props.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\FRED\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [DATAMNGR] . (.MusicLab, LLC - Data Manager.) -- C:\Program Files (x86)\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe =>PUP.BearShare
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-1359478763-2437198751-451399895-1000\..\Run: [Connexion SFR 9props.exe] . (.SFR - Propriétés de la connexion SFR.) -- C:\Program Files (x86)\Neuf\Kit\9props.exe
O4 - HKUS\S-1-5-21-1359478763-2437198751-451399895-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\FRED\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1359478763-2437198751-451399895-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\Desktop: Web Photo Album.lnk . (...) -- C:\Program Files (x86)\Web Photo Album\webalbum.exe (.not file.)
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: WildTangent Games App - emachines.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop: Free Realms.lnk - Clé orpheline
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe
O4 - GS\Desktop: LastChaosFRA.lnk . (...) -- C:\GAMIGO\LastChaosFRA\LC.exe
O4 - GS\Desktop: LCGenericName02.lnk . (...) -- C:\Program Files (x86)\LCGenericName02\LC.exe
O4 - GS\Desktop: Microsoft Security Essentials.lnk . (...) -- C:\Program Files (x86)\Microsoft Security Client\msseces.exe (.not file.)
O4 - GS\Desktop: Play EterniaLC!.lnk . (...) -- C:\Program Files (x86)\EterniaGames\EterniaLCClassic\LC.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{70B2A71F-8C03-469D-9028-E4E45B8A181E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{70B2A71F-8C03-469D-9028-E4E45B8A181E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{70B2A71F-8C03-469D-9028-E4E45B8A181E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\PROGRA~3\Wincert\WIN64C~1.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (\aB'?) - File not found
O34 - HKLM BootExecute: (?nativeauth.exe) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{040640EB-A30F-43B6-97D7-9C21115228F6}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{060C97F4-97B6-4875-8943-24E3E6603B0E}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{0AAB6E46-712F-4D9C-B19B-1174E8544B1A}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{0D47445C-9614-434C-91A0-05BE5C9F9D92}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{136CB789-99A1-4A07-AB67-7CDE7A921C87}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{16D7516E-9A92-4CFE-BA7F-BBA0AF075EF6}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{17A071C0-CA64-4561-966C-6AAF6BB16210}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.5BF994DC70335A01AAE295D326813267] [APT] [{1D79B56A-F657-4789-ADFA-708C518E87C7}] (...) -- C:\Program Files (x86)\Gameforge4D\AirRivals\AirRivals.exe [790528]
[MD5.8D699C26857440661FAD1AED839FFC79] [APT] [{2804AC57-5BF9-4434-AD2C-4F7681AFBE70}] (.Acresso Software Inc..) -- C:\Program Files (x86)\InstallShield Installation Information\{04634A14-619B-4F53-88B3-2A48FB3A99C6}\setup.exe [393216]
[MD5.14A952F4B39B950D71BC30BAD9633EDD] [APT] [{2E936BF8-9363-4873-816F-32E90F5680F1}] (.Eastman Kodak Company.) -- C:\Users\FRED\Downloads\setup.exe [26265288]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{31DBE168-F32B-45BF-AE23-2AD276D27DEB}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{32BD2437-7A9A-4C4D-BF1F-23769710068D}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{40432504-48E6-43D0-ABF6-36898E019F07}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{419650DE-0B29-4F6F-A558-1A512361EF02}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{46DA9269-368E-4193-9FD5-9E29D37B6EB4}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{48039303-0B25-40CA-9AF7-EFADCD974646}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.00000000000000000000000000000000] [APT] [{48E3D41D-3B5C-4E53-8FB3-7D51A187235B}] (...) -- C:\Program Files (x86)\LCGenericName01\Uninstall.exe (.not file.) [0]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{5472FD9F-7283-441A-81FF-9F0CC5F0DD55}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{5813E8E3-5DD6-48BB-8812-2443DD9406E2}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{5ECC5F30-5313-435E-8605-5B3E6F148ADA}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{67DA9CF9-6615-4C92-B7F7-E38CF0681E00}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{79947085-B215-4021-9803-DEFF117F2F92}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{836877C2-65F6-4AFA-B7F1-CE64D8EFDDEF}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{8574685B-9E50-46C4-9CD2-644C398EAA22}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.00000000000000000000000000000000] [APT] [{8B6794E2-B2E8-4F30-A2F0-318DD8212B2F}] (...) -- D:\PROGRAM\32\Setup32.exe (.not file.) [0]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{8FEFEAD0-9ACE-4ADA-A22A-20A26D7C749D}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{91B3BA10-2117-4C60-A182-CB5CA52403A6}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.00000000000000000000000000000000] [APT] [{9623B2C6-CD90-4249-9C3F-F0770301070D}] (...) -- C:\Program Files (x86)\Eternia LastChaos Classic\Uninstall.exe (.not file.) [0]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{9C483994-90AC-40B9-A9D0-8A6A306FD13E}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{A2516BBF-3572-44A9-B085-CACA0FF4D08F}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{A46869A7-1F56-4B59-ABDD-F9A05D897D62}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{A815C65A-6510-4EE7-8569-F8C7D5AB408F}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{A8D3FD98-353C-481E-AE38-5A352D8B34D2}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{AC8EBEDF-AC0A-4EC6-A933-1A39E8E21FE6}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{BE09AABC-939E-414C-84E3-D70269053AEE}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{BE77BEBE-6BBF-4BF8-804D-B1649F57C040}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{DA53089B-5512-4196-BC0E-07683589E184}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{DA92EE30-997A-43D0-BBA8-78732F629ADC}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.00000000000000000000000000000000] [APT] [{DDB82AD5-8947-43F7-A219-C0D5E159F8B9}] (...) -- C:\Users\FRED\AppData\LocalLow\Sony Online Entertainment\uninst.exe (.not file.) [0]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{E7137A5C-EFED-4F60-8419-2FBD1D167017}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{F8E40D21-E791-4E21-9BEF-B559368A8E32}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
[MD5.BF4CBAD0A572DC3DBF3BB2C6B2103474] [APT] [{FBE3DF97-2615-4024-B08A-777A6242D535}] (...) -- C:\GAMIGO\LastChaosFRA\LC.exe [3180544]
~ Scheduled Task: 56 Legitimates Filtered in 00mn 14s



---\\ Logiciels installés (O42)
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai
O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM][64Bits] -- Akamai
O42 - Logiciel: EterniaLCClassic 1.00 - (.EterniaGames.) [HKLM][64Bits] -- EterniaLCClassic 1.00
O42 - Logiciel: LCGenericName02 EP2 - (.LCGenericName02.) [HKLM][64Bits] -- LCGenericName02 EP2
~ Logic: 123 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\5268cd1e63cef13]
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\DataMngr] =>PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr
[HKCU\Software\InstallCore] =>PUP.InstallCore
[HKCU\Software\Softonic]
[HKCU\Software\SpeedMaxPc]
[HKCU\Software\TBSB01620]
[HKCU\Software\dclean]
[HKLM\Software\DataMngr] =>PUP.Datamngr
[HKLM\Software\Tarma Installer] =>Toolbar.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\BearShareSRTB] =>PUP.BearShare
[HKLM\Software\Wow6432Node\DataMngr] =>PUP.Datamngr
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SpeedMaxPc]
[HKLM\Software\Wow6432Node\lastchaoseternia]
~ Key Software: 212 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/04/2013 - 12:09:46 - [21,981] ----D C:\Program Files (x86)\BearShare Applications =>PUP.BearShare
O43 - CFD: 08/03/2013 - 16:18:40 - [661,800] ----D C:\Program Files (x86)\EterniaGames
O43 - CFD: 20/04/2011 - 12:53:53 - [1,817] ----D C:\Program Files (x86)\Iminent =>Adware.IMBooster
O43 - CFD: 01/04/2013 - 08:58:26 - [467,197] ----D C:\Program Files (x86)\LCGenericName01
O43 - CFD: 05/04/2013 - 22:32:02 - [-430,337] ----D C:\Program Files (x86)\LCGenericName02
O43 - CFD: 13/05/2012 - 09:54:35 - [4,852] ----D C:\Program Files (x86)\Pfad zum LastChaos Installationsordner
O43 - CFD: 18/04/2012 - 10:30:44 - [0,075] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 19/04/2013 - 14:08:31 - [26,484] ----D C:\Program Files (x86)\Common Files\Akamai
O43 - CFD: 05/02/2013 - 11:55:32 - [0] ----D C:\ProgramData\Babylon =>Toolbar.Babylon
O43 - CFD: 13/04/2013 - 14:35:44 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 24/09/2012 - 14:37:25 - [0,533] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 26/02/2011 - 11:16:41 - [0,001] ----D C:\ProgramData\Partner
O43 - CFD: 19/04/2013 - 14:00:41 - [0] ----D C:\ProgramData\SpeedMaxPc
O43 - CFD: 14/02/2013 - 08:04:47 - [1,194] ----D C:\ProgramData\Tarma Installer =>Toolbar.Tarma
O43 - CFD: 18/04/2013 - 16:34:38 - [0] ----D C:\ProgramData\{41054FB7-AE0F-4DCF-9073-74BC03EFC472}
O43 - CFD: 18/04/2013 - 16:34:38 - [0] ----D C:\ProgramData\{A2A58654-12AA-408A-B411-58A76959BE7F}
O43 - CFD: 05/02/2013 - 11:55:32 - [0,014] ----D C:\Users\FRED\AppData\Roaming\Babylon =>Toolbar.Babylon
O43 - CFD: 09/04/2011 - 18:24:10 - [1,673] ----D C:\Users\FRED\AppData\Roaming\Bump Technologies, Inc
O43 - CFD: 24/02/2011 - 12:57:45 - [0,001] ----D C:\Users\FRED\AppData\Roaming\Faerie Solitaire
O43 - CFD: 18/04/2012 - 10:30:41 - [0] ----D C:\Users\FRED\AppData\Roaming\Shareaza
O43 - CFD: 19/04/2013 - 13:56:56 - [0] ----D C:\Users\FRED\AppData\Roaming\SpeedMaxPc
O43 - CFD: 20/04/2012 - 15:26:45 - [1049,529] ----D C:\Users\FRED\AppData\Roaming\SysLipe
O43 - CFD: 19/04/2013 - 14:07:23 - [32,496] ----D C:\Users\FRED\AppData\Local\Akamai
O43 - CFD: 09/04/2011 - 18:24:26 - [0] ----D C:\Users\FRED\AppData\Local\Bump Technologies, Inc
O43 - CFD: 31/03/2013 - 08:50:04 - [0,000] ----D C:\Users\FRED\AppData\Local\Proxure
O43 - CFD: 30/07/2011 - 10:55:48 - [0] ----D C:\Users\FRED\AppData\Local\Shareaza
O43 - CFD: 19/04/2013 - 14:00:41 - [0] ----D C:\Users\FRED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc
~ 132 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 385 Legitimates Filtered in 00mn 56s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2E9C25BE1F2EAEB54CFBAC799AEDCE3C] - 19/04/2013 - 12:50:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [102914]
~ Files: 64 Legitimates Filtered in 00mn 05s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 25/10/2007 - 17:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <OperaNext> <Opera Next>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Opera Next\Opera.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("browser.search.defaultenginename", "Search Results");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("browser.search.order.1", "Search Results");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.admin", false);
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.aflt", "babsst");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.autoRvrt", "false");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.dfltLng", "en");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.excTlbr", false);
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.id", "90b8b03b00000000000000262d46b5ff");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.instlDay", "15750");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.instlRef", "sst");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.newTab", false);
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.prdct", "delta");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.prtnrId", "delta");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.rvrt", "false");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.smplGrp", "none");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.tlbrId", "base");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.tlbrSrchUrl", "");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.vrsn", "1.8.10.0");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.vrsnTs", "1.8.10.07:05:42");
O69 - SBI: prefs.js [FRED - bioh5z47.default] user_pref("extensions.delta.vrsni", "1.8.10.0");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} [DefaultScope] - (Search Results) - https://www.search.ask.com/web?l=dis&q=&o=APN10655A&apn_dtid=%5EBND101%5EYY%5EFR&shad=s_0048&gct=hp&apn_ptnrs=%5EAG5&d=101-0&lang=en&atb=sysid%3D101%3Auid%3D58c9331d816657ac%3Asrc%3Dhmp%3Ao%3DAPN10655A%3Atg%3D&p2=%5EAG5%5EBND101%5EYY%5EFR
O69 - SBI: SearchScopes [HKCU] {c1d89ae7-449d-4929-b24b-fded04adbe06} - (Glary Search) - http://isearch.glarysoft.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.5BA72CD362C2F3A3C64F9E90E832A2BB] [SPRF][24/12/2012] (...) -- C:\ProgramData\1356342108.bdinstall.bin [634992]
[MD5.5DF46F321386C0E7BBE399CCD4E4553B] [SPRF][24/12/2012] (...) -- C:\ProgramData\1356344004.bdinstall.bin [223955]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][19/04/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\FRED\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.E9706056A435B8A53C999517516C4020] [SPRF][31/01/2013] (.TuneUp Software - TuneUp Utilities Uninstall Helper.) -- C:\Users\FRED\AppData\Local\Temp\TUUUninstallHelper.exe [76576]
[MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][19/04/2013] (...) -- C:\Users\FRED\AppData\Local\Temp\~gu-ver.dat [112]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E4C7BBDA-C026-412C-A81B-6C8FC9CBC0CF}" | In - Private - P6 - TRUE | .(.SFR - Mediacenter Evolution.) -- C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe
O87 - FAEL: "{7941C41E-DE76-4F3E-BAE2-6BE4AF700C45}" | In - Private - P17 - TRUE | .(.SFR - Mediacenter Evolution.) -- C:\Program Files (x86)\SFR\Mediacenter Evolution\MediaCenter.exe
O87 - FAEL: "{150D4D39-2FB2-4640-91B8-F405002B3D25}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O87 - FAEL: "{131F09F4-452D-420D-BF12-FD3681B43498}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
~ Firewall: 220 Legitimates Filtered in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : v2.11593 - (19/04/2013)
Clés trouvées (Keys found) : 31
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz
[HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\BrowserConnection.dll] =>Adware.Bandoo
[HKLM\Software\Classes\BrowserConnection.Loader] =>Adware.Bandoo
[HKLM\Software\Classes\BrowserConnection.Loader.1] =>Adware.Bandoo
[HKCU\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\DataMngr] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKLM\Software\Wow6432Node\SpeedMaxPc] =>PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon
[HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Wow6432Node\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}] =>Adware.Bandoo^
C:\Program Files (x86)\BearShare Applications =>PUP.BearShare
C:\Program Files (x86)\Iminent =>Adware.IMBooster
C:\ProgramData\Babylon =>Toolbar.Babylon
C:\ProgramData\Browser Manager =>Toolbar.Babylon
C:\ProgramData\IBUpdaterService =>Adware.IncrediBar
C:\ProgramData\SpeedMaxPc =>PUP.SpeedMaxPc
C:\ProgramData\Partner =>Spyware.Partner
C:\Users\FRED\AppData\Roaming\Babylon =>Toolbar.Babylon
C:\Users\FRED\AppData\Roaming\SpeedMaxPc =>PUP.SpeedMaxPc
C:\Users\FRED\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
~ Additionnel: Scanned in 00mn 18s



---\\ Random Export Key (O91)
[HKCU\Software\5268cd1e63cef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5268cd1e63cef13\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52"
[HKCU\Software\5268cd1e63cef13] =>Toolbar.Babylon^
~ Export Key Software: Scanned in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 14/07/2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 626208 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
SS - | Auto 02/02/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/02/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 206880 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 12/02/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



~ 1347 Legitimates filtered by white list
End of the scan (569 lines in 02mn 43s)(0)
bon courage et merci