Sujet Précédent Sujet Suivant

Redirection vers ihvanet !

Fermé
andochanga Messages postés 17 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 2 mai 2013 - 2 mai 2013 à 00:12
andochanga Messages postés 17 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 2 mai 2013 - 2 mai 2013 à 00:13
Bonsoir,

Tout à commencer par la redirection lors de recherche avec firfox via google vers "ihvanet" et des sites "bizarres".

Malgré l'aide d'un professionnel, je n'ai pas pu résoudre le problème. Maintenant, la situation ne s'arrange pas mais s'ajoute d'autres problèmes : ralentissement lors des recherches de documents, disfobctionnement de outlook, impossible de me connecter à la notre base des données (au bureau on est en réseau) ne trouve pas le chemin car plus de "microsoft windows network".. Bref, c'est le désordre !

Après un tour dans le forum, j'ai suivi les conseils " aide au diagnostic" et voici les résultats :

1. Rapport Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.05.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tech3 :: TECH3-PC [administrateur]

01/05/2013 21:03:50
mbam-log-2013-05-01 (21-03-50).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 214417
Temps écoulé: 10 minute(s),

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0A
(Aucun élément nuisible détecté)

(fin)
2. Rapport Adwcleaner
# AdwCleaner v2.300 - Rapport créé le 01/05/2013 à 21:20:33
# Mis à jour le 28/04/2013 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : Tech3 - TECH3-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Tech3\Downloads\adwcleaner(2).exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : IBUpdaterService

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\SweetIM
Dossier Supprimé : C:\Program Files (x86)\sweetpacks bundle uninstaller
Dossier Supprimé : C:\ProgramData\SpeedMaxPc
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\Users\Tech3\AppData\Local\Bundled software uninstaller
Dossier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\extensions\staged
Dossier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\SweetPacksToolbarData
Dossier Supprimé : C:\Users\Tech3\AppData\Roaming\SpeedMaxPc
Dossier Supprimé : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Dossier Supprimé : C:\Windows\SysWOW64\WNLT
Fichier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Fichier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\searchplugins\SweetIM Search.xml
Fichier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\searchplugins\SweetIm.xml
Fichier Supprimé : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\searchplugins\zonealarm.xml
Fichier Supprimé : C:\Windows\tasks\LyricsPal Update.job
Supprimé au redémarrage : C:\Program Files (x86)\XingHaoLyrics

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Clé Supprimée : HKCU\Software\BI
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\SpeedMaxPC
Clé Supprimée : HKCU\Software\WNLT
Clé Supprimée : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Clé Supprimée : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Clé Supprimée : HKLM\SOFTWARE\Classes\sim-packages
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Clé Supprimée : HKLM\Software\SpeedMaxPC
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Valeur Supprimée : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\prefs.js

C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\user.js ... Supprimé !

Supprimée : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={2A2D5CC1-B037-11E2-A0E9-90E6[...]
Supprimée : user_pref("browser.search.defaultenginename", "SweetIM Search");
Supprimée : user_pref("extensions.zonealarm.hpFFXOld", "hxxp://home.sweetim.com/?barid={2A2D5CC1-B037-11E2-A0E9-[...]
Supprimée : user_pref("extensions.zonealarm.hpOld0", "hxxp://home.sweetim.com/?barid={2A2D5CC1-B037-11E2-A0E9-90[...]
Supprimée : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Supprimée : user_pref("sweetim.toolbar.SearchBoxLogo", "");
Supprimée : user_pref("sweetim.toolbar.SearchBoxText", "");
Supprimée : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Supprimée : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Supprimée : user_pref("sweetim.toolbar.Visibility.enable", "true");
Supprimée : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Supprimée : user_pref("sweetim.toolbar.cargo", "3.1010006.10034");
Supprimée : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Supprimée : user_pref("sweetim.toolbar.defaultProvider", "");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Supprimée : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Supprimée : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Supprimée : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Supprimée : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Supprimée : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Supprimée : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Supprimée : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Supprimée : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Supprimée : user_pref("sweetim.toolbar.mode.debug", "false");
Supprimée : user_pref("sweetim.toolbar.newtab.created", "true");
Supprimée : user_pref("sweetim.toolbar.newtab.enable", "true");
Supprimée : user_pref("sweetim.toolbar.newtab.url", "hxxp://home.sweetim.com/?src=97&barid=$toolbar_id;&crg=$car[...]
Supprimée : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Bing ");
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
Supprimée : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://fr.msn.com/?pc=UP22&ocid=UP22[...]
Supprimée : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Supprimée : user_pref("sweetim.toolbar.rc.url", "hxxp://tbsrv1.sweetim.com/simffbar/rc.html?toolbar_version=$ITE[...]
Supprimée : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Supprimée : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Supprimée : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Supprimée : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Supprimée : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Supprimée : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Supprimée : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Supprimée : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Supprimée : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.2.callback", "");
Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Supprimée : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Supprimée : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Supprimée : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Supprimée : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Supprimée : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Supprimée : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Supprimée : user_pref("sweetim.toolbar.search.history", "interpretation%20d'une%20analyse%20de%20sol");
Supprimée : user_pref("sweetim.toolbar.search.history.capacity", "10");
Supprimée : user_pref("sweetim.toolbar.searchguard.enable", "false");
Supprimée : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Supprimée : user_pref("sweetim.toolbar.simapp_id", "{2A2D5CC1-B037-11E2-A0E9-90E6BA902B94}");
Supprimée : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://www.sweetim.com/uninstallbar.asp?barid=$too[...]
Supprimée : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.sweetim.com/help_contact.asp");
Supprimée : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010006.10034&barid={2A2D[...]
Supprimée : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.sweetim.com/eula.html#privacy");
Supprimée : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://search.sweetim.com/search.asp?barid=$toolbar_id[...]
Supprimée : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://lp.sweetim.com/SweetPacksBundleUninstaller/");
Supprimée : user_pref("sweetim.toolbar.version", "1.13.0.0");

*************************

AdwCleaner[R1].txt - [7217 octets] - [31/12/2012 20:13:10]
AdwCleaner[R2].txt - [8507 octets] - [16/04/2013 16:46:52]
AdwCleaner[R3].txt - [1187 octets] - [28/04/2013 20:53:22]
AdwCleaner[R4].txt - [13135 octets] - [01/05/2013 21:19:16]
AdwCleaner[S1].txt - [7350 octets] - [31/12/2012 20:14:48]
AdwCleaner[S2].txt - [8414 octets] - [16/04/2013 16:47:41]
AdwCleaner[S3].txt - [1251 octets] - [28/04/2013 20:54:00]
AdwCleaner[S4].txt - [13327 octets] - [01/05/2013 21:20:33]

########## EOF - C:\AdwCleaner[S4].txt - [13388 octets] ##########
3. Rapport ZHPDIAG
(à suivre dans un prochain message !)
A voir également:

1 réponse

Réponse 1 / 1
andochanga Messages postés 17 Date d'inscription jeudi 17 avril 2008 Statut Membre Dernière intervention 2 mai 2013
2 mai 2013 à 00:13
Rapport de ZHPDiag v2013.4.30.182 par Nicolas Coolman, Update du 30/04/2013
Run by Tech3 at 01/05/2013 21:51:44
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 20.0.1 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PV9HW
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
Avira Free Antivirus v13.0.0.2678
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
McAfee Security Scan Plus v3.0.318.3
ZoneAlarm Firewall v11.0.000.057
ZoneAlarm Free Firewall v11.0.000.057
ZoneAlarm Security v11.0.000.057
Windows Defender W7

---\\ System Optimizer
CCleaner v4.01

---\\ Peer To Peer (P2P)

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 MUI
Java 7 Update 7

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3037 MB (47% free)
System Restore: Désactivé (Disabled)
System drive C: has 20 GB (26%) free of 75 GB

---\\ Logged in mode
~ Computer Name: TECH3-PC
~ User Name: Tech3
~ All Users Names: Tech3, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Tech3\AppData\Roaming\
~ %Desktop% : C:\Users\Tech3\Desktop\
~ %Favorites% : C:\Users\Tech3\Favorites\
~ %LocalAppData% : C:\Users\Tech3\AppData\Local\
~ %StartMenu% : C:\Users\Tech3\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 75 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 171 Go of 209 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 27 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9E7687984107C81B859200C9BD570AFF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 06:56:00.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/706
~ Mes musiques (My Musics) : 1/10
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 48/1914
~ Mon Bureau (My Desktop) : 12/17
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 09s



---\\ Processus lancés
[MD5.E87FBE7C5DE2E4FDB20FB8FA17F4A350] - (.ParetoLogic - ParetoLogic FileCure.) -- C:\Program Files (x86)\ParetoLogic\FileCure\FileCure.exe [1813808] [PID.1764]
[MD5.A65BE6B71BDD85BB0BBB0F25E03AE586] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1593344] [PID.1940]
[MD5.CD0FBA1819731E13BB0C667610568065] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.2056]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2124]
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.2180]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.788]
[MD5.483FBD92DC106092D30CF2866F3E68E6] - (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Companion.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144] [PID.3376]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] - (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Tech3\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096] [PID.3464]
[MD5.A60DB2C4E19913B42E82B1095045E305] - (.Tango Inc. - Tango.) -- D:\Tango\Tango.exe [13489992] [PID.4116]
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] - (.ASUSTek Computer Inc. - ADSMTray.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [272952] [PID.4124]
[MD5.07E56F90546052D0574355E16AB48A6F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.4292]
[MD5.1E31FB01113B4A093F3F4E9805C4C6A2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18643048] [PID.4304]
[MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [104936] [PID.4340]
[MD5.C5B5552E5C1A0079C1F7313E7CC7707E] - (.Google - Google Calendar Sync.) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [542264] [PID.0]
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.0]
[MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [91432] [PID.4564]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] - (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016] [PID.4768]
[MD5.32F43BE36AAC4E10C88EC24B34770C0D] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392] [PID.4900]
[MD5.5666955DC9FD455A003D86A21E0483A9] - (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624] [PID.4916]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.5104]
[MD5.6E95474CB9E22BC9768EFA176C6A0A29] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.4332]
[MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.964]
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.800]
[MD5.4F1F35044428CD8981BEA81432E9E51D] - (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832] [PID.2684]
[MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.4968]
[MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4476]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.5036]
[MD5.9313678EC46F3A2E89D3F6377350EEB3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7100928] [PID.3672]
[MD5.7F15A353AF9B367F4D4CD52CB0533F2F] - (.Check Point Software Technologies LTD - TrueVector Service.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888] [PID.1072]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1472]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1496]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1736]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1956]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.1848]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2000]
[MD5.A2494901E7226B356B8C1005C45F1C5F] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816] [PID.1084]
[MD5.7E6CCCCB604F35760C1A3FB75B0159FC] - (.Pas de propriétaire - BitKinex service.) -- C:\Program Files (x86)\BitKinex\bitkinexsvc.exe [28160] [PID.1208]
[MD5.069E22DD49A1A962AEE3B7DCE2DC4A50] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [178816] [PID.1564]
[MD5.D62088F1C4E7B3477AD2A5F8F5C6DEF3] - (.Pas de propriétaire - Atouch64.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe [301624] [PID.1580]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.2904]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.2948]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.2160]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3424]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3580]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] - (.ASUSTek Computer Inc. - ADSMSrv.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280] [PID.3312]
[MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [271760] [PID.4684]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Tech3\AppData\Roaming\Mozilla\Firefox\Profiles\rnszvsmc.default\prefs.js
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: ZoneAlarm Security Engine [64Bits] - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [EeeStorageBackup] . (.ECAREME - BackupService.) -- C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
O4 - HKLM\..\Run: [AmIcoSinglun64] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [ETDWare] . (.ELAN Microelectronic Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [ISW] . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
O4 - HKCU\..\Run: [ReadyNAS Remote] . (.NETGEAR - ReadyNas Remote.) -- C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] . (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Companion.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Tech3\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Tango] . (.Tango Inc. - Tango.) -- D:\Tango\Tango.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl8] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD8LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [HControlUser] . (.ASUS - HControlUser.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKMEDIA] . (.ASUS - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [ZoneAlarm] . (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3681586459-3823861006-4258212054-1000\..\Run: [ReadyNAS Remote] . (.NETGEAR - ReadyNas Remote.) -- C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
O4 - HKUS\S-1-5-21-3681586459-3823861006-4258212054-1000\..\Run: [Sony Ericsson PC Companion] . (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Companion.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
O4 - HKUS\S-1-5-21-3681586459-3823861006-4258212054-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Tech3\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3681586459-3823861006-4258212054-1000\..\Run: [Tango] . (.Tango Inc. - Tango.) -- D:\Tango\Tango.exe
O4 - HKUS\S-1-5-21-3681586459-3823861006-4258212054-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\Satsuki Decoder Pack\MPC\mplayerc.exe
O4 - GS\TaskBar: Microsoft Office Outlook 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: BitKinex.lnk . (.Barad-Dur, LLC. - BitKinex FTP Client.) -- C:\Program Files (x86)\BitKinex\bitkinex.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - Global Startup: C:\Users\Tech3\Desktop\Outils de diagnostic d'imprimante HP.url . (...) -- C:\Users\Tech3\Desktop\Outils de diagnostic d'imprimante HP.url
~ Global Startup: Scanned in 00mn 01s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4112A6B-ED98-436D-A13B-DF4BC4613A82}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6E98199-C2E8-4FAB-B04A-1914D7D17939}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{B4112A6B-ED98-436D-A13B-DF4BC4613A82}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6E98199-C2E8-4FAB-B04A-1914D7D17939}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{B4112A6B-ED98-436D-A13B-DF4BC4613A82}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6E98199-C2E8-4FAB-B04A-1914D7D17939}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: BitKinex File Transfer Service (BitKinex) . (.Pas de propriétaire - BitKinex service.) - C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) . (.Check Point Software Technologies LTD - TrueVector Service.) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
~ Services: 13 Legitimates Filtered in 00mn 19s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AMUXCKF.job [308]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FileCure Default.job [388]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FileCure Startup.job [404]
[MD5.F30AA962D602D1A0377DFB99031E7B5C] [APT] [ASPG] (.ASUS.) -- C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [163384]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [{A63173A8-098D-4938-8A47-81ABCFCEF6E4}] (...) -- F:\JUPITER_DRV_PPD-WinVista-ver0701a_FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A8716549-BAB7-47C5-8AD9-53FF9E0E076F}] (...) -- F:\T1_B01_PCL6_0902a\setup.exe (.not file.) [0]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 10s



---\\ Logiciels installés (O42)
O42 - Logiciel: BitKinex - (.Barad-Dur, LLC..) [HKLM][64Bits] -- {73826F87-F391-4175-930E-28F9AB4AEAD3}
O42 - Logiciel: ReadyNAS Remote - (.NETGEAR.) [HKLM][64Bits] -- ReadyNAS Remote
O42 - Logiciel: SweetPacks Toolbar For Firefox 1.13.0.0 - (...) [HKLM][64Bits] -- {EEE6C374-6118-11DC-9C72-001320C79847} =>PUP.SweetIM
~ Logic: 128 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Barad-Dur]
[HKCU\Software\Pxzgfbsq]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\IB Updater]
[HKLM\Software\WNLT]
[HKLM\Software\Wow6432Node\Barad-Dur]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pxzgfbsq]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
~ Key Software: 223 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/04/2010 - 10:19:48 - [13,643] ----D C:\Program Files (x86)\BitKinex
O43 - CFD: 30/04/2010 - 10:19:45 - [0,098] ----D C:\ProgramData\BitKinex
O43 - CFD: 01/09/2011 - 11:51:20 - [0,128] ----D C:\Users\Tech3\AppData\Roaming\BitKinex
O43 - CFD: 09/03/2010 - 18:18:48 - [0,267] ----D C:\Users\Tech3\AppData\Local\ReadyNASRemote
~ 255 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 477 Legitimates Filtered in 01mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.859326CA2D36642A0C342B0EBE6E73C5] - 01/05/2013 - 20:21:36 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [104]
O44 - LFC:[MD5.E7B1633F41B94D8A7895E518994F13B8] - 29/04/2013 - 09:41:41 ---A- . (...) -- C:\Windows\SysNative\AutoRunFilter.ini [2298]
O44 - LFC:[MD5.E7B1633F41B94D8A7895E518994F13B8] - 29/04/2013 - 09:41:41 RSHAD . (...) -- C:\Windows\System32\AutoRunFilter.ini [2298]
O44 - LFC:[MD5.78120DBB89D9FD290BB9A48428948936] - 29/04/2013 - 09:41:33 ---A- . (...) -- C:\Windows\SysNative\ServiceFilter.ini [1701]
O44 - LFC:[MD5.78120DBB89D9FD290BB9A48428948936] - 29/04/2013 - 09:41:33 RSHAD . (...) -- C:\Windows\System32\ServiceFilter.ini [1701]
O44 - LFC:[MD5.B0A92BF9EC6A0DF63C0F43E6E16E2B8D] - 28/04/2013 - 21:43:29 RSHAD . (...) -- C:\Windows\System32\Drivers\vsconfig.xml [417507]
O44 - LFC:[MD5.6CAF30862EBDADE872B42DAA9C0D3EE8] - 28/04/2013 - 20:09:54 ---A- . (...) -- C:\Windows\SysNative\dmwu.exe [1273648]
O44 - LFC:[MD5.F13D593FF722B5BDF6852E99FF252A5E] - 28/04/2013 - 20:09:54 ---A- . (.IncrediMail, Ltd. - IMHttpCo Dynamic Link Library.) -- C:\Windows\SysNative\ImHttpComm.dll [35328]
O44 - LFC:[MD5.6CAF30862EBDADE872B42DAA9C0D3EE8] - 28/04/2013 - 20:09:54 RSHAD . (...) -- C:\Windows\System32\dmwu.exe [1273648]
O44 - LFC:[MD5.F13D593FF722B5BDF6852E99FF252A5E] - 28/04/2013 - 20:09:54 RSHAD . (.IncrediMail, Ltd. - IMHttpCo Dynamic Link Library.) -- C:\Windows\System32\ImHttpComm.dll [35328]
~ Files: 34 Legitimates Filtered in 01mn 23s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.F5D3D4523A20C07E7EE4016407DED1B5] - 01/05/2013 - 20:24:25 ---A- - C:\Windows\Prefetch\ASSCRPROLOG.EXE-83162235.pf
O45 - LFCP:[MD5.12EDA314C97F281E09E03AB5913E7412] - 01/05/2013 - 20:24:33 ---A- - C:\Windows\Prefetch\GOOGLE~1.EXE-D5B8BFBB.pf
O45 - LFCP:[MD5.EFBD3851C1563106212E6272F83EA2AD] - 30/04/2013 - 19:53:58 ---A- - C:\Windows\Prefetch\ADSMTRAY.EXE-9081D617.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{c9691b98-2b32-11e2-87c3-90e6ba902b94}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.0D8456E0E48A8F47C6F6A8BF35F3861D] - 11/08/2009 - 03:16:42 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athrx.sys [1490432]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/05/2013 - 18:23:16 ---A- C:\Users\Tech3\AppData\Local\Google\Google Calendar Sync\data_files\4E1269CA2E876F27415955932FAF8184.FEED [278]
O61 - LFC: 01/05/2013 - 18:45:05 ---A- C:\Users\Tech3\AppData\Local\Google\Google Calendar Sync\data_files\405083DB98BD52FF0C73D99A361D9D00 [17128]
O61 - LFC: 01/05/2013 - 19:09:17 ---A- C:\Users\Tech3\Documents\CR GROUPE FILIERE (10 JUIN).docx [182056]
O61 - LFC: 01/05/2013 - 19:09:31 ---A- C:\Users\Tech3\Documents\CR 1er COPIL Zone Maraichage (31 Mars 2010).pdf [468334]
O61 - LFC: 01/05/2013 - 19:09:44 ---A- C:\Users\Tech3\Documents\Power Point COPIL.pdf [185414]
O61 - LFC: 01/05/2013 - 19:09:55 ---A- C:\Users\Tech3\Documents\Power Point Projet CASE (2).pdf [395373]
O61 - LFC: 01/05/2013 - 19:10:04 ---A- C:\Users\Tech3\Documents\CR GROUPE FONCIER (18 Mai 2010).pdf [527969]
O61 - LFC: 01/05/2013 - 19:10:14 ---A- C:\Users\Tech3\Documents\CR GROUPE Porteur de Projet (24 JUIN).pdf [432980]
O61 - LFC: 01/05/2013 - 19:10:23 ---A- C:\Users\Tech3\Documents\10 10 27 Appel à communication colloque AB.pdf [446903]
O61 - LFC: 01/05/2013 - 19:13:39 ---A- C:\Users\Tech3\Documents\cc_20130501_201259.reg [460]
O61 - LFC: 01/05/2013 - 20:00:37 ---A- C:\Users\Tech3\Downloads\mbam-setup-1.75.0.1300.exe [10285040]
O61 - LFC: 01/05/2013 - 20:17:00 ---A- C:\Users\Tech3\Downloads\adwcleaner(2).exe [628743]
O61 - LFC: 01/05/2013 - 20:21:01 ---A- C:\Users\Tech3\Documents\Aide au diagnostic d.docx [757308]
O61 - LFC: 01/05/2013 - 20:25:14 ---A- C:\Users\Tech3\AppData\Local\tango\tcfg.xml [563]
O61 - LFC: 01/05/2013 - 20:25:19 ---A- C:\Users\Tech3\AppData\Local\tango\contacts.dat [408]
O61 - LFC: 01/05/2013 - 20:25:19 ---A- C:\Users\Tech3\AppData\Local\tango\userinfo.xml [1113]
O61 - LFC: 28/04/2013 - 19:52:44 ---A- C:\Users\Tech3\Downloads\adwcleaner(1).exe [628743]
O61 - LFC: 28/04/2013 - 19:59:31 ---A- C:\Users\Tech3\Downloads\ccsetup401.exe [4346816]
O61 - LFC: 28/04/2013 - 20:08:32 ---A- C:\Users\Tech3\Downloads\7ZipSetup.exe [162072]
O61 - LFC: 28/04/2013 - 21:04:21 ---A- C:\Users\Tech3\Downloads\avira-free-antivirus_avira_free_antivirus_2013_13.0.0.2890_anglais_404708.exe [104833992]
O61 - LFC: 28/04/2013 - 21:10:57 ---A- C:\Users\Tech3\Downloads\ccsetup401(1).exe [4346816]
O61 - LFC: 28/04/2013 - 21:33:55 ---A- C:\Users\Tech3\Downloads\zafwSetupWeb_110_000_057.exe [2398248]
O61 - LFC: 28/04/2013 - 21:49:07 ---A- C:\Users\Tech3\Documents\cc_20130428_224855.reg [60090]
O61 - LFC: 28/04/2013 - 23:59:08 ---A- C:\Users\Tech3\Documents\Interprétation_AnalyseSol_.pdf [130198]
O61 - LFC: 29/04/2013 - 00:04:55 ---A- C:\Users\Tech3\Downloads\analyses_de_sol.pps [3724288]
O61 - LFC: 29/04/2013 - 08:51:19 ---A- C:\Users\Tech3\Documents\formation-matieres-organiques.pdf [105024]
O61 - LFC: 29/04/2013 - 10:27:39 ---A- C:\Users\Tech3\Downloads\SpeedMaxpc_installer_fr.exe [5045816] =>PUP.SpeedMaxPc
O61 - LFC: 29/04/2013 - 11:38:18 ---A- C:\Users\Tech3\Documents\Légumes perpétuels.docx [393619]
O61 - LFC: 29/04/2013 - 11:38:18 --HA- C:\Users\Tech3\Documents\~$gumes perpétuels.docx [162]
O61 - LFC: 29/04/2013 - 15:43:28 ---A- C:\Users\Tech3\AppData\Local\Google\Google Calendar Sync\data_files\user_properties.txt [1566]
O61 - LFC: 30/04/2013 - 10:17:48 ---A- C:\Users\Tech3\Documents\Hauts Prés analyse de sol et pratiques par D. Masseno1t.pdf [270917]
O61 - LFC: 30/04/2013 - 22:49:41 ---A- C:\Users\Tech3\Documents\cc_20130430_234930.reg [1754]
~ 59 Fichiers temporaires (Temporary files)
~ Files: 122 Legitimates Filtered in 03mn 31s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 10/02/2010 - Pas de propriétaire (FwHookDrv) .(...) - LEGACY_FWHOOKDRV
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (WPRO_40_1123) .(...) - LEGACY_WPRO_40_1123
~ Legacy: 86 Legitimates Filtered in 00mn 04s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {17E09808-3540-4CB2-B840-7B6C3F496690} - (Yahoo! Search) - https://fr.search.yahoo.com/
O69 - SBI: SearchScopes [HKCU] {CEC1ECBE-674E-4C08-AD7C-30E4B2EFC5A8} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {E53002E8-76FA-4E0D-B0C8-DECB93662042} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.C51F2776F2E485F28F08B94A49DD44D6] [SPRF][14/03/2013] (...) -- C:\Users\Tech3\Desktop\RogueKillerX64.exe [790016]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{F075EAB9-0DD5-4007-8514-C402787A1142}" | In - Private - P6 - TRUE | .(.NETGEAR - ReadyNas Remote.) -- C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
O87 - FAEL: "{38926DA2-D88B-4CE2-86D1-CCC17DA0B857}" | In - Private - P17 - TRUE | .(.NETGEAR - ReadyNas Remote.) -- C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
O87 - FAEL: "TCP Query User{E8A96251-343A-4BC5-8651-0D491CA6508A}C:\program files (x86)\netgear readynas\remote\bin\readynasremote.exe" | In - Public - P6 - TRUE | .(.NETGEAR.) -- C:\program files (x86)\netgear readynas\remote\bin\readynasremote.exe
O87 - FAEL: "UDP Query User{88E3E500-5079-4F73-8F1B-604DF39BA7B2}C:\program files (x86)\netgear readynas\remote\bin\readynasremote.exe" | In - Public - P17 - TRUE | .(.NETGEAR.) -- C:\program files (x86)\netgear readynas\remote\bin\readynasremote.exe
O87 - FAEL: "{4DF91849-C5C5-4E8C-9EF8-DFEFAC3E7315}" | In - Private - P6 - TRUE | .(.Tango Inc. - Tango.) -- D:\Tango\Tango.exe
O87 - FAEL: "{AC593E53-A50A-47BE-9129-F9D55F3CE51B}" | In - Private - P17 - TRUE | .(.Tango Inc. - Tango.) -- D:\Tango\Tango.exe
O87 - FAEL: "TCP Query User{B9139CB4-E833-4E63-BE0D-6742E238368D}D:\tango\tango.exe" | In - Public - P6 - TRUE | .(.Tango Inc. - Tango.) -- D:\tango\tango.exe
O87 - FAEL: "UDP Query User{C2DAACE1-BEF7-4A21-8255-C077705325A5}D:\tango\tango.exe" | In - Public - P17 - TRUE | .(.Tango Inc. - Tango.) -- D:\tango\tango.exe
O87 - FAEL: "{97B1E722-069F-4A6D-9906-98FE47398FBC}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{C5FC69BA-8E9B-4028-8B43-C44B2D78FDAB}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{90C5B8B7-511A-4586-896D-6756AD215A30}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{95A6397E-4E69-4CDE-943A-724B601C0CC2}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
~ Firewall: 243 Legitimates Filtered in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11782 - (30/04/2013)
Clés trouvées (Keys found) : 65
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Protection_ZoneAlarm Toolbar] =>Toolbar.ZoneAlarm
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
C:\Program Files (x86)\XingHaoLyrics =>Adware.ShopperReports
~ Additionnel Scan: 293725 Items scanned in 01mn 01s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "78F62837193F571439E0829FBAA4AE3D" . (.BitKinex.) -- C:\Windows\Installer\{73826F87-F391-4175-930E-28F9AB4AEAD3}\ARPPRODUCTICON.exe
O90 - PUC: "7E9C3C6D433D8194DB75B5E11FC402D7" . (.Bing Bar.) -- C:\Windows\Installer\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}\icon_installer_ico
~ Update Products: 210 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 15/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 28/04/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 28/04/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SS - | Auto 10/02/2012 193816 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
SR - | Demand 10/02/2012 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
SR - | Auto 28160 | (BitKinex) . (...) - C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 22/11/2012 828072 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Demand 271760 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 29/01/2013 2447888 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
SS - | Disabled 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Tech3 at 01/05/2013 22:05:16

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 1831 Legitimates filtered by white list
End of the scan (624 lines in 13mn 31s)(0)
0

Discussions similaires

Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
JulieVdr -

7 réponses
il est en cours de transport vers votre site de livraison
3rin -
Afrikarnak -

4 réponses
le site de distribution
youyou -
brucine -

2 réponses
recherche d'u
mimi -
brucine -

1 réponse