Rapport de ZHPDiag v2013.4.12.68 par Nicolas Coolman, Update du 12/04/2013 Run by pascale at 13/04/2013 15:09:48 State : Version à jour. High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Norton Internet Security v20.3.0.36 ---\\ System Optimizer CCleaner v3.22 ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader 7.0.9 Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 959 MB (15% free) System Restore: Activé (Enable) System drive C: has 26 GB (36%) free of 72 GB ---\\ Logged in mode ~ Computer Name: ACER-FE8B363750 ~ User Name: pascale ~ All Users Names: valentine, SUPPORT_388945a0, pascale, jean marie, HelpAssistant, charlotte, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\pascale\Application Data\ ~ %Desktop% : C:\Documents and Settings\pascale\Bureau\ ~ %Favorites% : C:\Documents and Settings\pascale\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\pascale\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\pascale\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 72 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 72 Go of 72 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 3:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2/03/2013 - 2:55:12.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 3:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 2:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 3:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:32.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 3:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 2:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 2:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/3125 ~ Mes musiques (My Musics) : 6/96 ~ Mes Favoris (My Favorites) : 1/49 ~ Mes Documents (My Documents) : 3/4582 ~ Mon Bureau (My Desktop) : 0/41 ~ Menu demarrer (Programs) : 1/29 ~ Hidden Files: Scanned in 00mn 12s ---\\ Processus lancés [MD5.027D03D9D8AB95194A115A999E960AC0] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.exe [303104] [PID.1540] [MD5.8D836E60877ED79C409712B9BE2DFC3B] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.exe [174592] [PID.1572] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.1800] [MD5.241BD3019FB31E812A51B31B06906335] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [144520] [PID.1928] [MD5.5F87F129EC8BFAE7C5EF456619047F22] - (.SupportSoft, Inc. - SupportSoft Agent Service.) -- C:\Program Files\Belgacom\bin\sprtsvc.exe [202016] [PID.2004] [MD5.BE0F984467A19B5EF6DDB26811D69F27] - (.acer Inc. - Monitor.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe [397312] [PID.2252] [MD5.9C9B6807425CEF840C117654D8B033D1] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [413696] [PID.2280] [MD5.E51925CE5017808EE8CB66BEAF25363F] - (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Belgacom\bin\sprtcmd.exe [202016] [PID.2288] [MD5.E6A4E341E4304B34AA280D3E73818C90] - (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe [290088] [PID.2428] [MD5.1ACBA585D47FB69C12F26074517EFE5A] - (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe [1644680] [PID.2536] [MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208] [PID.2564] [MD5.7B2FB514D71FD9C5BFFB5443DB4551FE] - (...) -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [375296] [PID.2580] [MD5.D7CC06BFE83AE6CE89C8474F1E5ACCD1] - (.Belgian Government - sccertprop Application.) -- C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe [31768] [PID.2620] [MD5.80FD4D46B0E9B620CF757A9A5C789329] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [577536] [PID.2644] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2664] [MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.2712] [MD5.70B9B7C5C5B3CDB1DF2E8DFB5DCC3B52] - (.Nikon Corporation - PictureProject Monitor.) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [118784] [PID.2756] [MD5.62937A89470AF8FF172F0980CA8AEFC9] - (.Apple Inc. - iPodService Module.) -- C:\Program Files\iPod\bin\iPodService.exe [536872] [PID.2764] [MD5.762BA3BDA0787A30A95DBC3BF534DF48] - (.Silicon Integrated Systems Corporation - SiS Compatible Super VGA Tray Application.) -- C:\WINDOWS\system32\sistray.exe [266240] [PID.2788] [MD5.A3FD01C67BA2A90FFE736340A29BFC76] - (.Pas de propriétaire - NetgearCUv2 MFC Application.) -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2326528] [PID.2904] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2700] [MD5.BD3874A1F0C3F0C4E783961BD18B9E86] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6728704] [PID.2948] [MD5.67949CC8A865296C1333C96A4E1A2D66] - (.Microsoft Corporation - Serveur de gestion de ressources des cartes.) -- C:\WINDOWS\System32\SCardSvr.exe [100352] [PID.1672] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.1228] ~ Processes Running: Scanned in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\pascale\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\pascale\Application Data\Mozilla\Firefox\Profiles\rsftakex.default\prefs.js M3 - MFPP: Plugins - [pascale] -- C:\Documents and Settings\pascale\Application Data\Mozilla\Firefox\Profiles\rsftakex.default\searchplugins\askcom.xml M3 - MFPP: Plugins - [pascale] -- C:\Documents and Settings\pascale\Application Data\Mozilla\Firefox\Profiles\rsftakex.default\searchplugins\askcomsearch.xml M2 - MFEP: prefs.js [pascale - rsftakex.default\toolbar@ask.com] [] v (..) ~ Firefox Browser: 10 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: 14 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files\FreeFox Toolbar\tbcore3.dll ~ BHO: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Ask Toolbar - [HKLM]{D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask O3 - Toolbar: FreeFox Toolbar - [HKLM]{338B4DFE-2E2C-4338-9E41-E176D497299E} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files\FreeFox Toolbar\tbcore3.dll O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [ntiMUI] . (...) -- C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe O4 - HKLM\..\Run: [eRecoveryService] . (.acer Inc. - Monitor.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [Belgacom] . (.SupportSoft, Inc. - Pas de description.) -- C:\Program Files\Belgacom\bin\sprtcmd.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper Module.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SiSPower] . (.Silicon Integrated Systems Corporation - Dynamic link library for setting Power Sche.) -- C:\WINDOWS\system32\SiSPower.dll O4 - HKLM\..\Run: [ApnUpdater] . (.Ask - Ask Updater.) -- C:\Program Files\Ask.com\Updater\Updater.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Philips Device Listener] . (...) -- C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe O4 - HKLM\..\Run: [beidsccertprop] . (.Belgian Government - sccertprop Application.) -- C:\Program Files\Belgium Identity Card\BeID Certprop\beidsccertprop.exe O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKLM\..\Terminal Server\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe (.not file.) O4 - HKUS\S-1-5-21-2145905160-929904639-1334043447-1006\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2145905160-929904639-1334043447-1006\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Adobe Reader 7.0.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader_PM.ico O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 3 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} ((no name)) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} ((no name)) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} ((no name)) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344943477109 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_0_1_1.cab O16 - DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} ((no name)) - http://community.fr.weightwatchers.be/Scripts/ImageUploader6.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9895E1-A0E4-48DA-B030-7994E307747F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{9D9895E1-A0E4-48DA-B030-7994E307747F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9D9895E1-A0E4-48DA-B030-7994E307747F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 5 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Planificateur LiveUpdate automatique (Planificateur LiveUpdate automatique) . (...) - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (.not file.) O23 - Service: Planner voor Automatische LiveUpdate (Planner voor Automatische LiveUpdate) . (...) - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (.not file.) O23 - Service: SupportSoft RemoteAssist (SupportSoft RemoteAssist) . (.SupportSoft, Inc. - ssrc Module.) - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe ~ Services: 6 Legitimates Scanned in 00mn 15s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\pascale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\pascale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [238] =>Toolbar.Ask ~ Scheduled Task: 6 Legitimates Scanned in 00mn 00s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 23 Legitimates Scanned in 00mn 01s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 81 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask O42 - Logiciel: Belgacom Genius - (.SupportSoft.) [HKLM] -- {FDE9FC7A-BF6D-4347-850D-05A16E6FEE17} O42 - Logiciel: Carrefour_Service_Photo 2.7 - (...) [HKLM] -- Carrefour Service Photo_is1 O42 - Logiciel: EZ Vinyl/Tape Converter 1.5.2.0 par MixMeister - (.MixMeister Technology LLC.) [HKLM] -- EZ Vinyl/Tape Converter par MixMeister_is1 O42 - Logiciel: FreeFox Toolbar - (...) [HKLM] -- FreeFox Toolbar O42 - Logiciel: PictureProject - (...) [HKLM] -- {FF3999BE-1A7B-4738-88AA-97BF14094A4A} O42 - Logiciel: SiS 900 PCI Fast Ethernet Adapter Driver - (...) [HKLM] -- SiSLan O42 - Logiciel: VideoMate for You/Stereo Driver - (...) [HKLM] -- {8C3C4EBD-EB8F-44A2-A571-241CDECBB266} ~ Logic: 105 Legitimates Scanned in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN] [HKCU\Software\Ask.com] [HKCU\Software\AskToolbar] [HKCU\Software\Carrefour_Service_Photo] [HKCU\Software\ConduitSearchScopes] [HKCU\Software\Jetsoft] [HKCU\Software\MakeMSI] [HKCU\Software\SMTTB2009] [HKCU\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Support.com] [HKLM\Software\APN] [HKLM\Software\Acudata] [HKLM\Software\AskToolbar] [HKLM\Software\Carrefour_Service_Photo] [HKLM\Software\RtlWake] [HKLM\Software\SDU] [HKLM\Software\eFilm Medical] [HKLM\Software\support.com] ~ Key Software: 208 Legitimates Scanned in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 25/08/2006 - 19:01:24 - [0,036] ----D C:\Program Files\SiSLan O43 - CFD: 29/08/2006 - 19:48:42 - [0,872] ----D C:\Program Files\Phototool O43 - CFD: 18/03/2007 - 10:49:32 - [14,001] ----D C:\Program Files\Belgacom O43 - CFD: 23/03/2007 - 10:58:48 - [6,055] ----D C:\Program Files\LimeWire O43 - CFD: 11/05/2009 - 21:38:22 - [15,172] ----D C:\Program Files\Carrefour O43 - CFD: 11/11/2009 - 12:57:52 - [32,173] ----D C:\Program Files\MixMeister EZ Vinyl Tape Converter O43 - CFD: 31/10/2011 - 15:53:46 - [3,519] ----D C:\Program Files\Ask.com O43 - CFD: 10/11/2011 - 18:29:50 - [0,007] ----D C:\Program Files\ZiggyTV O43 - CFD: 10/11/2011 - 18:29:54 - [3,710] ----D C:\Program Files\FreeFox Toolbar O43 - CFD: 6/12/2011 - 13:12:36 - [0] ----D C:\Program Files\DealBulldog Toolbar O43 - CFD: 12/11/2011 - 10:12:26 - [0,060] ----D C:\Documents and Settings\pascale\Application Data\Toolbar4 O43 - CFD: 6/12/2011 - 12:37:18 - [19,733] ----D C:\Documents and Settings\pascale\Application Data\MajorWare O43 - CFD: 11/01/2011 - 9:18:34 - [0,007] ----D C:\Documents and Settings\pascale\Local Settings\Application Data\Carrefour O43 - CFD: 28/01/2011 - 10:21:46 - [0] ----D C:\Documents and Settings\pascale\Local Settings\Application Data\ICS O43 - CFD: 31/10/2011 - 15:53:44 - [4,237] ----D C:\Documents and Settings\pascale\Local Settings\Application Data\AskToolbar O43 - CFD: 19/01/2013 - 11:04:26 - [0,165] ----D C:\Documents and Settings\pascale\Local Settings\Application Data\APN ~ Program Folder: 158 Legitimates Scanned in 00mn 21s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.7291254FB6D3AB2093ED6956568F631F] - 13/04/2013 - 9:44:12 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.C9952E67CD94BBF4BD4115B6B57DB564] - 13/04/2013 - 9:44:52 ---A- . (...) -- C:\WINDOWS\system32\eRLog.ini [682] O44 - LFC:[MD5.E877EE77C9EDF69D3407739822AD28FA] - 13/04/2013 - 9:44:56 ---A- . (...) -- C:\WINDOWS\RTacDbg.txt [30078] O44 - LFC:[MD5.0E721F39337597031DCB1E485065EF7F] - 12/04/2013 - 12:33:32 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.475AABCB1EF7B9ACFD88D1AB37A0E504] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [30794] O44 - LFC:[MD5.703F5839090EA639300BC2398D2A8E61] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\comsetup.log [10457] O44 - LFC:[MD5.D65A083D7620BF798DA55AAD787FC392] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\iis6.log [4944] O44 - LFC:[MD5.7D77B32D0484BE3E6D54147F00FA1FFE] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.053992EFC562638CF65F89B0B018168A] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1545] O44 - LFC:[MD5.FBDFCA007D8B1BBB7E1BE3CC470B8800] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [6307] O44 - LFC:[MD5.859CB38F65DF7D0BAAC9BFE39D256081] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\ocgen.log [14780] O44 - LFC:[MD5.A9D860B34BB15C70BE60AB4EF5F63B1F] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\ocmsn.log [1710] O44 - LFC:[MD5.20B9541F3AEE7784E3220A8A7D33F24D] - 10/04/2013 - 11:56:00 ---A- . (...) -- C:\WINDOWS\tsoc.log [11795] O44 - LFC:[MD5.DC8307B125A460FE5E0BCF06364DA209] - 10/04/2013 - 11:55:54 ---A- . (...) -- C:\WINDOWS\updspapi.log [3669] O44 - LFC:[MD5.D863F2F12780AE6246C744F5F8653FA0] - 10/04/2013 - 11:55:38 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] ~ Files: 30 Legitimates Scanned in 00mn 07s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\LimeWire\LimeWire.exe" [Enabled] .(...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\FrostWire\FrostWire.exe" [Enabled] .(...) -- C:\Program Files\FrostWire\FrostWire.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\valentine\Mes documents\facebook-pic000934519.exe" [Enabled] .(...) -- c:\windows\nvsvc32.exe (.not file.) ~ Keys Export: 45 Legitimates Scanned in 00mn 02s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 6 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 23 Legitimates Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 20 Legitimates Scanned in 00mn 02s ---\\ ShareTools MSconfig StartupReg (O53) ~ SMSR Keys: 1 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) ~ MWPS: 5 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) ~ MWPE Keys: 2 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 5/08/2004 - 4:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 5/08/2004 - 4:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (Browser) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_BROWSER O64 - Services: CurCS - 25/07/2008 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (clr_optimization_v2.0.50727_32) .(.Microsoft Corporation - .NET Runtime Optimization Service.) - LEGACY_CLR_OPTIMIZATION_V2.0.50727_32 O64 - Services: CurCS - 9/10/2007 - C:\WINDOWS\system32\DRIVERS\EAPPkt.sys (EAPPkt) .(.Realtek - Realtek EAPPkt Protocol Driver.) - LEGACY_EAPPKT O64 - Services: CurCS - 18/08/2003 - C:\WINDOWS\system32\LEXBCES.exe (LexBceS) .(.Lexmark International, Inc. - LexBce Service.) - LEGACY_LEXBCES O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Planificateur LiveUpdate automatique) .(...) - LEGACY_PLANIFICATEUR_LIVEUPDATE_AUTOMATIQUE O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (Planner voor Automatische LiveUpdate) .(...) - LEGACY_PLANNER_VOOR_AUTOMATISCHE_LIVEUPDATE O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (SamSs) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_SAMSS O64 - Services: CurCS - 29/01/2008 - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe (Symantec RemoteAssist) .(.Symantec, Inc. - ssrc Module.) - LEGACY_SYMANTEC_REMOTEASSIST ~ Legacy: 165 Legitimates Scanned in 00mn 02s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: C:\Documents and Settings\pascale\Application Data\Mozilla\Firefox\Profiles\rsftakex.default\searchplugins\askcom.xml O69 - SBI: prefs.js [pascale - rsftakex.default] user_pref("extensions.asktb.ff-original-keyword-url", ""); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {33B08D79-DAFF-4C4B-8CC2-E1621876B309} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com =>Toolbar.AVGSearch O69 - SBI: SearchScopes [HKCU] {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - (Search) - http://www.bigseekpro.com O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Avanquest FR Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {ED246ADC-1A96-4B58-AA65-22CA4ED21A08} - (alterseek) - http://www.alterseek.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 39 Legitimates Scanned in 00mn 03s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.B64C323DCDBA1D08D00ED45E5A042C39] [SPRF][14/01/2012] (...) -- C:\Documents and Settings\pascale\Application Data\mdbu.bin [266384] [MD5.642886C848BC27D700C3BFCFC594A013] [SPRF][28/01/2011] (.Symantec Corporation - Norton Power Eraser.) -- C:\Documents and Settings\pascale\Bureau\NPE.exe [6092216] [MD5.452E762EC1B23C0A888D58F8A0044EFC] [SPRF][10/06/2004] (...) -- C:\Program Files\owcsetup.dll [40960] [MD5.3DB393E198FA455EF458A1F897AA17B2] [SPRF][29/04/2004] (...) -- C:\Program Files\owsetup1.dll [40960] [MD5.49A277C3D47294CE3251B582374CB84B] [SPRF][12/08/2008] (.Symantec Corporation - Symantec Shared Component.) -- C:\WINDOWS\Downloaded Program Files\symdlmgr.dll [450560] [MD5.50C0949E6219214DF11D7519E5052C3B] [SPRF][20/04/2009] (.Hewlett-Packard - Hewlett-Packard Online Support Services.) -- C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll [198280] ~ Files: Scanned in 00mn 05s ---\\ Scan Additionnel (O88) Database Version : v2.11520 - (12/04/2013) Clés trouvées (Keys found) : 131 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar [HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] =>Adware.AskSBAR [HKLM\Software\Classes\Interface\{2a42d13c-d427-4787-821b-cf6973855778}] =>Adware.Agent [HKLM\Software\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}] =>Adware.Softomate [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}] =>Adware.Softomate [HKLM\Software\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}] =>Adware.Softomate [HKLM\Software\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{3d8478aa-7b88-48a9-8bcb-b85d594411ec}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] =>Toolbar.Ask [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] =>Adware.AskSBAR [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKLM\Software\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}] =>Hijacker.Seeearch [HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}] =>Adware.SocialSkinz [HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}] =>Hijacker.Seeearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] =>Adware.AskSBAR [HKLM\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}] =>Adware.SocialSkinz [HKLM\Software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}] =>Adware. BullseyeToolbar [HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo [HKLM\Software\Classes\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Adware.AskSBAR [HKLM\Software\Classes\AppID\TbCommonUtils.DLL] =>Toolbar.Agent [HKLM\Software\Classes\AppID\TbHelper.EXE] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler] =>Toolbar.Agent [HKLM\Software\Classes\comobject.deskbarenabler.1] =>Toolbar.Agent [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd] =>Adware.AskSBAR [HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1] =>Adware.AskSBAR [HKLM\Software\Classes\SMTTB2009.IEToolbar] =>Adware.SocialSkinz [HKLM\Software\Classes\SMTTB2009.IEToolbar.1] =>Adware.SocialSkinz [HKLM\Software\Classes\SMTTB2009.SMTTB2009] =>Adware.SocialSkinz [HKLM\Software\Classes\SMTTB2009.SMTTB2009.3] =>Adware.SocialSkinz [HKLM\Software\Classes\TbCommonUtils.CommonUtils] =>Toolbar.Agent [HKLM\Software\Classes\TbCommonUtils.CommonUtils.1] =>Toolbar.Agent [HKLM\Software\Classes\URLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook] =>Adware.Agent [HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKCU\Software\APN] =>Toolbar.Ask [HKLM\Software\APN] =>Toolbar.Ask [HKCU\Software\Ask.com] =>Toolbar.AskBar [HKCU\Software\AskToolbar] =>Toolbar.AskTBar [HKLM\Software\AskToolbar] =>Toolbar.AskTBar [HKCU\Software\ConduitSearchScopes] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Toolbar.AskBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Classes\TbHelper.TbDownloadManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbDownloadManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbPropertyManager.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbRequest.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.TbTask.1] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper] =>Toolbar.Agent [HKLM\Software\Classes\TbHelper.ToolbarHelper.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar.CT2500339] =>Toolbar.Conduit [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.ContextMenuNotifier.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.CustomInternetSecurityImpl.1] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SMTTB2009] =>Toolbar.Agent [HKLM\Software\Classes\Toolbar3.SMTTB2009.1] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Adware.AskSBAR [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:ApnUpdater =>Adware.GameSpyArcade C:\Program Files\Ask.com =>Toolbar.AskBar C:\Program Files\Conduit =>Toolbar.Conduit C:\Documents and Settings\pascale\Application Data\Toolbar4 =>Toolbar.Conduit C:\Documents and Settings\pascale\Local Settings\Application Data\AskToolbar =>Toolbar.AskTBar C:\Documents and Settings\pascale\Local Settings\Application Data\Conduit =>Toolbar.Conduit C:\Documents and Settings\pascale\Application Data\Mozilla\Firefox\Profiles\rsftakex.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar ~ Additionnel: Scanned in 01mn 23s ---\\ Product Upgrade Codes (O90) O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Ask Toolbar.) -- C:\Program Files\Ask.com\favicon.ico =>Toolbar.Ask ~ Update Products: 39 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 15/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 10/02/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 10/02/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 22/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 20/11/2008 536872 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 10/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 18/08/2003 303104 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe SS - | Demand 2/09/2012 312264 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 24/12/2012 144520 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe SS - | Auto 0 | (Planificateur LiveUpdate automatique) . (...) - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe SS - | Auto 0 | (Planner voor Automatische LiveUpdate) . (...) - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\system32\svchost.exe SR - | Auto 29/05/2008 202016 | (sprtsvc_belgacom) . (.SupportSoft, Inc..) - C:\Program Files\Belgacom\bin\sprtsvc.exe SS - | Auto 29/05/2008 382320 | (SupportSoft RemoteAssist) . (.SupportSoft, Inc..) - C:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe SS - | Demand 29/01/2008 394704 | (Symantec RemoteAssist) . (.Symantec, Inc..) - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe ~ Services: Scanned in 00mn 04s ~ 912 Legitimates filtered by white list End of the scan (739 lines in 03mn 09s)(0)