Rapport de ZHPDiag v2013.4.16.93 par Nicolas Coolman, Update du 16/04/2013 Run by carlos at 17/04/2013 18:23:35 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.19088 (Defaut) MFIE: Mozilla Firefox 17.0.1 v17.0.1 ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 1 (Build 6001) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 6CJ97 Windows License : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.24 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 11 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (46% free) System Restore: Activé (Enable) System drive C: has 11 GB (15%) free of 70 GB ---\\ Logged in mode ~ Computer Name: PC-DE-CARLOS ~ User Name: carlos ~ All Users Names: carlos, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\carlos\AppData\Roaming\ ~ %Desktop% : C:\Users\carlos\Desktop\ ~ %Favorites% : C:\Users\carlos\Favorites\ ~ %LocalAppData% : C:\Users\carlos\AppData\Local\ ~ %StartMenu% : C:\Users\carlos\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 70 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 65 Go of 70 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] - (.Microsoft Corporation - Explorateur Windows.) (.29/10/2008 - 07:29:41.) -- C:\Windows\Explorer.exe [2927104] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.DE4685DE5130039FA63DA66C0F72F787] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.28/05/2011 - 07:08:58.) -- C:\Windows\System32\wininet.dll [916480] [MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Winlogon.exe [314880] [MD5.48EB99503533C27AC6135648E5474457] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:16:42.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/01/2008 - 08:41:30.) -- C:\Windows\system32\Drivers\atapi.sys [21560] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/01/2008 - 06:49:51.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.A3E9FA213F443AC77C7746119D13FEEC] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:24:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.C87B1EE051C0464491C1A7B03FA0BC99] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/01/2008 - 05:30:49.) -- C:\Windows\system32\Drivers\HDAudBus.sys [53760] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:49:35.) -- C:\Windows\system32\Drivers\MRxSmb.sys [105984] [MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] - (.Microsoft Corporation - MBT Transport driver.) (.19/01/2008 - 06:55:35.) -- C:\Windows\system32\Drivers\netBT.sys [184320] [MD5.B4EFFE29EB4F15538FD8A9681108492D] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/01/2008 - 08:43:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1081912] [MD5.8A79FDF04A73428597E2CAF9D0D67850] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/01/2008 - 06:49:33.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688] [MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] - (.Microsoft Corporation - SMB Transport driver.) (.19/01/2008 - 06:55:27.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.D09276B1FAB033CE1D40DCBDF303D10F] - (.Microsoft Corporation - TDI Translation Driver.) (.19/01/2008 - 06:55:58.) -- C:\Windows\system32\Drivers\tdx.sys [71680] [MD5.D8B4A53DD2769F226B3EB374374987C9] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/01/2008 - 08:42:48.) -- C:\Windows\system32\Drivers\volsnap.sys [227896] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/497 ~ Mes musiques (My Musics) : 1/217 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/44 ~ Mes Documents (My Documents) : 0/5033 ~ Mon Bureau (My Desktop) : 0/1089 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 05s ---\\ Processus lancés [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.644] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3700] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2948] [MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.2924] [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472] [PID.3148] [MD5.5A70C964A8D39B329AE02294DBA5F49D] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2launcher.exe [40352] [PID.2260] [MD5.87AC3175FA9C5FD5BAD55654C4E381F8] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\java.exe [174496] [PID.4068] [MD5.9C8A63AB622C5258C940E6D737C8F374] - (.Microsoft Corporation - Sauvegarde Microsoft® Windows.) -- C:\Windows\system32\sdclt.exe [1169408] [PID.2888] [MD5.F96EBC5A624349D81DCC7600A3C5DC43] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.5716] [MD5.DC79F4167BF4067CC0F2C72E4E6040B3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6808576] [PID.7836] [MD5.0BA91E1358AD25236863039BB2609A2E] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [2623488] [PID.1236] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1932] [MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1616] [MD5.517D30057C726C797764BFD70A55D82A] - (.CyberLink - CLMSServer.) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448] [PID.1832] [MD5.D72B2DAE9E73C58D6E09C3D782AA1E23] - (.Pas de propriétaire - MemCheck.Service.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672] [PID.480] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.12] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1468] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.524] [MD5.F54907AA07F60AFF81E1E09E97AF98B0] - (.HiTRSUT - eDataSecurity Service.) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512] [PID.1000] [MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.2124] [MD5.A7B084BFBBD582A843D2F5C35220F962] - (.Acer Inc. - eRecoveryService.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248] [PID.2428] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3120] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\carlos\AppData\Roaming\Mozilla\Firefox\Profiles\uevvjxtf.default\prefs.js M0 - MFSP: prefs.js [carlos - uevvjxtf.default] http://mail.aol.com ~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Barre d'outils MSN - [HKLM]{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} . (.Microsoft Corporation - MSN Toolbar extension.) -- C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: BearShare.lnk . (.MusicLab, LLC - BearShare.) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe =>PUP.BearShare O4 - GS\QuickLaunch: Démarrer AntiVir.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (...) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (.not file.) O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: BearShare - Raccourci.lnk . (...) -- C:\Users\carlos\Music\BearShare =>PUP.BearShare O4 - GS\Desktop: Explor@ Park.lnk . (...) -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: MioMore Desktop 7.50.lnk . (.MiTAC International Corporation - MioMore.) -- C:\Program Files\Mio\MioMore Desktop 7.50\MioMore.exe O4 - GS\Desktop: Money Manager Ex.lnk . (.TheZeal Software - Money Management Software.) -- C:\Program Files\Money Manager Ex\mmex.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -- Clé orpheline O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) - http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploader5.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{6061B5AD-EE00-4613-A2E9-5AA114456A5D}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS3\Services\Tcpip\..\{C2937C9C-1951-43C3-9E04-3E4E75D83DFF}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS3\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} . (.Google Inc. - Fast Search.) -- C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 11 Legitimates Filtered in 00mn 08s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg O24 - Desktop General: WallPaper - .(...) - C:\Windows\Web\wallpaper\Acer03.jpg ~ Desktop Component: 1 Legitimates Filtered in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (lsdelete) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Defraggler Volume C Task.job [400] [MD5.ACF05A48902BE508ABFE7000C40665EB] [APT] [Defraggler Volume C Task] (.Piriform Ltd.) -- C:\Program Files\Defraggler\df.exe [948064] [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask [MD5.00000000000000000000000000000000] [APT] [{8708C276-78BA-4A06-891F-EEAE21F57A74}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_XG760Acomplet.zip\XG760Acomplet\Driver\Setup.exe (.not file.) [0] [MD5.CD38EEB916CF8BEDC37DF0FC4ECC5DE8] [APT] [{89FBDADF-ECC4-4D47-B979-C5036BCB2A68}] (.Kaspersky Lab.) -- C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe [65536] [MD5.00000000000000000000000000000000] [APT] [{8D9136CA-213C-4029-A9EC-91645A0D67CE}] (...) -- C:\Users\carlos\Desktop\KevtrisSetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{961AFDE0-74D3-4D7B-A7BA-1B8159F48445}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_ZNsoftXp[1].zip\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BBCA9A73-3416-4B5D-AFBB-3EF127F77C50}] (...) -- E:\autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C840C28A-B5A8-4637-ABD8-30AA0C8B4482}] (...) -- E:\setup.exe (.not file.) [0] [MD5.9C222EA27F30BF6F43B2C9E0755BEF9E] [APT] [{CE0DB5FF-4E7A-4B81-9690-343A18A4DD8C}] (.Cendant Software Inc..) -- C:\Program Files\Sierra On-Line\sutil32.exe [910848] [MD5.00000000000000000000000000000000] [APT] [{F9C16F13-45D7-4819-9EFB-96B5275A6048}] (...) -- C:\Users\carlos\AppData\Local\Temp\Temp1_Utility_XG760A.zip\Utility\Setup.exe (.not file.) [0] ~ Scheduled Task: 19 Legitimates Filtered in 00mn 04s ---\\ Logiciels installés (O42) O42 - Logiciel: Money Manager Ex 0.9.2.0 (beta) - (.TheZeal Software.) [HKLM] -- Money Manager Ex_is1 O42 - Logiciel: Presto! Mr. Photo 4 - (.NewSoft Technology Corporation.) [HKLM] -- {CAF7A270-55D5-455F-B0D1-6C51EADC1C3A} O42 - Logiciel: Presto! VideoWorks 6 - (.NewSoft Technology Corporation.) [HKLM] -- {B0C0F5E6-10B1-11D6-9296-0050BA073EEC} O42 - Logiciel: eMule - (...) [HKLM] -- eMule ~ Logic: 72 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BearShare] =>PUP.BearShare [HKCU\Software\Galerie photo et imagerie HP] [HKCU\Software\SpeedMaxPc] [HKCU\Software\eMule] [HKLM\Software\BearShare] =>PUP.BearShare [HKLM\Software\CAPI20] [HKLM\Software\CPUCooL] [HKLM\Software\NewSoft] [HKLM\Software\OTMoveIt] [HKLM\Software\SINFONI] [HKLM\Software\SpeedMaxPc] ~ Key Software: 151 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 14/06/2012 - 08:18:34 - [42,971] ----D C:\Program Files\BearShare Applications =>PUP.BearShare O43 - CFD: 04/05/2011 - 10:40:21 - [10,401] ----D C:\Program Files\eMule O43 - CFD: 29/12/2008 - 15:07:57 - [0,008] ----D C:\Program Files\inKline Global O43 - CFD: 30/05/2012 - 13:26:18 - [0,000] ----D C:\Program Files\LimeWire O43 - CFD: 12/09/2012 - 12:13:40 - [8,468] ----D C:\Program Files\Money Manager Ex O43 - CFD: 19/09/2009 - 00:05:30 - [296,018] ----D C:\Program Files\NewSoft O43 - CFD: 29/03/2009 - 17:31:21 - [0,473] ----D C:\Program Files\ZNsoft Corporation O43 - CFD: 19/09/2009 - 00:05:31 - [9,902] ----D C:\Program Files\Common Files\NewSoft O43 - CFD: 27/12/2012 - 03:02:31 - [0,004] ----D C:\ProgramData\1F2C3 O43 - CFD: 14/06/2012 - 08:05:55 - [0,078] ----D C:\ProgramData\BearShare =>PUP.BearShare O43 - CFD: 04/05/2011 - 10:40:40 - [0] ----D C:\ProgramData\eMule O43 - CFD: 19/09/2009 - 00:06:41 - [0,001] ----D C:\ProgramData\Newsoft O43 - CFD: 13/09/2012 - 01:06:21 - [0] ----D C:\ProgramData\SpeedMaxPc O43 - CFD: 03/08/2012 - 08:58:55 - [1,884] --H-D C:\ProgramData\{0F7E88C4-5411-4624-880C-8C0A662067C7} O43 - CFD: 14/04/2013 - 13:20:57 - [0,001] ----D C:\Users\carlos\AppData\Roaming\BleachBit O43 - CFD: 10/01/2009 - 12:35:00 - [0] ----D C:\Users\carlos\AppData\Roaming\Smart PC Solutions O43 - CFD: 13/09/2012 - 00:58:12 - [0] ----D C:\Users\carlos\AppData\Roaming\SpeedMaxPc O43 - CFD: 02/01/2013 - 10:35:48 - [85,296] ----D C:\Users\carlos\AppData\Local\BearShare =>PUP.BearShare O43 - CFD: 04/05/2011 - 10:40:21 - [0,089] ----D C:\Users\carlos\AppData\Local\eMule O43 - CFD: 19/09/2009 - 00:23:16 - [0,038] ----D C:\Users\carlos\AppData\Local\NewSoft O43 - CFD: 14/08/2012 - 00:30:51 - [0,000] ----D C:\Users\carlos\AppData\Local\rencontreshard ~ Program Folder: 202 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.3FD521040AD829E141A2798BB902A918] - 16/04/2013 - 07:02:51 ---A- . (...) -- C:\Windows\win.ini [239] ~ Files: 11 Legitimates Filtered in 00mn 24s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.1F5B154DC45A37E88ABD5E5855204098] - 14/04/2013 - 11:45:24 ---A- - C:\Windows\Prefetch\VSSADMIN.EXE-9FF2C6A1.pf O45 - LFCP:[MD5.3832A0D422123B02E56FF29570E238A3] - 14/04/2013 - 11:58:25 ---A- - C:\Windows\Prefetch\WINVER.EXE-D053C8CF.pf O45 - LFCP:[MD5.659DBFE1599F436C56E434C8C7BFA48C] - 14/04/2013 - 12:03:41 ---A- - C:\Windows\Prefetch\VSP1CLN.EXE-41AD9BBB.pf O45 - LFCP:[MD5.D15DBA5217A1D160CB57395496982AB9] - 14/04/2013 - 12:21:05 ---A- - C:\Windows\Prefetch\BLEACHBIT.EXE-93D97AE2.pf O45 - LFCP:[MD5.30D738C206EF72619A8A416D80481402] - 15/04/2013 - 13:58:48 ---A- - C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf O45 - LFCP:[MD5.35EF654AD5DCE54FBBF5AABC3AC09B71] - 17/04/2013 - 07:55:48 ---A- - C:\Windows\Prefetch\STCLIENT_WRAPPER.EXE-7A90E0B8.pf ~ Prefetcher: 130 Legitimates Filtered in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\32473346.sys . (...) -- C:\Windows\System32\Drivers\32473346.sys (.not file.) ~ CSB: 23 Legitimates Filtered in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.NSVI"="nsvideo.dll" . (...) -- C:\Windows\System32\nsvideo.dll ~ TDSD: 8 Legitimates Filtered in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\ZNsoft Optimizer Xp [Key] . (.ZNsoft Corporation - Optimisation complète de windows NT, et de.) -- C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe ~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "UacDisableNotify"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=0 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.F8E916DD0DE892A3BD9F6CC686100960] - 05/02/2007 - 10:15:26 ---A- . (.NewSoft Technology Corporation - Achernar.sys.) -- C:\Windows\System32\Drivers\Achernar.sys [18432] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 02/02/2026 - 05:56:16 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0293.JPG [992632] O61 - LFC: 02/02/2026 - 05:56:16 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\100_0293.JPG [992632] O61 - LFC: 02/02/2026 - 05:56:28 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0294.JPG [1042048] O61 - LFC: 02/02/2026 - 05:56:38 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0295.JPG [1035280] O61 - LFC: 09/02/2026 - 00:31:08 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0301.JPG [1073732] O61 - LFC: 09/02/2026 - 00:31:18 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0302.JPG [1104816] O61 - LFC: 09/02/2026 - 00:52:04 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0313.JPG [1214356] O61 - LFC: 09/02/2026 - 00:52:14 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0314.JPG [1196792] O61 - LFC: 09/02/2026 - 00:52:14 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\100_0314.JPG [1196792] O61 - LFC: 09/02/2026 - 00:52:44 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 28\100_0315.JPG [1162268] O61 - LFC: 09/02/2026 - 00:52:44 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\100_0315.JPG [1162268] O61 - LFC: 12/10/2024 - 01:36:58 ---A- C:\Users\carlos\Documents\foto\100VIDEO\MPEG0006.AVI [30109668] O61 - LFC: 12/10/2024 - 01:38:36 ---A- C:\Users\carlos\Documents\foto\100VIDEO\MPEG0008.AVI [1114658] O61 - LFC: 12/10/2024 - 01:41:44 ---A- C:\Users\carlos\Documents\foto\100VIDEO\MPEG0007.AVI [50776266] O61 - LFC: 14/04/2013 - 08:14:59 ---A- C:\Users\carlos\Downloads\adwcleaner(2).exe [613083] O61 - LFC: 14/04/2013 - 08:54:16 ---A- C:\Users\carlos\Downloads\BootVis-Tool.exe [336752] O61 - LFC: 14/04/2013 - 08:55:31 ---A- C:\Users\carlos\Downloads\BootVis-Tool(1).exe [336752] O61 - LFC: 14/04/2013 - 11:34:54 ---A- C:\Users\carlos\Documents\.bat [67] O61 - LFC: 14/04/2013 - 12:20:19 ---A- C:\Users\carlos\Downloads\BleachBit-0.9.3-setup.exe [6287231] O61 - LFC: 15/04/2013 - 14:07:35 ---A- C:\Users\carlos\AppData\Local\GDIPFONTCACHEV1.DAT [106600] O61 - LFC: 23/01/2026 - 02:50:34 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0280.JPG [1103048] O61 - LFC: 23/01/2026 - 02:50:34 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0280.JPG [1103048] O61 - LFC: 23/01/2026 - 02:50:44 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0281.JPG [795700] O61 - LFC: 23/01/2026 - 02:50:44 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0281.JPG [795700] O61 - LFC: 23/01/2026 - 02:51:12 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0282.JPG [1171496] O61 - LFC: 23/01/2026 - 02:51:12 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0282.JPG [1171496] O61 - LFC: 23/01/2026 - 02:51:56 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0283.JPG [861024] O61 - LFC: 23/01/2026 - 02:51:56 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0283.JPG [861024] O61 - LFC: 23/01/2026 - 02:52:06 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0284.JPG [1036396] O61 - LFC: 23/01/2026 - 02:52:06 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\19. 20 octobre 2007\100_0284.JPG [1036396] O61 - LFC: 23/12/2025 - 04:20:50 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\18. 19 septembre 2007\100_0260.JPG [1103764] O61 - LFC: 23/12/2025 - 04:20:50 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\18. 19 septembre 2007\100_0260.JPG [1103764] O61 - LFC: 23/12/2025 - 04:21:04 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\18. 19 septembre 2007\100_0261.JPG [1072028] O61 - LFC: 23/12/2025 - 04:21:04 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\18. 19 septembre 2007\100_0261.JPG [1072028] O61 - LFC: 31/01/2026 - 06:05:14 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0285.JPG [966252] O61 - LFC: 31/01/2026 - 06:05:14 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0285.JPG [966252] O61 - LFC: 31/01/2026 - 06:05:24 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0286.JPG [996944] O61 - LFC: 31/01/2026 - 06:05:24 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0286.JPG [996944] O61 - LFC: 31/01/2026 - 06:05:40 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0287.JPG [1013888] O61 - LFC: 31/01/2026 - 06:05:40 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0287.JPG [1013888] O61 - LFC: 31/01/2026 - 06:05:58 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0288.JPG [971492] O61 - LFC: 31/01/2026 - 06:05:58 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0288.JPG [971492] O61 - LFC: 31/01/2026 - 06:06:40 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0290.JPG [1006440] O61 - LFC: 31/01/2026 - 06:06:40 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0290.JPG [1006440] O61 - LFC: 31/01/2026 - 06:07:04 ---A- C:\Users\carlos\Documents\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0292.JPG [1003340] O61 - LFC: 31/01/2026 - 06:07:04 ---A- C:\Users\carlos\Documents\sd dernier\nouveau 55\CONSTUCTION\FOTOS\20. 27 octobre 2007\100_0292.JPG [1003340] ~ 13 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 77 Legitimates Filtered in 04mn 44s ---\\ Alternate Data Stream File (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\WlanUZXP.sys:Zone.Identifier ~ ADS: Scanned in 00mn 05s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 29/09/2009 - C:\Windows\System32\Drivers\AFS.sys (AFS) .(.Oak Technology Inc. - Audio File System.) - LEGACY_AFS O64 - Services: CurCS - 13/08/2007 - C:\Windows\System32\Ati2evxx.exe (Ati External Event Utility) .(.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - LEGACY_ATI_EXTERNAL_EVENT_UTILITY O64 - Services: CurCS - 25/04/2007 - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (eDataSecurity Service) .(.HiTRSUT - eDataSecurity Service.) - LEGACY_EDATASECURITY_SERVICE ~ Legacy: 117 Legitimates Filtered in 00mn 01s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {24C494B6-F371-4191-95E0-895346775390} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {4A3236AD-47F6-4A7C-A4B2-A24D3808D98E} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.21EEE83B1ABD742D6D29F58808B8FCDD] [SPRF][24/07/2012] (...) -- C:\Users\carlos\AppData\Local\d3d9caps.dat [680] [MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][14/04/2013] (...) -- C:\Users\carlos\AppData\Local\Temp\~gu-ver.dat [112] [MD5.AF70A48819AC04886B9995874BB5EB92] [SPRF][19/02/2009] (...) -- C:\Users\carlos\AppData\Roaming\wklnhst.dat [346] [MD5.8CE509A0E6BA3DE8AAE7D844634B2D06] [SPRF][14/06/2012] (.Musiclab, LLC - BearShare.) -- C:\Users\carlos\Desktop\BearShareV10fr.exe [2365816] =>PUP.BearShare [MD5.557F04A19184853CF475E90D7D2DDB48] [SPRF][14/10/2012] (.Apple Inc. - iTunes Installer.) -- C:\Users\carlos\Desktop\iTunesSetup.exe [78545304] [MD5.1ED3217D714FACBE53DAC2BD62B34F85] [SPRF][02/02/2010] (.Microsoft Corporation - Windows Live Installer.) -- C:\Users\carlos\Desktop\wlsetup-web.exe [1164616] [MD5.B88FC4BD8674DE4C314844864D0D4166] [SPRF][17/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\carlos\Desktop\ZHPDiag2.exe [5574753] ~ Files: Scanned in 00mn 02s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{C6536C4E-D15F-409F-A87E-CF3665D92C1B}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P6 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare O87 - FAEL: "UDP Query User{5C51BA81-E2DC-4A99-AFA3-E0DEC98304B2}C:\program files\bearshare applications\bearshare\bearshare.exe" | In - Public - P17 - TRUE | .(.MusicLab, LLC.) -- C:\program files\bearshare applications\bearshare\bearshare.exe =>PUP.BearShare ~ Firewall: 230 Legitimates Filtered in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.11560 - (16/04/2013) Clés trouvées (Keys found) : 13 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{31F8B21E-8674-4589-A37F-31A4D4B55CC5}] =>PUP.BearShare [HKLM\Software\Classes\AppID\{756C097C-6BDB-45de-A8F1-83E01AB86BA4}] =>PUP.BearShare [HKLM\Software\Classes\AppID\BearShare.exe] =>PUP.BearShare [HKLM\Software\Classes\askibar.popswatterbarbutton] =>Toolbar.AskTBar [HKLM\Software\Classes\askibar.popswatterbarbutton.1] =>Toolbar.AskTBar [HKLM\Software\Classes\askibar.popswattersettingscontrol] =>Toolbar.AskTBar [HKLM\Software\Classes\askibar.popswattersettingscontrol.1] =>Toolbar.AskTBar [HKLM\Software\Classes\asktoolbar.settingsplugin] =>Toolbar.AskTBar [HKLM\Software\Classes\asktoolbar.settingsplugin.1] =>Toolbar.AskTBar [HKCU\Software\SpeedMaxPc] =>PUP.SpeedMaxPc [HKLM\Software\SpeedMaxPc] =>PUP.SpeedMaxPc [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing C:\Program Files\BearShare Applications =>PUP.BearShare C:\ProgramData\SpeedMaxPc =>PUP.SpeedMaxPc C:\Users\carlos\AppData\Roaming\SpeedMaxPc =>PUP.SpeedMaxPc ~ Additionnel: Scanned in 00mn 31s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe SR - | Auto 21/06/2007 269448 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 28/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 28/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SS - | Demand 13/08/2007 610304 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe SR - | Auto 25/04/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe SS - | Demand 28/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 262247 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 19/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by carlos at 17/04/2013 18:32:18 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1301 Legitimates filtered by white list End of the scan (598 lines in 08mn 42s)(0)