Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 2013-04-22 Run by Utilisateur at 2013-04-23 11:00:17 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Kaspersky Anti-Virus 2011 v11.0.2.556 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v4.00 ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader X Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2044 MB (59% free) System Restore: Activé (Enable) System drive C: has 183 GB (61%) free of 298 GB ---\\ Logged in mode ~ Computer Name: SEANIX-2EEE4210 ~ User Name: Utilisateur ~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Utilisateur\Application Data\ ~ %Desktop% : C:\Documents and Settings\Utilisateur\Bureau\ ~ %Favorites% : C:\Documents and Settings\Utilisateur\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Utilisateur\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 183 Go of 298 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 149 Go) J:\ CD-ROM drive (Free 0 Go of 0 Go) L:\ Hard drive, Flash drive, Thumb drive (Free 529 Go of 931 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.2008-04-13 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2013-03-01 - 20:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.2008-04-13 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-08-17 - 08:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2008-04-13 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-04-13 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2008-04-13 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.2008-04-13 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.2008-04-13 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-04-13 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2008-04-13 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-04-13 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.2008-04-13 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-07-15 - 08:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.2008-04-13 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.2008-04-13 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.2008-04-13 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-04-13 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-04-13 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.2008-04-13 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2008-04-13 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/159 ~ Mes musiques (My Musics) : 1/2128 ~ Mes Videos (My Videos) : 2/7 ~ Mes Favoris (My Favorites) : 1/133 ~ Mes Documents (My Documents) : 1/7838 ~ Mon Bureau (My Desktop) : 1/52067 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 01mn 11s ---\\ Processus lancés [MD5.A86A2F2B2BF5D5EED075B6417DE5CF1C] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) -- C:\WINDOWS\system32\nvsvc32.exe [154216] [PID.1128] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.448] [MD5.B2B3FCBA37671C853879DF7DDE8A839A] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336] [PID.596] [MD5.0C83FC56707BF68DB04947052A8188B1] - (.Nalpeiron Ltd. - Nalpeiron Highend Service.) -- C:\WINDOWS\system32\ASTSRV.exe [57344] [PID.1876] [MD5.7BE48C578124BBF4C1FAAFB4E718A4CC] - (.Apple Inc. - iTunesHelper.) -- I:\itunes\iTunesHelper.exe [152392] [PID.244] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.240] [MD5.68B86DD9D455A6A8DE6D13C84FB5CE31] - (.ArcSoft, Inc. - UACTokenSvc.) -- C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [83512] [PID.1280] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.648] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.864] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.848] [MD5.E999FB003CA8128F02D9B4CBAA8F493B] - (.Pas de propriétaire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [24576] [PID.1600] [MD5.EE38D491D51FB79B7CA55500F20CD802] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe [311584] [PID.1636] [MD5.F34B35F6F74E28A460749DA11D1117F8] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [79136] [PID.1936] [MD5.E66286727FBF58EB323625AF3EFDA53E] - (.Lexar Media, Inc. - Secure II Service.) -- C:\WINDOWS\system32\LxrSII1s.exe [65536] [PID.1240] [MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\WINDOWS\system32\PSIService.exe [177704] [PID.2376] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [189728] [PID.2404] [MD5.02682AE021F0FB92F5768B49776B8B5B] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3232] [MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.4040] [MD5.69A022AF566272F9BA43BBE8ADB0478C] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe [129720] [PID.3264] [MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6961664] [PID.3692] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2032] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ~ Google Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- I:\itunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (.not file.) O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LxrAutorun] . (.Pas de propriétaire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [LxrAutorun] . (.Pas de propriétaire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Eye Candy 5.0 Nature Manual.lnk . (...) -- I:\Filtres\Alien Skin\Alien Skin\Eye Candy 5 Nature\ec5nature.pdf O4 - GS\Programs: Eye Candy 5.0 Textures Manual.lnk . (...) -- I:\Filtres\Alien Skin\Alien Skin\Eye Candy 5 Textures\ec5textures.pdf O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Xenofex 2 Manual.lnk . (...) -- I:\Filtres\Xenofex 2\Xenofex 2\Xenofex 2\xenofex2.pdf O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kbrd.ico O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\logo.ico O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} ((no name)) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1306897658484 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342273393135 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin O17 - HKLM\System\CS1\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin O17 - HKLM\System\CS2\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Nalpeiron Licensing Service (ASTSRV) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\WINDOWS\system32\ASTSRV.exe O23 - Service: Lexar Secure II (LxrSII1s) . (.Lexar Media, Inc. - Secure II Service.) - C:\WINDOWS\system32\LxrSII1s.exe O23 - Service: Pos Service (PowerOffer Service) . (.PowerOfferService - PowerOfferService.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe ~ Services: 13 Legitimates Filtered in 00mn 08s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AV Bros. Page Curl Pro 2.2 (Remove Only) - (...) [HKLM] -- AV Bros. Page Curl Pro 2.2 O42 - Logiciel: PowerOffer 2.0 - (...) [HKLM] -- {0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 O42 - Logiciel: Vizros Plug-ins 4.1 - (...) [HKLM] -- Vizros Plug-ins 4.1 O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM] -- uTorrent ~ Logic: 133 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ATS-FFormula] [HKCU\Software\Axion] [HKCU\Software\BitTorrent] [HKCU\Software\Image Content Technology] [HKCU\Software\Lexar Media] [HKCU\Software\Lokas Ltd] [HKCU\Software\Panopticum] [HKCU\Software\RAYflect] [HKLM\Software\Flaming Pear] [HKLM\Software\Lexar Media] [HKLM\Software\PowerOffer] [HKLM\Software\Vizros] ~ Key Software: 194 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2011-06-10 - 14:17:09 - [0,998] ----D C:\Program Files\FMPatcher O43 - CFD: 2013-04-05 - 13:44:11 - [1,382] ----D C:\Program Files\UltraTorrent O43 - CFD: 2012-01-29 - 17:16:59 - [0,568] ----D C:\Documents and Settings\Utilisateur\Application Data\BitTorrent O43 - CFD: 2013-04-10 - 10:19:31 - [1,221] ----D C:\Documents and Settings\Utilisateur\Application Data\uTorrent O43 - CFD: 2011-08-15 - 09:09:08 - [0,051] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media O43 - CFD: 2012-01-29 - 22:07:39 - [1,385] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService O43 - CFD: 2012-01-29 - 22:07:22 - [1,583] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PowerOffer O43 - CFD: 2013-01-22 - 13:32:50 - [1,273] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\ServUpdater O43 - CFD: 2011-12-02 - 21:12:23 - [0,003] ----D C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\AV Bros. Page Curl Pro 2.2 ~ Program Folder: 144 Legitimates Filtered in 00mn 49s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.AC55384422D968B178E8F426536F39E6] - 2013-04-09 - 18:03:27 ---A- . (...) -- C:\colorbox.log [1027] O44 - LFC:[MD5.35E7D1FCBD9A3DAD49942CA15ACA3621] - 2013-04-21 - 09:10:56 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [2828] O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 2013-04-21 - 12:33:45 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69] O44 - LFC:[MD5.CA753D44C640042D366EC5CFCB02ECA4] - 2013-04-22 - 07:11:42 ---A- . (...) -- C:\WINDOWS\wmsetup.log [404] O44 - LFC:[MD5.79D2C74CF90D7E0151C7BB7D226384C8] - 2013-04-23 - 08:09:53 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [272291] O44 - LFC:[MD5.CB90CD8A53B4C7BE4250EB0F372E63D6] - 2013-04-23 - 08:10:41 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.5E96A13FD6504AB8EA8EF45F5B9933CB] - 2013-04-23 - 08:10:42 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] ~ Files: 18 Legitimates Filtered in 00mn 08s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "I:\§ç®iþtFiX\mirc.exe" [Enabled] .(.mIRC Co. Ltd..) -- I:\§ç®iþtFiX\mirc.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Bureau\Visicom Media\FTPExpert2\FTPxpert.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Documents and Settings\Utilisateur\Bureau\Visicom Media\FTPExpert2\FTPxpert.exe O47 - AAKE:Key Export SP - "C:\Program Files\UltraTorrent\UltraTorrent.exe" [Enabled] .(...) -- C:\Program Files\UltraTorrent\UltraTorrent.exe (.not file.) O47 - AAKE:Key Export SP - "I:\Program Files\uTorrent.exe" [Enabled] .(.BitTorrent Inc..) -- I:\Program Files\uTorrent.exe ~ Keys Export: 12 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] - 2009-11-18 - 07:16:00 ---A- . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\system32\Drivers\Ambfilt.sys [1691480] O58 - SDL:[MD5.7A00D91D474906A4BA13BAD73BA911C3] - 2011-02-08 - 09:55:41 RSH-- . (...) -- C:\WINDOWS\system32\0F80E665DF.sys [88] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 2008-05-19 - C:\WINDOWS\system32\ASTSRV.exe (ASTSRV) .(.Nalpeiron Ltd. - Nalpeiron Highend Service.) - LEGACY_ASTSRV O64 - Services: CurCS - 2010-07-01 - C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (BackupService) .(.ArcSoft, Inc. - UACTokenSvc.) - LEGACY_BACKUPSERVICE O64 - Services: CurCS - 2011-08-30 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 2009-12-30 - C:\WINDOWS\system32\Drivers\LxrSII1d.sys (LxrSII1d) .(.Lexar Media, Inc. - Secure II Driver.) - LEGACY_LXRSII1D O64 - Services: CurCS - 2009-12-30 - C:\WINDOWS\system32\LxrSII1s.exe (LxrSII1s) .(.Lexar Media, Inc. - Secure II Service.) - LEGACY_LXRSII1S O64 - Services: CurCS - 2011-12-16 - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe (PowerOffer Service) .(.PowerOfferService - PowerOfferService.) - LEGACY_POWEROFFER_SERVICE O64 - Services: CurCS - 2007-06-05 - C:\WINDOWS\system32\PSIService.exe (ProtexisLicensing) .(.Pas de propriétaire - nTitles PSIService.) - LEGACY_PROTEXISLICENSING ~ Legacy: 132 Legitimates Filtered in 00mn 01s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {D3930A06-6C5D-447D-A99E-C18E6BF44549} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.E0D0DADED0B8643DB22B78BC86A208F7] [SPRF][2011-02-05] (...) -- C:\Documents and Settings\All Users\Application Data\0F80E665DF.sys [88] [MD5.9F69F438E2372D4E0DD2AAF804D0A011] [SPRF][2013-03-18] (...) -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [5642] [MD5.E1B1417C72774E918C8EE0AB44B4F7E7] [SPRF][2013-04-23] (...) -- C:\Documents and Settings\Utilisateur\Bureau\adwcleaner.exe [619461] [MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][2002-10-02] (...) -- C:\Documents and Settings\Utilisateur\Bureau\BesCheReLle.exe [635392] [MD5.A6FCE5C91A077492A776476094C84C72] [SPRF][2011-09-07] (.Corel Software, Inc. - PSP Plugin Host DLL.) -- C:\Documents and Settings\Utilisateur\Bureau\CmdPluginHost.dll [301568] [MD5.D03F39A2F63D2920FBD4880D4A6AC42B] [SPRF][2013-04-23] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Utilisateur\Bureau\ZHPDiag2.exe [5598615] [MD5.632E0CE38FBCADEAAE28077F4C9C45D5] [SPRF][2010-10-21] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r102.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2827728] ~ Files: Scanned in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.11647 - (2013-04-22) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit [HKLM\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>Toolbar.Conduit [HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit ~ Additionnel Scan: 217534 Items scanned in 00mn 27s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2013-04-13 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 2008-05-19 57344 | (ASTSRV) . (.Nalpeiron Ltd..) - C:\WINDOWS\system32\ASTSRV.exe SR - | Auto 2010-11-02 365336 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe SR - | Auto 2010-07-01 83512 | (BackupService) . (.ArcSoft, Inc..) - C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 2008-04-13 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 2011-02-05 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2011-02-05 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2012-08-29 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 2013-02-18 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 2013-03-08 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 2007-07-25 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe SR - | Auto 2009-12-30 65536 | (LxrSII1s) . (.Lexar Media, Inc..) - C:\WINDOWS\system32\LxrSII1s.exe SS - | Demand 2007-06-01 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe SR - | Auto 2009-11-20 154216 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Auto 2011-12-16 164352 | (PowerOffer Service) . (.PowerOfferService.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe SR - | Auto 177704 | (ProtexisLicensing) . (...) - C:\WINDOWS\system32\PSIService.exe SR - | Auto 2010-03-10 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe ~ Services: Scanned in 00mn 00s ~ 825 Legitimates filtered by white list End of the scan (474 lines in 03mn 02s)(0)