Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 2013-04-22 Run by galie at 2013-04-23 10:56:21 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 24367 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Kaspersky Anti-Virus 2011 v11.0.2.556 Malwarebytes Anti-Malware version 1.75.0.1300 Norton Internet Security v16.7.0.30 Windows Defender W7 ---\\ System Optimizer CCleaner v4.00 ---\\ Software Update Adobe Flash Player 10 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2936 MB (52% free) System Restore: Activé (Enable) System drive C: has 167 GB (58%) free of 287 GB ---\\ Logged in mode ~ Computer Name: GALIE-THINK ~ User Name: galie ~ All Users Names: HomeGroupUser$, galie, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\galie\AppData\Roaming\ ~ %Desktop% : C:\Users\galie\Desktop\ ~ %Favorites% : C:\Users\galie\Favorites\ ~ %LocalAppData% : C:\Users\galie\AppData\Local\ ~ %StartMenu% : C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 167 Go of 287 Go) D:\ CD-ROM drive (Not Inserted) Q:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 10 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-02-21 - 22:38:00.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2010-11-20 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-04-24 - 21:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-03-02 - 00:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 05:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1082 ~ Mes musiques (My Musics) : 1/9534 ~ Mes Videos (My Videos) : 2/16 ~ Mes Favoris (My Favorites) : 1/159 ~ Mes Documents (My Documents) : 3/25733 ~ Mon Bureau (My Desktop) : 2/34912 ~ Menu demarrer (Programs) : 1/28 ~ Hidden Files: Scanned in 01mn 21s ---\\ Processus lancés [MD5.17DD73B0BBBB722B9BCBDD5F15223BB1] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe [52600] [PID.1900] [MD5.EF12244CD9CAD4F6A538CF1A415A3AC7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960] [PID.2280] [MD5.0BF10B23779565BC472BEEBE3B9A20D9] - (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976] [PID.2372] [MD5.2B083A7AD8DF8698159480A3D53E8B84] - (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe [62752] [PID.2384] [MD5.72D9419E4AA1C40C9E34821722D335C8] - (.Lenovo Group Limited - On screen display drawer.) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe [67432] [PID.2432] [MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2492] [MD5.7B5384F7DF6327BA351BCAAF9455A1AD] - (.Lenovo Group Limited - ThinkPad UltraZoom.) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe [132464] [PID.2500] [MD5.DCEDB74733F562547150CB1D205452AC] - (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe [337184] [PID.2520] [MD5.BCE374383583CEA7C4D97368DF5DED31] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2564] [MD5.E6C697B63721C0FC29473962A97B0B0B] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2660] [MD5.364D7ED5BAE561AA31E56808D2482BA1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.2708] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2744] [MD5.3B376496187AB240FAC6ECD7BD1251F6] - (.Pas de propriétaire - Message Center Plus Launcher.) -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe [49976] [PID.2756] [MD5.66A3CF1B8A895FCB2A62599D2EAE3066] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736] [PID.2812] [MD5.B2B3FCBA37671C853879DF7DDE8A839A] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336] [PID.2056] [MD5.626F7FCA830F9BA95AD85569BB2038C9] - (.Synaptics Incorporated - TouchPad Driver Helper Application.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [128296] [PID.3064] [MD5.A9E1468F4959F9A4A04B90173D206B57] - (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [802304] [PID.3080] [MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.3168] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3376] [MD5.BF8650D4FEFB972A4A6A5FFC1F41C38C] - (.Microsoft Corporation - dpupdchk.exe.) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe [412552] [PID.3384] [MD5.8E0831382D3313E75614C9D85237B99F] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe [719672] [PID.3408] [MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3728] [MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.3820] [MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.4008] [MD5.CC37819A9C45FDF9E0577D71D8044319] - (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.4016] [MD5.EE38D491D51FB79B7CA55500F20CD802] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe [311584] [PID.1780] [MD5.497F27E279C0F921E2130BB89C1CB5CA] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [PID.1448] [MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.4356] [MD5.46DA8E7484AC7A52CE1D6E428398724B] - (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720] [PID.4516] [MD5.FBCD01BA4100D0433887B48E6CDD9B24] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7485440] [PID.4700] [MD5.889DCA119B467434D9AE727D9E8D9C01] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5008] [MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.5736] [MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.7784] [MD5.BAD663957F682F95B22C4E83AB49CB52] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [308368] [PID.7524] [MD5.7E6EA9CB72B5DE84A5D700BED877E5F9] - (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe [397312] [PID.6732] [MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6961664] [PID.5848] ~ Processes Running: Scanned in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [TPHOTKEY] . (.Lenovo Group Limited - On screen display message generator for Thi.) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [LENOVO.TPFNF6R] . (.Lenovo Group Limited - ThinkPad FnF6 Resident Module.) -- C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [TpShocks] . (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\Program Files\ThinkPad\UTILIT~1\PWMTR32V.dll (.not file.) O4 - HKLM\..\Run: [Message Center Plus] . (.Pas de propriétaire - Message Center Plus Launcher.) -- C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe O4 - HKLM\..\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe O4 - HKLM\..\Run: [AcWin7Hlpr] . (...) -- C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [Standby] . (.Corel - Standby service.) -- c:\Program Files\Common Files\Corel\Standby\Standby.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O4 - HKLM\..\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe O4 - HKLM\..\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (.not file.) O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ctfmon.exe] . (.Microsoft Corporation - Chargeur CTF.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\galie\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Users\galie\AppData\Local\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKUS\S-1-5-21-2420895831-1651165639-4177787578-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Corel PaintShop Photo Pro X3.lnk . (.Corel, Inc. - Corel PaintShop Photo Pro X3.) -- C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe O4 - GS\TaskBar: Corel PaintShop Pro X5.lnk . (.Corel, Inc. - Corel PaintShop Pro X5.) -- C:\Program Files\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\QuickLaunch: Nero Home.lnk . (.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe O4 - GS\QuickLaunch: Nero StartSmart.lnk . (.Nero AG - Nero StartSmart 8 Application.) -- C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - Global Startup: C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url . (...) -- C:\Users\galie\Desktop\LeQuotidienSurMonOrdi.url ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kbrd.ico O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) - http://game.zylom.com/activex/zylomgamesplayer.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin O17 - HKLM\System\CS1\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin O17 - HKLM\System\CS2\Services\Tcpip\..\{04E9C680-8249-4BCD-82B1-DCDE783950B7}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{62104491-ECB3-443A-87A7-FC6B551A2592}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{88C5DCAF-5D8C-4F58-8CCD-D65A123C8523}: DhcpDomain = Belkin O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\system32\klogon.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (AcPrfMgrSvc) . (.Lenovo - ThinkVantage Access Connections Profile Man.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe O23 - Service: (AcSvc) . (.Lenovo - ThinkVantage Access Connections Main Servic.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\Windows\system32\ASTSRV.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) . (.Lenovo - ThinkPad Power Management Service.) - C:\Windows\System32\ibmpmsvc.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) . (.Lenovo Group Limited - Microphone Mute Controll Service for ThinkP.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Pos Service (PowerOffer Service) . (.PowerOfferService - PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe O23 - Service: System Update (SUService) . (.Lenovo Group Limited - ThinkVantage System Update Service.) - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: Incrustation (TPHKSVC) . (.Lenovo Group Limited - On screen display Fn+Fx handler.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe ~ Services: 23 Legitimates Filtered in 00mn 13s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [GinyasBrowserCompanion FireFox Watcher] (...) -- C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (.not file.) [0] [MD5.37E0736B52AA748E2E28F231BBB03E30] [APT] [PMTask] (.Lenovo Group Limited.) -- C:\Program Files\ThinkPad\Utilities\PWMIDTSV.exe [173344] [MD5.00000000000000000000000000000000] [APT] [{184A209A-2310-47CD-B4F6-6D3D3FF7A739}] (...) -- C:\Users\galie\AppData\Local\Temp\JewelQuest3SDM.exe (.not file.) [0] [MD5.B59DEFC593FACABBEEF98107E5C6D142] [APT] [{FDD233D2-F961-4126-B8C9-06708C7B2A99}] (...) -- C:\Program Files\WinRAR\WinRAR.exe [936960] ~ Scheduled Task: 16 Legitimates Filtered in 00mn 05s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (lenovo.smi) . (.Lenovo Group Limited - SMI Driver for Lenovo system.) - C:\Windows\System32\DRIVERS\smiif32.sys O41 - Driver: (TPPWRIF) . (.Lenovo Group Limited - Power Manager.) - C:\Windows\System32\drivers\Tppwr32v.sys ~ Drivers: 81 Legitimates Filtered in 00mn 35s ---\\ Logiciels installés (O42) O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU] -- Akamai O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM] -- Akamai O42 - Logiciel: Gestionnaire d'alimentation ThinkPad - (...) [HKLM] -- {DAC01CEE-5BAE-42D5-81FC-B687E84E8405} O42 - Logiciel: Incrustation - (...) [HKLM] -- OnScreenDisplay O42 - Logiciel: Integrated Camera Driver Installer Package Ver.1.0.1.2 - (.RICOH.) [HKLM] -- {C3CD17B4-08B0-492D-8A4C-81716D33E520} O42 - Logiciel: Integrated Camera TWAIN - (.Chicony Electronics Co.,Ltd..) [HKLM] -- {9CA0DEE4-E84B-466F-9B96-FC255F3A929F} O42 - Logiciel: PowerOffer 2.0 - (...) [HKLM] -- {0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 O42 - Logiciel: Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows - (...) [HKLM] -- EnablePS O42 - Logiciel: Registry Patch to arrange icons in Device and Printers folder of Windows 7 - (...) [HKLM] -- W7DevOR O42 - Logiciel: The Font Thing - (...) [HKLM] -- The Font Thing O42 - Logiciel: ThinkPad Power Management Driver - (...) [HKLM] -- Power Management Driver O42 - Logiciel: ThinkPad UltraNav Driver - (...) [HKLM] -- SynTPDeinstKey O42 - Logiciel: UltraTorrent 2.0 - (.UltraTorrent.org.) [HKLM] -- {5BC7DF04-9FC0-4DF5-A219-2D272B234D8C}_is1 ~ Logic: 168 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ATS-FFormula] [HKCU\Software\Fisher] [HKCU\Software\Flaming Pear PV] [HKCU\Software\RAYflect] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\Topaz Labs] [HKCU\Software\VanDerLee] [HKLM\Software\Elf_1.15] [HKLM\Software\Fisher] [HKLM\Software\Macserlen] [HKLM\Software\PowerOffer] [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\ThinkVantage] [HKLM\Software\Topaz Labs] [HKLM\Software\Trymedia Systems] =>Adware.Trymedia ~ Key Software: 211 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2011-08-28 - 14:17:42 - [1,051] ----D C:\Program Files\Fisher O43 - CFD: 2012-03-29 - 11:07:56 - [0,999] ----D C:\Program Files\FMPatcher O43 - CFD: 2010-10-13 - 13:27:39 - [10,884] ----D C:\Program Files\Integrated Camera Driver O43 - CFD: 2011-07-13 - 14:23:32 - [3,114] ----D C:\Program Files\MakeUpPilot O43 - CFD: 2011-04-04 - 23:47:12 - [2,082] ----D C:\Program Files\malwarebite O43 - CFD: 2010-10-13 - 13:30:42 - [36,624] ----D C:\Program Files\ThinkPad O43 - CFD: 2010-10-13 - 13:32:31 - [0,012] ----D C:\Program Files\ThinkVantage O43 - CFD: 2012-06-26 - 23:16:05 - [8,621] ----D C:\Program Files\Topaz Labs O43 - CFD: 2013-04-11 - 10:55:44 - [6,905] ----D C:\Program Files\UltraTorrent O43 - CFD: 2013-04-23 - 07:42:05 - [30,439] ----D C:\Program Files\Common Files\Akamai O43 - CFD: 2013-04-05 - 11:27:05 - [1,852] ----D C:\Users\galie\AppData\Roaming\uTorrent O43 - CFD: 2013-03-18 - 11:36:55 - [32,441] ----D C:\Users\galie\AppData\Local\Akamai O43 - CFD: 2012-04-26 - 11:44:16 - [1,285] ----D C:\Users\galie\AppData\Local\LiveCraft O43 - CFD: 2011-04-04 - 23:02:30 - [0,006] ----D C:\Users\galie\AppData\Local\Panther O43 - CFD: 2012-06-04 - 16:15:15 - [1,385] ----D C:\Users\galie\AppData\Local\PosService O43 - CFD: 2012-06-04 - 16:15:03 - [1,582] ----D C:\Users\galie\AppData\Local\PowerOffer O43 - CFD: 2013-01-23 - 17:34:46 - [1,238] ----D C:\Users\galie\AppData\Local\ServUpdater O43 - CFD: 2011-07-13 - 14:23:32 - [0] ----D C:\Users\galie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeUpPilot ~ 539 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 813 Legitimates Filtered in 00mn 58s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 2013-04-22 - 19:35:04 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003] ~ Files: 45 Legitimates Filtered in 00mn 08s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\ACGina.dll ~ LSA: 10 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{441ffdee-d6ee-11df-8fb7-806e6f6e6963}\AutoRun\command. (.Lenovo Group Limited - Lenovo Factory Backup Partition Information.) -- Q:\LenovoQDrive.exe ~ Keys: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "HideSCAHealth"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.D623AF0D0DB0F13D32CAE34D3F0DAD39] - 2009-06-18 - 03:21:06 ----- . (.Ricoh co.,Ltd. - Ricoh USB Camera driver.) -- C:\Windows\System32\Drivers\5U877.sys [125568] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By TeamXscript - (.TeamXscript.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 2008-05-12 - C:\Windows\System32\DRIVERS\smiif32.sys (lenovo.smi) .(.Lenovo Group Limited - SMI Driver for Lenovo system.) - LEGACY_LENOVO.SMI O64 - Services: CurCS - 2009-08-23 - C:\Windows\System32\drivers\Tppwr32v.sys (TPPWRIF) .(.Lenovo Group Limited - Power Manager.) - LEGACY_TPPWRIF ~ Legacy: 95 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {591E527C-E9FC-424F-B38F-E97E698798F2} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {D7E280B4-8191-4C77-B8FC-177D4F326020} - (Softonic FR) - http://www.softonic.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.3D738EC947C0EDD6AF0D24F564C4744A] [SPRF][2011-01-24] (...) -- C:\ProgramData\8274819577.sys [88] [MD5.E3517457F6FBFA53B107E1F6B91A6DA6] [SPRF][2010-10-29] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.A9341B3337F3390CBE5C5417088187C4] [SPRF][2013-03-21] (...) -- C:\ProgramData\KGyGaAvL.sys [5642] [MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\pqr.exe [114688] [MD5.804C1F67CF44FD09C70261E6980594F6] [SPRF][2011-04-04] (.Microsoft Corporation - System Preparation Tool.) -- C:\Users\galie\AppData\Local\qxj.exe [114688] [MD5.B2AC8F6C8464929EB37E12AC1B065F95] [SPRF][2013-04-22] (...) -- C:\Users\galie\AppData\Local\Temp\secuniasi7231367373296541728.dll [192512] [MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][2002-10-02] (...) -- C:\Users\galie\Desktop\BesCheReLle.exe [635392] [MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][2006-06-30] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616] [MD5.D715A946E66028CDB04C9E9F8C7137F5] [SPRF][2007-03-20] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [205744] [MD5.2D54DAECBA60EB03F9E63DD50669F634] [SPRF][2008-10-24] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [488736] [MD5.7FAF5222EEB546E1DC0F348DCB314B0B] [SPRF][2006-08-29] (.Zylom Games - Zylom Games Player.) -- C:\Windows\Downloaded Program Files\zylomgamesplayer.dll [161976] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{5C6D31B4-4EE6-4791-9598-B520E0BBB185}C:\users\galie\desktop\§ç®iþtfix\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\§ç®iþtfix\mirc.exe O87 - FAEL: "UDP Query User{761567F0-3833-4058-9106-F76BB300D9EA}C:\users\galie\desktop\§ç®iþtfix\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\§ç®iþtfix\mirc.exe O87 - FAEL: "TCP Query User{92228B00-C2F4-4B19-A3F3-7B67B3412976}C:\users\galie\desktop\§ç®iþtfix\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\§ç®iþtfix\mirc.exe O87 - FAEL: "UDP Query User{226FD748-8DBE-473A-8DBC-3E67A0EA0FEA}C:\users\galie\desktop\§ç®iþtfix\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\users\galie\desktop\§ç®iþtfix\mirc.exe O87 - FAEL: "TCP Query User{935A329F-366D-480A-BE98-F59F651F85C5}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe O87 - FAEL: "UDP Query User{30D57E4C-BB23-425C-9980-659C68F2514B}C:\program files\ultratorrent\ultratorrent.exe" | In - Private - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe O87 - FAEL: "TCP Query User{3936E9BA-6C88-49C8-BB28-8FE4BAA34278}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P6 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe O87 - FAEL: "UDP Query User{7B267227-A1C8-4324-9DB4-D3C9AAFAEC71}C:\program files\ultratorrent\ultratorrent.exe" | In - Public - P17 - TRUE | .(.UltraTorrent.org - UltraTorrent.) -- C:\program files\ultratorrent\ultratorrent.exe ~ Firewall: 232 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11647 - (2013-04-22) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Elf_1.15] =>Toolbar.Conduit [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM ~ Additionnel Scan: 420624 Items scanned in 00mn 36s ---\\ Product Upgrade Codes (O90) O90 - PUC: "0335B4D39AEC85D438554727A95E72DC" . (.Topaz Clean 2.) -- C:\Windows\Installer\{3D4B5330-CEA9-4D58-8355-74729AE527CD}\_6FEFF9B68218417F98F549.exe O90 - PUC: "16F2A4AD62E115D449BB637D6787DBDA" . (.PSPH10Pro.) -- c:\Windows\Installer\{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}\ARPPRODUCTICON.exe O90 - PUC: "1A68418D17329504CA07A18B49CA696E" . (.AT&T Service Activation.) -- C:\Windows\Installer\{D81486A1-2371-4059-AC70-1AB894AC96E6}\ARPPRODUCTICON.exe O90 - PUC: "49648A64CE950F8469C4E7679E8F2ADE" . (.Système de protection active ThinkVantage.) -- C:\Windows\Installer\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}\ARPPRODUCTICON.exe O90 - PUC: "498735E8955A06D43BBC4F84E5D3423E" . (.ThinkVantage Access Connections.) -- C:\Windows\Installer\{8E537894-A559-4D60-B3CB-F4485E3D24E3}\ARPPRODUCTICON.exe O90 - PUC: "6315CD058E12CB84795EA10D556F0B6B" . (.Create Recovery Media.) -- C:\Program Files\Lenovo\Factory Recovery\recovburncd.exe,0 O90 - PUC: "74846C52009BDA841A46B1F4B9776405" . (.System Update.) -- c:\Windows\Installer\{25C64847-B900-48AD-A164-1B4F9B774650}\ARPPRODUCTICON.exe O90 - PUC: "C9335768C821DD4438FBA0D5A6DB2879" . (.ThinkVantage System Update.) -- c:\Program Files\Lenovo\System Update\Tvsu.exe O90 - PUC: "E7C7B48DD4E22004C88AEE4DDE3B33CA" . (.MLE.) -- c:\Windows\Installer\{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}\ARPPRODUCTICON.exe ~ Update Products: 134 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 2009-09-08 124192 | (AcPrfMgrSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe SR - | Auto 2009-09-08 242976 | (AcSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Access Connections\AcSvc.exe SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 2013-04-11 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 2009-07-13 20992 | c:\program files\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 2008-05-19 57344 | (ASTSRV) . (.Nalpeiron Ltd..) - C:\Windows\system32\ASTSRV.exe SR - | Auto 2010-11-02 365336 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 2010-10-17 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2010-10-17 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2012-08-14 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 2009-08-06 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe SR - | Auto 2009-08-18 38176 | (IBMPMSVC) . (.Lenovo.) - C:\Windows\System32\ibmpmsvc.exe SR - | Demand 2013-02-20 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 2007-01-04 112152 | (IviRegMgr) . (.InterVideo.) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe SR - | Auto 2009-07-03 45424 | (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe SR - | Auto 2013-01-23 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe SR - | Auto 2007-09-20 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe SR - | Auto 2011-09-22 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\nlssrv32.exe SS - | Demand 2007-10-23 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe SS - | Demand 0 | (PCDSRVC{3037D694-FD904ACA-06000000}_0) . (...) - c:\program files\pc-doctor\pcdsrvc.pkms SS - | Demand 2009-08-23 75040 | (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe SS - | Auto 2011-12-16 164352 | (PowerOffer Service) . (.PowerOfferService.) - C:\Users\galie\AppData\Local\PosService\Pos.exe SR - | Auto 2010-03-10 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe SS - | Demand 2009-08-04 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe SS - | Auto 2009-08-04 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe SS - | Auto 2009-08-04 309744 | (RoxLiveShare10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe SS - | Demand 2009-08-04 1124848 | (RoxMediaDB10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe SS - | Auto 2009-08-04 166384 | (RoxWatch10) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe SS - | Auto 2013-01-08 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 2009-04-30 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe SR - | Auto 2009-09-04 15872 | (SUService) . (.Lenovo Group Limited.) - c:\Program Files\Lenovo\System Update\SUService.exe SS - | Demand 1899-12-30 0 | C:\Windows\System32\TPHDEXLG.exe (TPHDEXLGSVC) . (.Lenovo..) - c:\System32\TPHDEXLG.exe SR - | Auto 2009-05-21 62320 | (TPHKSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe SR - | Auto 2009-07-13 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ~ 1823 Legitimates filtered by white list End of the scan (604 lines in 04mn 24s)(0)