~ Rapport de ZHPDiag v2013.9.28.51 - Nicolas Coolman (28/09/2013) ~ Lancé par Balaram (29/09/2013 22:09:51) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 24.0 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.3.0216.0 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (61% free) System Restore: Activé (Enable) System drive E: has 19 GB (41%) free of 46 GB ---\\ Mode de connexion au système ~ Computer Name: PCSOUND1 ~ User Name: Balaram ~ All Users Names: UpdatusUser, SUPPORT_388945a0, HelpAssistant, Balaram, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : E:\ ~ %AppZHP% : E:\Documents and Settings\Balaram\Application Data\ZHP\ ~ %AppData% : E:\Documents and Settings\Balaram\Application Data\ ~ %Desktop% : E:\Documents and Settings\Balaram\Bureau\ ~ %Favorites% : E:\Documents and Settings\Balaram\Favoris\ ~ %LocalAppData% : E:\Documents and Settings\Balaram\Local Settings\Application Data\ ~ %StartMenu% : E:\Documents and Settings\Balaram\Menu Démarrer\ ~ %Windir% : E:\WINDOWS\ ~ %System% : E:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 9 Go of 10 Go) D: CD-ROM drive (Not Inserted) E: Hard drive, Flash drive, Thumb drive (Free 19 Go of 46 Go) F: Hard drive, Flash drive, Thumb drive (Free 30 Go of 107 Go) G: Hard drive, Flash drive, Thumb drive (Free 515 Go of 726 Go) H: CD-ROM drive (Free 0 Go of 1 Go) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- E:\WINDOWS\Explorer.exe [1037824] [MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- E:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- E:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- E:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- E:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- E:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- E:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- E:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- E:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- E:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- E:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- E:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- E:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- E:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- E:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- E:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- E:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- E:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- E:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- E:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- E:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/2 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 1/11 ~ Mes Documents (My Documents) : 1/8250 ~ Mon Bureau (My Desktop) : 0/12 ~ Menu demarrer (Programs) : 1/72 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.3EA6A1A744D79328AE7E2C6FAE4C4420] - (.Microsoft Corporation - Antimalware Service Executable.) -- E:\Program Files\Microsoft Security Client\MsMpEng.exe [22216] [PID.1156] [MD5.B8E69088190434068BF83061A537F36A] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- E:\WINDOWS\RTHDCPL.exe [19556968] [PID.188] [MD5.8AFA9E689D0517A7F99928C62880A1D0] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- E:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600] [PID.164] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\RunDLL32.exe [0] [PID.212] [MD5.1775BDBEF28FD1B0F0AC43F10F483E08] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896] [PID.248] [MD5.F5FBA8724DE219E96D9ABAF4772D31A3] - (.CyberLink Corp. - PowerDVD RC Service.) -- E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.264] [MD5.B196AD6815800558ECBBB8F5DE06FABB] - (.cyberlink - brs.) -- E:\Program Files\Cyberlink\Shared files\brs.exe [75048] [PID.292] [MD5.A71EA5CB05DE4AEF2E9AEC97B7E00ED7] - (.Team H2O - Team H2O CLEDX.) -- E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [385024] [PID.392] [MD5.1A8010091771B3E3DC5D978B71BCF8EF] - (.Pinnacle Systems GmbH, Braunschweig - Pinnacle Scheduler Application.) -- E:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [237568] [PID.508] [MD5.BB0886BB3B7ED94E0C02B83DD6C0C1D4] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- E:\Program Files\Fichiers communs\LogiShrd\KHAL3\KHALMNPR.exe [148248] [PID.704] [MD5.E076BAE968916E9D2980814CA7E7AB8C] - (.CybelSoft - Service de détection matériel.) -- E:\Program Files\ma-config.com\MaConfigAgent.exe [1786704] [PID.1844] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2096] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2116] [MD5.F0FA6A2FE9DD2D164208384764110A36] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 327.2.) -- E:\WINDOWS\system32\nvsvc32.exe [156960] [PID.2140] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2552] [MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- E:\Program Files\Mozilla Firefox\firefox.exe [274840] [PID.2404] [MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- E:\Program Files\Mozilla Firefox\plugin-container.exe [17816] [PID.408] [MD5.53B399A4785651C6B638541FD282E9AF] - (.Nicolas Coolman - ZHPDiag.) -- E:\Program Files\ZHPDiag\ZHPDiag.exe [8024576] [PID.644] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=E:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=E:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- E:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- E:\Program Files\Messenger\msmsgs.exe O4 - GS\Program [UpdatusUser]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- E:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation O4 - GS\Program [Balaram]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- E:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation ~ Global Startup: 14 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: Pinnacle Scheduler.lnk . (.Pinnacle Systems GmbH, Braunschweig - Pinnacle Scheduler Application.) -- E:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe O4 - GS\Program [Balaram]: Logitech . Enregistrement du produit.lnk . (.Leader Technologies/Logitech - Product Registration.) -- E:\Program Files\Fichiers communs\LogiShrd\eReg\SetPoint\eReg.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] . (...) -- E:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- E:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- E:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- E:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- E:\WINDOWS\system32\NvMCTray.dll O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- E:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- E:\Program Files\NVIDIA Corporation\nview\nwiz.exe O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe O4 - HKLM\..\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- E:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe O4 - HKLM\..\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- E:\Program Files\CyberLink\PowerDVD9\Language\Language.exe O4 - HKLM\..\Run: [BDRegion] . (.cyberlink - brs.) -- E:\Program Files\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- E:\Program Files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Run: [H2O] . (.Team H2O - Team H2O CLEDX.) -- E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- E:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-1343024091-1682526488-839522115-1003\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- E:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- E:\Program Files\MICROS~3\Office14\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- E:\Program Files\MICROS~3\Office14\ONBTTN~1.dll =>.Microsoft Corporation O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- E:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1380360686843 ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5F3C7780-2852-4154-BE78-44B2F32A43B3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5F3C7780-2852-4154-BE78-44B2F32A43B3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{5F3C7780-2852-4154-BE78-44B2F32A43B3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- E:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- E:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- E:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- E:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- E:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- e:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- E:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- E:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- E:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- E:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- E:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- E:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- E:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Power Control [2013/09/28 16:35:47] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - E:\Program Files\CyberLink\PowerDVD9\000.fcl ~ Services: 6 Legitimates Filtered in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - E:\Documents and Settings\Balaram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - E:\Documents and Settings\Balaram\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\InstalledThirdPartyPrograms] [HKLM\Software\InstalledThirdPartyPrograms] ~ Key Software: 142 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C8CB90E735C0541D7BF2ABCA6076D752] - 29/09/2013 - 21:09:54 ---A- . (...) -- E:\Documents [120] O44 - LFC:[MD5.6DB5E65790486C66DD15BF3521112CA5] - 29/09/2013 - 21:07:17 ---A- . (...) -- E:\WINDOWS\system32\nvAppTimestamps [2018] O44 - LFC:[MD5.9B520F3B786454BB135AC341C721918C] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\FaxSetup.log [883338] O44 - LFC:[MD5.BB73DCA6EDDA52C4D4F3929394896F17] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\MedCtrOC.log [63210] O44 - LFC:[MD5.97AF3E9C9D761B2344D9C264CC305403] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\comsetup.log [305750] O44 - LFC:[MD5.0EC640A074A6854DE2CBE0B6164B9A18] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\iis6.log [986238] O44 - LFC:[MD5.222FA0BCC983377D6FA3871163EDCCD2] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.5D4F7C6BF52B19EEBE6B8A910AB02EBD] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\msgsocm.log [44284] O44 - LFC:[MD5.6143BFEBA3691909A4BFC8B0BBDDE5AE] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\netfxocm.log [155167] O44 - LFC:[MD5.2C280FA975E7035D91A5A3529C47484A] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\ntdtcsetup.log [182920] O44 - LFC:[MD5.510781A4ABAE711165D24E68EE950707] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\ocgen.log [431317] O44 - LFC:[MD5.F6D00E60DE221FAB3452BAD53A78FE68] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\ocmsn.log [48926] O44 - LFC:[MD5.0ACA8C31401CF1C3CD89B02D80D15815] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\tabletoc.log [45301] O44 - LFC:[MD5.987A98C23F1E9DB911859A3B6EF50E8B] - 29/09/2013 - 18:33:35 ---A- . (...) -- E:\WINDOWS\tsoc.log [407011] O44 - LFC:[MD5.D114BC8AD35FA624A1CDDFA0D537D688] - 29/09/2013 - 18:33:34 ---A- . (...) -- E:\WINDOWS\msmqinst.log [279714] O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 29/09/2013 - 18:17:22 ---A- . (...) -- E:\WINDOWS\win.ini [552] O44 - LFC:[MD5.38B4A0D72E773615A2B5CE1926396478] - 29/09/2013 - 05:38:14 ---A- . (...) -- E:\WINDOWS\spupdsvc.log [81679] O44 - LFC:[MD5.B7DE98F24E27301C83202C4D201533E2] - 28/09/2013 - 23:21:34 ---A- . (...) -- E:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.2D50DFD2AFE1B91488F1215C9270452D] - 28/09/2013 - 23:21:25 ---A- . (...) -- E:\WINDOWS\updspapi.log [175597] O44 - LFC:[MD5.657AA19BD3D63275B2C924C686E53FF7] - 28/09/2013 - 22:23:49 ---A- . (...) -- E:\WINDOWS\wiadebug.log [1550] O44 - LFC:[MD5.246EA88F295C915FB941EF3D1B89AD97] - 28/09/2013 - 22:23:49 ---A- . (...) -- E:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.4895E947F403D3B11EB51C4C4250B63C] - 28/09/2013 - 21:16:40 ---A- . (...) -- E:\WINDOWS\WgaNotify.log [8023] O44 - LFC:[MD5.FA36248D3340BAB59321817756716B8D] - 28/09/2013 - 19:51:27 ---A- . (...) -- E:\WINDOWS\ie8_main.log [153991] O44 - LFC:[MD5.EC6E5623749C39E4F5897628D7B8CA87] - 28/09/2013 - 19:50:01 ---A- . (...) -- E:\WINDOWS\ie8.log [87029] O44 - LFC:[MD5.939939B266DD9D404BBC2F8F0A254502] - 28/09/2013 - 19:29:20 ---A- . (...) -- E:\WINDOWS\wmsetup.log [17872] O44 - LFC:[MD5.DA39F9EF28219BBDFC9D7CCE2AB8681B] - 28/09/2013 - 19:18:56 ---A- . (...) -- E:\WINDOWS\system32\TZLog.log [6138] O44 - LFC:[MD5.E10225717335A6BF3E26FBDD01D239A2] - 28/09/2013 - 17:04:10 ---A- . (...) -- E:\WINDOWS\system32\IWUninstall.exe [153088] O44 - LFC:[MD5.875F9079CABEE679D34B49E466B61701] - 28/09/2013 - 17:04:10 ---A- . (.VOB Computersysteme GmbH - ASAPI.) -- E:\WINDOWS\system32\Drivers\asapi.sys [11264] O44 - LFC:[MD5.AA067EB26E84B7EB5532D7DBB1B54DBD] - 28/09/2013 - 17:04:10 ---A- . (.VOB Computersysteme GmbH - VOB Hardware Driver.) -- E:\WINDOWS\system32\vobhw.dll [611840] O44 - LFC:[MD5.D7D4D7DC7A4B2EE2B8C8247C101FA85E] - 28/09/2013 - 17:04:10 ---A- . (.VoB Computersysteme GmbH - ASAPI Driver Library.) -- E:\WINDOWS\system32\asapi.dll [19456] O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 28/09/2013 - 16:57:51 ---A- . (...) -- E:\WINDOWS\WMSysPr9.prx [316640] O44 - LFC:[MD5.B53F9635457B56DCFFEF750E18AEC6CB] - 28/09/2013 - 16:55:14 ---A- . (.Team H2O - Team H2O CLEDX DevWhore.) -- E:\WINDOWS\system32\Drivers\cledx.sys [33792] O44 - LFC:[MD5.AAD6725AD307EFBE3CCBFCE6959B53F9] - 28/09/2013 - 16:55:09 ---A- . (...) -- E:\WINDOWS\system32\SYNSOACC-Aide.chm [147425] O44 - LFC:[MD5.4EAD77F0E82265D5FC552540E6122271] - 28/09/2013 - 16:55:09 ---A- . (...) -- E:\WINDOWS\system32\SYNSOACC-Help.chm [114279] O44 - LFC:[MD5.E8A7B5467405E67E1D21E17B76BAD3DB] - 28/09/2013 - 16:55:09 ---A- . (...) -- E:\WINDOWS\system32\SYNSOACC-Hilfe.chm [120468] O44 - LFC:[MD5.7CF8DA2A77FBD5B9102B6B55F5402822] - 28/09/2013 - 16:55:07 ---A- . (.Syncrosoft Hard- und Software GmbH - Syncrosoft Protected Object Server Dummy.) -- E:\WINDOWS\system32\Synsopos.exe [45056] O44 - LFC:[MD5.6C7D924BC3BD099F0397A3541B15DBB0] - 28/09/2013 - 16:55:05 ---A- . (.Syncrosoft Hard- und Software GmbH - Pas de description.) -- E:\WINDOWS\system32\SynsoLChk.dll [147456] O44 - LFC:[MD5.DC7FFFB0F6FBCC57976BA6CC67B94A8D] - 28/09/2013 - 16:55:04 ---A- . (.Syncrosoft Hard- und Software GmbH - Syncrosoft POS Access DLL.) -- E:\WINDOWS\system32\SYNSOACC.dll [704512] O44 - LFC:[MD5.5B94D875BCCECDE6C7E9BDE8D90BBD4D] - 28/09/2013 - 10:25:37 ---A- . (...) -- E:\WINDOWS\bitssetup.log [2590] O44 - LFC:[MD5.1C4BF16F2486610BFCD72630BC9C13F1] - 28/09/2013 - 08:50:26 ---A- . (...) -- E:\WINDOWS\dasetup.log [17759] O44 - LFC:[MD5.9CC155101814BBC7EDF51143CBECECB1] - 28/09/2013 - 08:50:24 ----- . (...) -- E:\WINDOWS\TWAINCAP.INI [14025] O44 - LFC:[MD5.FB2F4FA89BC61D2C6ADB33458831C7EB] - 28/09/2013 - 08:50:24 ----- . (...) -- E:\WINDOWS\TWAINCAP.SRC [5526] O44 - LFC:[MD5.F2B3785D7282BAC66D4B644FC88749F0] - 28/09/2013 - 08:49:58 ----- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- E:\WINDOWS\system32\Drivers\pfc.sys [14604] O44 - LFC:[MD5.FFFA14F5BC164E6D371BAE97F26E3083] - 28/09/2013 - 08:49:57 ----- . (...) -- E:\WINDOWS\system32\Masd32.dll [57856] O44 - LFC:[MD5.4D479B6F1473712E16D9103F6DD5361E] - 28/09/2013 - 08:49:57 ----- . (...) -- E:\WINDOWS\system32\Mase32.dll [138752] O44 - LFC:[MD5.330A8642DCAEB99F5C5C46B02131B76E] - 28/09/2013 - 08:49:56 ----- . (...) -- E:\WINDOWS\system32\Ma32.dll [27648] O44 - LFC:[MD5.FC405D5E105C111740B0B9F893973F2D] - 28/09/2013 - 08:49:56 ----- . (.Pas de propriétaire - MACD32 DLL.) -- E:\WINDOWS\system32\Macd32.dll [196096] O44 - LFC:[MD5.5D3CC67ABB8812F050008D98574607D0] - 28/09/2013 - 08:49:56 ----- . (.Pas de propriétaire - MAMC32 DLL.) -- E:\WINDOWS\system32\Mamc32.dll [136192] O44 - LFC:[MD5.1D09E8C5C7DDC667A1C8CF20465336C9] - 28/09/2013 - 08:15:33 ---A- . (...) -- E:\WINDOWS\system32\nvdrsdb1.bin [1114168] O44 - LFC:[MD5.55A54008AD1BA589AA210D2629C1DF41] - 28/09/2013 - 08:15:33 ---A- . (...) -- E:\WINDOWS\system32\nvdrssel.bin [1] O44 - LFC:[MD5.CF49E3AC679D616842642E58CC17D768] - 28/09/2013 - 08:15:31 ---A- . (...) -- E:\WINDOWS\system32\nvdrsdb0.bin [1114168] O44 - LFC:[MD5.C0682CD58BB595CA66BE050F15588F10] - 28/09/2013 - 08:15:15 ---A- . (...) -- E:\WINDOWS\system32\nvdata.data [2313192] O44 - LFC:[MD5.E405695DF60C05596AFCB7312D1A7E71] - 28/09/2013 - 06:47:17 ---A- . (...) -- E:\WINDOWS\OEWABLog.txt [1178] O44 - LFC:[MD5.68330A172E1DBCF0FF0ABC346E33D383] - 28/09/2013 - 06:47:11 ---A- . (...) -- E:\WINDOWS\setuplog.txt [838878] O44 - LFC:[MD5.F25EB88413151109106C61AEBE6F7DE6] - 28/09/2013 - 06:47:08 ---A- . (...) -- E:\WINDOWS\DtcInstall.log [359] O44 - LFC:[MD5.B226DCF00E410C2C0F96907B46A3284B] - 28/09/2013 - 06:47:07 ---A- . (...) -- E:\WINDOWS\spupdsvc.log.1.log [187] O44 - LFC:[MD5.C97864959A62F1FC8BCF015A35351951] - 28/09/2013 - 06:47:07 ---A- . (...) -- E:\WINDOWS\system32\spupdwxp.log [255] O44 - LFC:[MD5.91681E28E473440C40573321CA855789] - 28/09/2013 - 06:46:07 ---A- . (...) -- E:\WINDOWS\svcpack.log [498907] O44 - LFC:[MD5.A61882DEB81BAB25739A180B3B35F92B] - 28/09/2013 - 06:21:36 ---A- . (...) -- E:\WINDOWS\cmsetacl.log [373] O44 - LFC:[MD5.1D0F6DD5CF492F60ACA79FD5356D204D] - 28/09/2013 - 06:21:33 ---A- . (...) -- E:\WINDOWS\sessmgr.setup.log [1281] O44 - LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] - 28/09/2013 - 06:20:27 ----- . (...) -- E:\WINDOWS\system32\Drivers\ativmc20.cod [64352] O44 - LFC:[MD5.3194C32E8A2403073B812183355E25C6] - 28/09/2013 - 06:20:27 ----- . (...) -- E:\WINDOWS\system32\Drivers\cxthsfs2.cty [129045] O44 - LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] - 28/09/2013 - 06:20:26 ----- . (...) -- E:\WINDOWS\system32\Drivers\netwlan5.img [67866] O44 - LFC:[MD5.0B711542487E0B8C0974B54784111086] - 28/09/2013 - 06:03:47 ---A- . (...) -- E:\WINDOWS\LDPINST.LOG [5420] O44 - LFC:[MD5.825E6489F563FD64D9816C3CB9215D3A] - 28/09/2013 - 06:03:46 ---A- . (...) -- E:\WINDOWS\LkmdfCoInst.log [201] O44 - LFC:[MD5.7F63AAD217A4C98053C5108C2C5AEFE9] - 28/09/2013 - 06:03:46 ---A- . (...) -- E:\WINDOWS\Wdf01009Inst.log [4990] O44 - LFC:[MD5.DE0F9F13B77E183FC3270F23C8A66F58] - 27/09/2013 - 18:58:02 ---A- . (...) -- E:\WINDOWS\system32\wpa.bak [2422] ~ Files: 456 Legitimates Filtered in 00mn 14s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.875F9079CABEE679D34B49E466B61701] - 17/04/2002 - 19:27:02 ---A- . (.VOB Computersysteme GmbH - ASAPI.) -- E:\WINDOWS\system32\Drivers\asapi.sys [11264] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 29/10/2007 - 13:00:00 ---A- . (...) -- E:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: 7 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- E:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- E:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.17C8BF490CA207D06EF2A0EC84F47191] [SPRF][28/09/2013] (...) -- E:\Documents and Settings\Balaram\Bureau\adwcleaner.exe [1042066] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 28/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - E:\WINDOWS\system32\dmadmin.exe SS - | Demand 13/06/2013 293144 | (LBTServ) . (.Logitech, Inc..) - E:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe SR - | Auto 08/09/2013 1786704 | (MaConfigAgent) . (.CybelSoft.) - E:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 11/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 12/09/2013 156960 | (NVSvc) . (.NVIDIA Corporation.) - E:\WINDOWS\system32\nvsvc32.exe SR - | Auto 27/08/2013 2155296 | (nvUpdatusService) . (.NVIDIA Corporation.) - E:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 01/09/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - E:\Program Files\CyberLink\PowerDVD9\000.fcl ~ Services: Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : 12930 - (28/09/2013) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 181814 Items scanned in 00mn 12s ~ 1123 Legitimates filtered by white list End of the scan (404 lines in 00mn 47s)(0)