cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.3.12 par Nicolas Coolman, Update du 3/04/2013
Run by Ida at 4/04/2013 23:10:58
State : Version � jour.
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16521 (Defaut)
MFIE: Mozilla Firefox 19.0.2 v19.0.2

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (67% free)
System Restore: Activ� (Enable)
System drive C: has 499 GB (74%) free of 670 GB

---\\ Logged in mode
~ Computer Name: IDA-HP
~ User Name: Ida
~ All Users Names: Ida, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Ida\AppData\Roaming\
~ %Desktop% : C:\Users\Ida\Desktop\
~ %Favorites% : C:\Users\Ida\Favorites\
~ %LocalAppData% : C:\Users\Ida\AppData\Local\
~ %StartMenu% : C:\Users\Ida\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 499 Go of 670 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 24 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F:\ CD-ROM drive (Not Inserted)
Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.16/11/2011 - 21:42:07.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/03/2013 - 18:05:14.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioth�que de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.16/11/2011 - 21:45:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.16/11/2011 - 21:39:15.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/1869
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/1191
~ Mon Bureau (My Desktop) : 1/229
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lanc�s
[MD5.EE6269B47E49DAA450B11A12C9A25FD5] - (.HP - TouchControl.) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe [653128] [PID.2880]
[MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.4428]
[MD5.4DD0E131B84623C0955925C9B798FFA8] - (.HP - BioMonitor.) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe [142664] [PID.4764]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.5444]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.6384]
[MD5.AE797B72D85E87D403FC11135507922C] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.6520]
[MD5.F6FC82BDC8D8F87DCC6D28093D68819C] - (.Intel Corporation - Bluetooth Media Player Controller.) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe [985424] [PID.6852]
[MD5.6C3DBE1AB6E79D29C53A2242044DCC76] - (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528] [PID.6996]
[MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.6488]
[MD5.9F3655267BA37004F519ABDDB3AEE244] - (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008] [PID.7052]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.7004]
[MD5.A7C69E9E571BC406BD9D39728E2122B2] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408] [PID.7120]
[MD5.7B59D1D1F458B322A722E95554BB591E] - (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe [1637496] [PID.6556]
[MD5.FB2693E1B53BCEDA1F054FF2C54881E6] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [439440] [PID.3920]
[MD5.FF8F27231322E3E38E08D0541D738170] - (.Belgian Government - beidgui executable.) -- C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe [2060288] [PID.6908]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.6400]
[MD5.A7D777DFCA71A00F938A3AEE2BD7E290] - (.CANON INC. - Canon Solution Menu EX Updater.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.exe [593032] [PID.7304]
[MD5.2859EBC065D2E1CCC94161CE28BAC085] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770560] [PID.3576]
[MD5.C35DA74B42B017D19CBB02863DCAC6E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6440960] [PID.4040]
[MD5.F80BDC0D9E7B9595E74B434446AD3781] - (.HP - HP Service.) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424] [PID.156]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1832]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1496]
[MD5.E52221FF68AABB5BEE32A7DEE69E7EAB] - (.Intel Corporation - Bluetooth Device Monitor.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [923984] [PID.2160]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2580]
[MD5.B7382BEC806B7B00FC84B3E2061FF48E] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [197536] [PID.2756]
[MD5.77C15D7E8F002A173EEBFF0B20CD697D] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [34872] [PID.2804]
[MD5.88D586E3D6EE17D5C7B8540F72F49148] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe [149872] [PID.3220]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe [213384] [PID.3228]
[MD5.6C85719A21B3F62C2C76280F4BD36C7B] - (.Intel Corporation - Intel IPT Host Interface Service.) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [212944] [PID.3264]
[MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.3632]
[MD5.916B8954AC3E06DC9E898AFFB41F3FB6] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344] [PID.3672]
[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.3216]
[MD5.A21E58F345F337316A98C5121CBE17E8] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072] [PID.3596]
[MD5.03FE8826F70FC84401B554C4004C4593] - (.Intel Corporation - Bluetooth OBEX Service.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [1001808] [PID.3716]
[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.4156]
[MD5.173F13CDEBF8E067629462E9D6E481CB] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe [769392] [PID.4280]
[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.4312]
[MD5.5CFA8896A5E10B226B0606B4C84D97AE] - (.Intel Corporation - Bluetooth Media Service.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1321296] [PID.5576]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.6700]
[MD5.D41861E56E7552C13674D7F147A02464] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.6452]
[MD5.519D66259DF1672AABCE9D2E0ACC5552] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325912] [PID.4396]
[MD5.99FC1599F89A80216E41175B8CA44D89] - (.GFI Software - GFI Software Anti Malware Service.) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000] [PID.4436]
[MD5.1B71370AEC1115F80D9A4A209317C968] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656536] [PID.3928]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Ida\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] ore_on_startup": ["http://securesearch.lavasoft.com
G0 - GCSP: Preference [User Data\Default] tore_on_startup": ["http://securesearch.lavasoft.com
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Ida\AppData\Roaming\Mozilla\Firefox\Profiles\cv80upuw.default\prefs.js
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Ida] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Ida - cv80upuw.default] http://securesearch.lavasoft.com
M2 - MFEP: prefs.js [Ida - cv80upuw.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (.Lavasoft.)
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: FindLyrics [64Bits] - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} . (.FindLyrics - FindLyrics.) -- C:\Program Files (x86)\FindLyrics\FindLyrics.dll
O2 - BHO: Auto Lyrics [64Bits] - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} . (.Mansoft Union - Auto Lyrics.) -- C:\Program Files (x86)\AutoLyrics\autolrcs.dll
~ BHO: 12 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IntelPAN] . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [Eraser] C:\Program Files (x86)\Eraser\Eraser.exe (.not file.)
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [HPQuickWebProxy] . (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. - HP CoolSense.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [CanonSolutionMenuEx] . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [IJNetworkScannerSelectorEX] . (.CANON INC. - Canon IJ Network Scanner Selector EX.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [beid] . (.Belgian Government - beidgui executable.) -- C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-21-1825643934-3108861674-1663947093-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: Canon MX430 series Manuel en ligne.lnk . (.CANON INC. - Easy Guide Viewer.) -- C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
O4 - GS\Desktop: Canon Solution Menu EX.lnk . (.CANON INC. - Canon Solution Menu EX.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe
O4 - GS\Desktop: eID-Viewer.lnk . (.Belgian Government - beidgui executable.) -- C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
O4 - GS\Desktop: Google�Earth.lnk . (.Google - Google Earth.) -- C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
O4 - GS\Desktop: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\TaskBar: HP Recommended.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (.not file.)
O4 - GS\TaskBar: Windows Live.LNK . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (.not file.)
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - Global Startup: C:\Users\Ida\Desktop\Archives de l'�tat.url . (...) -- C:\Users\Ida\Desktop\Archives de l'�tat.url
O4 - Global Startup: C:\Users\Ida\Desktop\be.STAT home - Statistiques & Analyses - Home.url . (...) -- C:\Users\Ida\Desktop\be.STAT home - Statistiques & Analyses - Home.url
O4 - Global Startup: C:\Users\Ida\Desktop\Carbu.be.url . (...) -- C:\Users\Ida\Desktop\Carbu.be.url
O4 - Global Startup: C:\Users\Ida\Desktop\Cours & infos - Delta Lloyd.url . (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Ida\Desktop\Cours & infos - Delta Lloyd.url
O4 - GS\Desktop: Favoris.lnk . (...) -- C:\Mes documents\Favoris
O4 - Global Startup: C:\Users\Ida\Desktop\Gmail.url . (...) -- C:\Users\Ida\Desktop\Gmail.url
O4 - Global Startup: C:\Users\Ida\Desktop\Google Maps.url . (...) -- C:\Users\Ida\Desktop\Google Maps.url
O4 - Global Startup: C:\Users\Ida\Desktop\Google.url . (...) -- C:\Users\Ida\Desktop\Google.url
O4 - Global Startup: C:\Users\Ida\Desktop\IBAN BIC Calculator.url . (...) -- C:\Users\Ida\Desktop\IBAN BIC Calculator.url
O4 - Global Startup: C:\Users\Ida\Desktop\Lalibre.be - Faisons vivre l'info.url . (...) -- C:\Users\Ida\Desktop\Lalibre.be - Faisons vivre l'info.url
O4 - Global Startup: C:\Users\Ida\Desktop\LeVif.url . (...) -- C:\Users\Ida\Desktop\LeVif.url
O4 - Global Startup: C:\Users\Ida\Desktop\Memoclic.url . (...) -- C:\Users\Ida\Desktop\Memoclic.url
O4 - GS\Desktop: Mes documents.lnk . (...) -- C:\Mes documents
O4 - Global Startup: C:\Users\Ida\Desktop\myVOO G�rer vos services VOO.url . (...) -- C:\Users\Ida\Desktop\myVOO G�rer vos services VOO.url
O4 - Global Startup: C:\Users\Ida\Desktop\PC Astuces Aide Informatique.url . (...) -- C:\Users\Ida\Desktop\PC Astuces Aide Informatique.url
O4 - GS\Desktop: PDFTK Builder.lnk . (...) -- C:\Program Files (x86)\PDFTK Builder\PDFTKBuilder.exe
O4 - GS\Desktop: Q-Dir - Raccourci.lnk . (...) -- H:\Q-Dir_Portable_x64\Q-Dir\Q-Dir.exe (.not file.)
O4 - Global Startup: C:\Users\Ida\Desktop\RTL info.url . (...) -- C:\Users\Ida\Desktop\RTL info.url
O4 - Global Startup: C:\Users\Ida\Desktop\RVP - ONP Internet.url . (...) -- C:\Users\Ida\Desktop\RVP - ONP Internet.url
O4 - Global Startup: C:\Users\Ida\Desktop\Sodexo.url . (...) -- C:\Users\Ida\Desktop\Sodexo.url
O4 - GS\Desktop: SyncBack.lnk . (.2BrightSparks - SyncBack.) -- C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe
O4 - Global Startup: C:\Users\Ida\Desktop\uWall.tv Listen to a Wall of Music.url . (.2BrightSparks - SyncBack.) -- C:\Users\Ida\Desktop\uWall.tv Listen to a Wall of Music.url
O4 - Global Startup: C:\Users\Ida\Desktop\Wallangues.url . (.2BrightSparks - SyncBack.) -- C:\Users\Ida\Desktop\Wallangues.url
O4 - Global Startup: C:\Users\Ida\Desktop\Wikip�dia, l'encyclop�die libre.url . (.2BrightSparks - SyncBack.) -- C:\Users\Ida\Desktop\Wikip�dia, l'encyclop�die libre.url
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 9 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49CA335-F272-4D3E-A2AA-7BC2910C5B2C}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{B49CA335-F272-4D3E-A2AA-7BC2910C5B2C}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{B49CA335-F272-4D3E-A2AA-7BC2910C5B2C}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.88.203.3 62.197.111.140
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
~ Services: 30 Legitimates Scanned in 00mn 09s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Auto Lyrics Update.job [396]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FindLyrics Update.job [374]
[MD5.84DC08F59CDE010D15D893F5B8598764] [APT] [Auto Lyrics Update] (.Mansoft Union.) -- C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe [115200]
[MD5.8080E1CF5715B43DDDF69121B3BF4150] [APT] [FindLyrics Update] (.FindLyrics.) -- C:\Program Files (x86)\FindLyrics\flcsur.exe [115200]
[MD5.643812F24A20D3EA7652F7A4D549DF07] [APT] [WarrantyChecker] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1324760]
~ Scheduled Task: 26 Legitimates Scanned in 00mn 04s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 66 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader XI (11.0.02) - Fran�ais - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AB0000000001}
O42 - Logiciel: Auto Lyrics - (.Mansoft Union.) [HKLM][64Bits] -- autolyrics@man-soft.net
O42 - Logiciel: FindLyrics - (.FindLyrics.) [HKLM][64Bits] -- findlyrics@findlyrics.co
O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF}
O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
~ Logic: 181 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ad-Aware Search Protection]
[HKCU\Software\AppDataLow\Software\AutoLyrics]
[HKCU\Software\AppDataLow\Software\findlyrics]
~ Key Software: 239 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/04/2013 - 23:00:29 - [153,157] ----D C:\Program Files (x86)\Ad-Aware Antivirus
O43 - CFD: 20/03/2013 - 08:43:58 - [0,349] ----D C:\Program Files (x86)\AutoLyrics
O43 - CFD: 19/03/2013 - 23:04:48 - [0,359] ----D C:\Program Files (x86)\FindLyrics
O43 - CFD: 13/03/2012 - 00:35:58 - [0] ----D C:\ProgramData\Menu Start
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 193 Legitimates Scanned in 00mn 26s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.2F2FB8612B5C235D5E74713B66827F37] - 3/04/2013 - 10:08:43 ---A- . (...) -- C:\Windows\IE10_main.log [1408]
O44 - LFC:[MD5.5F2F1A5EE16C0C5BD0AFF53109A9C4A8] - 3/04/2013 - 19:37:24 ---A- . (...) -- C:\AdwCleaner[S1].txt [1354]
O44 - LFC:[MD5.A375AEB198908C3F066357ABF7F365BF] - 3/04/2013 - 22:34:01 ---A- . (...) -- C:\mbam-log-2013-04-03 (20-53-40).txt [2116]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 4/04/2013 - 18:51:59 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.691C65A7A6660B577D1B7468EF2F9E9F] - 4/04/2013 - 18:57:46 ---A- . (...) -- C:\ComboFix.txt [33934]
O44 - LFC:[MD5.1C3D15C97024B844219DB08429E5E829] - 4/04/2013 - 22:03:19 ---A- . (...) -- C:\log2.txt [0]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 7/11/2010 - 18:20:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 18:05:14 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 24/03/2013 - 18:05:14 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/03/2013 - 16:44:12 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/06/2011 - 07:45:56 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 01:00:00 ---A- . (...) -- C:\Windows\zip.exe [68096]
~ Files: 149 Legitimates Scanned in 00mn 24s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.1F2B112C62625DD774873C484650F0B3] - 3/04/2013 - 19:40:13 ---A- - C:\Windows\Prefetch\ADAWARE.EXE-8EA853B1.pf
O45 - LFCP:[MD5.B2FFD5354BDA5B7B7750A2124EC0AFA0] - 4/04/2013 - 07:28:26 ---A- - C:\Windows\Prefetch\ROGUEKILLER-8.5.4.EXE-19C00B60.pf
O45 - LFCP:[MD5.BC8BB3FD793043C90BC3B411955D0317] - 4/04/2013 - 08:57:24 ---A- - C:\Windows\Prefetch\CNMSEB1.EXE-98C2B93A.pf
O45 - LFCP:[MD5.3EEA9D71DE9073B1EDFDF3C5CA522900] - 4/04/2013 - 09:07:10 ---A- - C:\Windows\Prefetch\BJMYPRT.EXE-2C6EC7CF.pf
O45 - LFCP:[MD5.B99BEB71C08EB0FAE4DBEC7C65F1139F] - 4/04/2013 - 09:07:15 ---A- - C:\Windows\Prefetch\CNSEMAIN.EXE-E4A3DD41.pf
O45 - LFCP:[MD5.0E87FEA44F768E76D8795C18FC56012D] - 4/04/2013 - 19:12:06 ---A- - C:\Windows\Prefetch\HPTASKBAR3.EXE-A6188DE5.pf
O45 - LFCP:[MD5.38D1F72EF273ADBB903D5A00BEB7F61C] - 4/04/2013 - 19:12:16 ---A- - C:\Windows\Prefetch\HPTASKBAR1.EXE-7F6D18DB.pf
O45 - LFCP:[MD5.196E2D9E29140C99502D0FD13F8688E6] - 4/04/2013 - 19:12:16 ---A- - C:\Windows\Prefetch\HPTASKBAR2.EXE-92C2D360.pf
O45 - LFCP:[MD5.5D9D24EEEED7BEC8676B8DC7C82CC9BF] - 4/04/2013 - 20:43:29 ---A- - C:\Windows\Prefetch\INSTALLCLICK-CONNECTOR.EXE-A20B91AB.pf
O45 - LFCP:[MD5.DB51B8BC583CB484372C47675DF2270A] - 4/04/2013 - 22:04:55 ---A- - C:\Windows\Prefetch\CNSEUPDT.EXE-A189FDB1.pf
O45 - LFCP:[MD5.5D30983BECD2FE58487D221CD3A7D044] - 4/04/2013 - 22:05:42 ---A- - C:\Windows\Prefetch\SBAMSVC.EXE-5EDBFA77.pf
~ Prefetcher: 141 Legitimates Scanned in 00mn 01s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
~ MWPS: 18 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ MWPE Keys: 3 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.888DFE4137F626CEA9CCE3BD47941B64] - 21/01/2013 - 08:22:06 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\System32\Drivers\a38usb.sys [44672]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 2/04/2013 - 22:50:02 ---A- C:\Users\Ida\AppData\Roaming\Microsoft\Excel\Excel12.xlb [10369]
O61 - LFC: 3/04/2013 - 18:09:06 ---A- C:\Users\Ida\AppData\Roaming\Microsoft\PowerPoint\PPT12.pcb [130]
O61 - LFC: 3/04/2013 - 19:22:32 ---A- C:\Users\Ida\AppData\Roaming\Microsoft\Templates\Normal.dotm [20536]
O61 - LFC: 4/04/2013 - 22:02:14 ---A- C:\Users\Ida\AppData\Local\Eraser 6\Task List.ersx [1463704]
~ 4 Fichiers temporaires (Temporary files)
~ Files: 41 Legitimates Scanned in 01mn 38s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
~ Legacy: 88 Legitimates Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d��v�nements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - �diteur du Registre.) -- C:\Windows\regedit.exe
~ Keys: Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {A8E7CBEA-8B80-47BC-BF08-D7E28539A5B0} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - http://fr.wikipedia.org
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\ZHP\Quarantine\winace.archiver.v2.20.fr.+.keygen.exe.VIR
C:\ZHP\Quarantine\winimage_keygen.exe.VIR
C:\ZHP\Quarantine\winace.archiver.v2.20.fr.+.keygen.exe.VIR
C:\ZHP\Quarantine\winimage_keygen.exe.VIR
~ Files: Scanned in 04mn 19s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 32 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.08B888935A50206204E1A5F0AB610202] [SPRF][4/04/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Ida\Desktop\ComboFix.exe [5047266]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
~ Firewall: 191 Legitimates Scanned in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11376 - (3/04/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
~ Additionnel: Scanned in 00mn 12s



---\\ Product Upgrade Codes (O90)
~ Update Products: 187 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 3/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe
SR - | Auto 1/10/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 31/08/2011 1166848 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 7/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12/07/2011 923984 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SR - | Demand 12/07/2011 1321296 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SR - | Auto 12/07/2011 1001808 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 3/06/2011 134928 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 27/07/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 30/12/1899 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe
SR - | Auto 26/08/2011 260424 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 13/03/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/03/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
SR - | Auto 16/02/2011 682040 | (HPAuto) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
SR - | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SR - | Auto 15/02/2012 34872 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 20/05/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 29/06/2011 2413056 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 149872 | (InstallClick) . (...) - C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe
SR - | Auto 24/02/2011 212944 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
SR - | Auto 9/08/2011 325912 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 7/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 340240 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 27/07/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 20/09/2012 3677000 | (SBAMSvc) . (.GFI Software.) - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 2/06/2011 301568 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 12/02/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 9/08/2011 2656536 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Ida at 4/04/2013 23:18:38

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ida at 4/04/2013 23:18:40

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



End of the scan (681 lines in 07mn 42s)(4)

Publicité


Signaler le contenu de ce document

Publicité