cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.22.135 par Nicolas Coolman, Update du 2013-04-22
Run by Utilisateur at 2013-04-23 11:00:17
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found


---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ System Protection
Kaspersky Anti-Virus 2011 v11.0.2.556
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ System Optimizer
CCleaner v4.00

---\\ Software Update
Adobe Flash Player 11 ActiveX
Adobe Reader X
Java 7 Update 17

---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2044 MB (59% free)
System Restore: Activ� (Enable)
System drive C: has 183 GB (61%) free of 298 GB

---\\ Logged in mode
~ Computer Name: SEANIX-2EEE4210
~ User Name: Utilisateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Utilisateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Utilisateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Utilisateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Utilisateur\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 183 Go of 298 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Hard drive, Flash drive, Thumb drive (Free 22 Go of 149 Go)
J:\ CD-ROM drive (Free 0 Go of 0 Go)
L:\ Hard drive, Flash drive, Thumb drive (Free 529 Go of 931 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.2008-04-13 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2013-03-01 - 20:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.2008-04-13 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-08-17 - 08:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2008-04-13 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-04-13 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2008-04-13 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.2008-04-13 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.2008-04-13 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-04-13 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2008-04-13 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-04-13 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.2008-04-13 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-07-15 - 08:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.2008-04-13 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.2008-04-13 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.2008-04-13 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-04-13 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-04-13 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.2008-04-13 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.2008-04-13 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/159
~ Mes musiques (My Musics) : 1/2128
~ Mes Videos (My Videos) : 2/7
~ Mes Favoris (My Favorites) : 1/133
~ Mes Documents (My Documents) : 1/7838
~ Mon Bureau (My Desktop) : 1/52067
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 01mn 11s



---\\ Processus lanc�s
[MD5.A86A2F2B2BF5D5EED075B6417DE5CF1C] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 195.6.) -- C:\WINDOWS\system32\nvsvc32.exe [154216] [PID.1128]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.448]
[MD5.B2B3FCBA37671C853879DF7DDE8A839A] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336] [PID.596]
[MD5.0C83FC56707BF68DB04947052A8188B1] - (.Nalpeiron Ltd. - Nalpeiron Highend Service.) -- C:\WINDOWS\system32\ASTSRV.exe [57344] [PID.1876]
[MD5.7BE48C578124BBF4C1FAAFB4E718A4CC] - (.Apple Inc. - iTunesHelper.) -- I:\itunes\iTunesHelper.exe [152392] [PID.244]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.240]
[MD5.68B86DD9D455A6A8DE6D13C84FB5CE31] - (.ArcSoft, Inc. - UACTokenSvc.) -- C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [83512] [PID.1280]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.648]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.864]
[MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.848]
[MD5.E999FB003CA8128F02D9B4CBAA8F493B] - (.Pas de propri�taire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe [24576] [PID.1600]
[MD5.EE38D491D51FB79B7CA55500F20CD802] - (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\M�t�oM�dia\M�t�o�clair\WeatherEye.exe [311584] [PID.1636]
[MD5.F34B35F6F74E28A460749DA11D1117F8] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [79136] [PID.1936]
[MD5.E66286727FBF58EB323625AF3EFDA53E] - (.Lexar Media, Inc. - Secure II Service.) -- C:\WINDOWS\system32\LxrSII1s.exe [65536] [PID.1240]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propri�taire - nTitles PSIService.) -- C:\WINDOWS\system32\PSIService.exe [177704] [PID.2376]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [189728] [PID.2404]
[MD5.02682AE021F0FB92F5768B49776B8B5B] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3232]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.4040]
[MD5.69A022AF566272F9BA43BBE8ADB0478C] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe [129720] [PID.3264]
[MD5.858E13176C6332EC966E2299BDD870D0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6961664] [PID.3692]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2032]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- I:\itunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe (.not file.)
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LxrAutorun] . (.Pas de propri�taire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [LxrAutorun] . (.Pas de propri�taire - AutoRun MFC Application.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKUS\S-1-5-21-1193022376-4216060940-188568324-1004\..\Run: [WeatherEye] . (.Pelmorex Media Inc. - Pas de description.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\M�t�oM�dia\M�t�o�clair\WeatherEye.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Eye Candy 5.0 Nature Manual.lnk . (...) -- I:\Filtres\Alien Skin\Alien Skin\Eye Candy 5 Nature\ec5nature.pdf
O4 - GS\Programs: Eye Candy 5.0 Textures Manual.lnk . (...) -- I:\Filtres\Alien Skin\Alien Skin\Eye Candy 5 Textures\ec5textures.pdf
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Xenofex 2 Manual.lnk . (...) -- I:\Filtres\Xenofex 2\Xenofex 2\Xenofex 2\xenofex2.pdf
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\kbrd.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\logo.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratage de l'Option 'R�tablir les param�tres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Param�tres WEB: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} ((no name)) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1306897658484
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342273393135
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin
O17 - HKLM\System\CS2\Services\Tcpip\..\{08E2D284-9D89-492D-A9B8-579D47F1278F}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A63A6BBE-52F8-4D54-8A4E-68AA48F37D46}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Nalpeiron Licensing Service (ASTSRV) . (.Nalpeiron Ltd. - Nalpeiron Highend Service.) - C:\WINDOWS\system32\ASTSRV.exe
O23 - Service: Lexar Secure II (LxrSII1s) . (.Lexar Media, Inc. - Secure II Service.) - C:\WINDOWS\system32\LxrSII1s.exe
O23 - Service: Pos Service (PowerOffer Service) . (.PowerOfferService - PowerOfferService.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
~ Services: 13 Legitimates Filtered in 00mn 08s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: AV Bros. Page Curl Pro 2.2 (Remove Only) - (...) [HKLM] -- AV Bros. Page Curl Pro 2.2
O42 - Logiciel: PowerOffer 2.0 - (...) [HKLM] -- {0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1
O42 - Logiciel: Vizros Plug-ins 4.1 - (...) [HKLM] -- Vizros Plug-ins 4.1
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM] -- uTorrent
~ Logic: 133 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATS-FFormula]
[HKCU\Software\Axion]
[HKCU\Software\BitTorrent]
[HKCU\Software\Image Content Technology]
[HKCU\Software\Lexar Media]
[HKCU\Software\Lokas Ltd]
[HKCU\Software\Panopticum]
[HKCU\Software\RAYflect]
[HKLM\Software\Flaming Pear]
[HKLM\Software\Lexar Media]
[HKLM\Software\PowerOffer]
[HKLM\Software\Vizros]
~ Key Software: 194 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2011-06-10 - 14:17:09 - [0,998] ----D C:\Program Files\FMPatcher
O43 - CFD: 2013-04-05 - 13:44:11 - [1,382] ----D C:\Program Files\UltraTorrent
O43 - CFD: 2012-01-29 - 17:16:59 - [0,568] ----D C:\Documents and Settings\Utilisateur\Application Data\BitTorrent
O43 - CFD: 2013-04-10 - 10:19:31 - [1,221] ----D C:\Documents and Settings\Utilisateur\Application Data\uTorrent
O43 - CFD: 2011-08-15 - 09:09:08 - [0,051] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Lexar Media
O43 - CFD: 2012-01-29 - 22:07:39 - [1,385] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService
O43 - CFD: 2012-01-29 - 22:07:22 - [1,583] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PowerOffer
O43 - CFD: 2013-01-22 - 13:32:50 - [1,273] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\ServUpdater
O43 - CFD: 2011-12-02 - 21:12:23 - [0,003] ----D C:\Documents and Settings\Utilisateur\Menu D�marrer\Programmes\AV Bros. Page Curl Pro 2.2
~ Program Folder: 144 Legitimates Filtered in 00mn 49s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.AC55384422D968B178E8F426536F39E6] - 2013-04-09 - 18:03:27 ---A- . (...) -- C:\colorbox.log [1027]
O44 - LFC:[MD5.35E7D1FCBD9A3DAD49942CA15ACA3621] - 2013-04-21 - 09:10:56 -SHA- . (...) -- C:\WINDOWS\system32\KGyGaAvL.sys [2828]
O44 - LFC:[MD5.4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] - 2013-04-21 - 12:33:45 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.CA753D44C640042D366EC5CFCB02ECA4] - 2013-04-22 - 07:11:42 ---A- . (...) -- C:\WINDOWS\wmsetup.log [404]
O44 - LFC:[MD5.79D2C74CF90D7E0151C7BB7D226384C8] - 2013-04-23 - 08:09:53 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [272291]
O44 - LFC:[MD5.CB90CD8A53B4C7BE4250EB0F372E63D6] - 2013-04-23 - 08:10:41 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.5E96A13FD6504AB8EA8EF45F5B9933CB] - 2013-04-23 - 08:10:42 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
~ Files: 18 Legitimates Filtered in 00mn 08s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "I:\���i�tFiX\mirc.exe" [Enabled] .(.mIRC Co. Ltd..) -- I:\���i�tFiX\mirc.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Bureau\Visicom Media\FTPExpert2\FTPxpert.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Documents and Settings\Utilisateur\Bureau\Visicom Media\FTPExpert2\FTPxpert.exe
O47 - AAKE:Key Export SP - "C:\Program Files\UltraTorrent\UltraTorrent.exe" [Enabled] .(...) -- C:\Program Files\UltraTorrent\UltraTorrent.exe (.not file.)
O47 - AAKE:Key Export SP - "I:\Program Files\uTorrent.exe" [Enabled] .(.BitTorrent Inc..) -- I:\Program Files\uTorrent.exe
~ Keys Export: 12 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] - 2009-11-18 - 07:16:00 ---A- . (.Creative - Creative WDM 3D Audio Driver.) -- C:\WINDOWS\system32\Drivers\Ambfilt.sys [1691480]
O58 - SDL:[MD5.7A00D91D474906A4BA13BAD73BA911C3] - 2011-02-08 - 09:55:41 RSH-- . (...) -- C:\WINDOWS\system32\0F80E665DF.sys [88]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 2008-05-19 - C:\WINDOWS\system32\ASTSRV.exe (ASTSRV) .(.Nalpeiron Ltd. - Nalpeiron Highend Service.) - LEGACY_ASTSRV
O64 - Services: CurCS - 2010-07-01 - C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (BackupService) .(.ArcSoft, Inc. - UACTokenSvc.) - LEGACY_BACKUPSERVICE
O64 - Services: CurCS - 2011-08-30 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 2009-12-30 - C:\WINDOWS\system32\Drivers\LxrSII1d.sys (LxrSII1d) .(.Lexar Media, Inc. - Secure II Driver.) - LEGACY_LXRSII1D
O64 - Services: CurCS - 2009-12-30 - C:\WINDOWS\system32\LxrSII1s.exe (LxrSII1s) .(.Lexar Media, Inc. - Secure II Service.) - LEGACY_LXRSII1S
O64 - Services: CurCS - 2011-12-16 - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe (PowerOffer Service) .(.PowerOfferService - PowerOfferService.) - LEGACY_POWEROFFER_SERVICE
O64 - Services: CurCS - 2007-06-05 - C:\WINDOWS\system32\PSIService.exe (ProtexisLicensing) .(.Pas de propri�taire - nTitles PSIService.) - LEGACY_PROTEXISLICENSING
~ Legacy: 132 Legitimates Filtered in 00mn 01s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {D3930A06-6C5D-447D-A99E-C18E6BF44549} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.E0D0DADED0B8643DB22B78BC86A208F7] [SPRF][2011-02-05] (...) -- C:\Documents and Settings\All Users\Application Data\0F80E665DF.sys [88]
[MD5.9F69F438E2372D4E0DD2AAF804D0A011] [SPRF][2013-03-18] (...) -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [5642]
[MD5.E1B1417C72774E918C8EE0AB44B4F7E7] [SPRF][2013-04-23] (...) -- C:\Documents and Settings\Utilisateur\Bureau\adwcleaner.exe [619461]
[MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][2002-10-02] (...) -- C:\Documents and Settings\Utilisateur\Bureau\BesCheReLle.exe [635392]
[MD5.A6FCE5C91A077492A776476094C84C72] [SPRF][2011-09-07] (.Corel Software, Inc. - PSP Plugin Host DLL.) -- C:\Documents and Settings\Utilisateur\Bureau\CmdPluginHost.dll [301568]
[MD5.D03F39A2F63D2920FBD4880D4A6AC42B] [SPRF][2013-04-23] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Utilisateur\Bureau\ZHPDiag2.exe [5598615]
[MD5.632E0CE38FBCADEAAE28077F4C9C45D5] [SPRF][2010-10-21] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 10.1 r102.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2827728]
~ Files: Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11647 - (2013-04-22)
Cl�s trouv�es (Keys found) : 4
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0

[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit
[HKLM\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>Toolbar.Conduit
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
~ Additionnel Scan: 217534 Items scanned in 00mn 27s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2013-04-13 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2008-05-19 57344 | (ASTSRV) . (.Nalpeiron Ltd..) - C:\WINDOWS\system32\ASTSRV.exe
SR - | Auto 2010-11-02 365336 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
SR - | Auto 2010-07-01 83512 | (BackupService) . (.ArcSoft, Inc..) - C:\Documents and Settings\Utilisateur\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 2008-04-13 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 2011-02-05 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-02-05 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2012-08-29 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 2013-02-18 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2013-03-08 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 2007-07-25 79136 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 2009-12-30 65536 | (LxrSII1s) . (.Lexar Media, Inc..) - C:\WINDOWS\system32\LxrSII1s.exe
SS - | Demand 2007-06-01 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
SR - | Auto 2009-11-20 154216 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 2011-12-16 164352 | (PowerOffer Service) . (.PowerOfferService.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\PosService\Pos.exe
SR - | Auto 177704 | (ProtexisLicensing) . (...) - C:\WINDOWS\system32\PSIService.exe
SR - | Auto 2010-03-10 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
~ Services: Scanned in 00mn 00s



~ 825 Legitimates filtered by white list
End of the scan (474 lines in 03mn 02s)(0)

Publicité


Signaler le contenu de ce document

Publicité