Rapport de ZHPDiag v2013.6.30.48 par Nicolas Coolman, Update du 30/06/2013 Run by mikepeter at 30/06/2013 21:43:19 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16618 GCIE: Google Chrome v27.0.1453.116 (Defaut) OBIE: Wacom WebTabletPlugin for Netscape v1.1.0.3 ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit (Build 6000) Windows Server License Manager Script : OK ~ Windows(R) 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : F4QQ2 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK ---\\ System Protection Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft Security Client v4.2.0223.1 ---\\ System Optimizer CCleaner v4.02 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Reader XI ---\\ System Information ~ Processor: x86 Family 15 Model 6 Stepping 4, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (55% free) System Restore: Activé (Enable) System drive C: has 109 GB (72%) free of 149 GB ---\\ Logged in mode ~ Computer Name: MIKEPETER-PC ~ User Name: mikepeter ~ All Users Names: UpdatusUser, mikepeter, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\mikepeter\AppData\Roaming\ ~ %Desktop% : C:\Users\mikepeter\Desktop\ ~ %Favorites% : C:\Users\mikepeter\Favorites\ ~ %LocalAppData% : C:\Users\mikepeter\AppData\Local\ ~ %StartMenu% : C:\Users\mikepeter\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 109 Go of 149 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 166 Go of 179 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 121 Go of 365 Go) G:\ Hard drive, Flash drive, Thumb drive (Free 185 Go of 387 Go) H:\ Hard drive, Flash drive, Thumb drive (Free 84 Go of 149 Go) I:\ Hard drive, Flash drive, Thumb drive (Free 94 Go of 574 Go) J:\ Hard drive, Flash drive, Thumb drive (Free 298 Go of 357 Go) Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 35 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.2473CA6595A2659D7039A4A89FECA269] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.17/05/2013 - 02:25:57.) -- C:\Windows\System32\wininet.dll [1767936] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/23 ~ Mes musiques (My Musics) : 1/12 ~ Mes Videos (My Videos) : 1/3 ~ Mes Favoris (My Favorites) : 1/24 ~ Mes Documents (My Documents) : 1/64 ~ Mon Bureau (My Desktop) : 1/119 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.F74737E0EF87295E82EBD0A4B040539A] - (.Microsoft Corporation - Composant de saisie tactile ou avec stylet.) -- C:\Windows\SYSTEM32\WISPTIS.exe [334336] [PID.1596] [MD5.21E01FD4147EA1B952E4CD9928B879B8] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [181760] [PID.360] [MD5.E04599579D15710E22AC4F5F06E13AD2] - (.Global Graphics Software Ltd. - gDocCreator Client application.) -- F:\CorelCreatorClient.exe [667648] [PID.2432] [MD5.F8D427DAE2984A4968E2D1CB53634784] - (.Nuance Communications, Inc. - OCR Aware.) -- F:\OpWareSE4.exe [79400] [PID.2468] [MD5.32F1A63C86D009D95994B543511D6E5C] - (.Pas de propriétaire - NsWrtMon Microsoft Base Class Application.) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe [20480] [PID.2504] [MD5.4DAB37E8BEDA1F286F0C40B8AAB0D65C] - (.Pas de propriétaire - Everything.) -- F:\Everything\Everything.exe [602624] [PID.2596] [MD5.7F170BCBE08B1527128099E779A42C27] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- F:\Todo Backup\bin\EuWatch.exe [70728] [PID.2744] [MD5.AB43E836425F0E1B0B737007B275D717] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- F:\Todo Backup\bin\TrayNotify.exe [1315400] [PID.2808] [MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- F:\iTunesHelper.exe [152392] [PID.2936] [MD5.D05D1BBCBA6C6843A7A96C5289DA22BE] - (.Pas de propriétaire - NsWrtProc Microsoft Base Clase Application.) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe [24576] [PID.3268] [MD5.E57577D990EA7D53D258BA14B819E4DE] - (.Wacom Technology, Corp. - Tablet user module for professional driver.) -- C:\Windows\system32\WTablet\Wacom_TabletUser.exe [132392] [PID.3400] [MD5.2F0EAAF91FC7A5C70D1F4BE9B18A1CF5] - (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe [354304] [PID.3504] [MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2316] [MD5.7D685AE28E6876EE5057DA51958F3CA7] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [294400] [PID.3196] [MD5.5521928AA79079565B7CB8FCE6806131] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [825808] [PID.3800] [MD5.85A9DC6884FD812C63C757A42206B2C4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7625728] [PID.628] [MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.872] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.896] [MD5.C1F19D2BACBEE9AB64D9AE69E9859AC0] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456] [PID.1012] [MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1824] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1924] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.508] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1392] [MD5.3C6EA21E43BE313A9AEAF0E26E2A90AD] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) -- F:\Todo Backup\bin\Agent.exe [69192] [PID.1744] [MD5.72230BF2F36924051B52F26DF74504D0] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) -- F:\Todo Backup\bin\GuardAgent.exe [23624] [PID.2072] [MD5.B1E1C8BB1392537E4D415FCDCB93B1D3] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2260] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2444] [MD5.A5812F0281CA5081BF696626F9BF324D] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2724] [MD5.7855D6371E72EDCE0C4148AC79674DD4] - (.Wacom Technology, Corp. - Tablet Service for professional driver.) -- C:\Windows\system32\Wacom_Tablet.exe [1373480] [PID.2780] [MD5.CB73BC422C07FB611F194DA18D1E7F36] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.2852] [MD5.DDAC7684F4BC3F655ED31D8AA494E9AB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3772] [MD5.FE56897B27ED266F9C4E7D90A0B5DA47] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3564] [MD5.C3CD30495687C2A2F66A65CA6FD89BE9] - (.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\System32\vds.exe [453632] [PID.1132] [MD5.5E39149218CF703B8FD2E1854A4CEDE7] - (.Global Graphics Software Ltd - Corel Creator Messages Module.) -- C:\Windows\system32\CorelCreatorMessages.exe [73728] [PID.1080] [MD5.2C49B175AEE1D4364B91B531417FE583] - (.Microsoft Corporation - Programme d’installation pour les modules W.) -- C:\Windows\servicing\TrustedInstaller.exe [204800] [PID.4056] [MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Service de la plateforme de protection logi.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.1384] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\mikepeter\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://search.babylon.com =>Toolbar.Babylon G0 - GCSP: Preference [User Data\Default][HomePage] http://search.babylon.com =>Toolbar.Babylon G0 - GCSP: Preference [User Data\Default] http://search.babylon.com =>Toolbar.Babylon ~ Google Browser: 13 Legitimates Filtered in 00mn 27s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [CorelCreatorClient] . (.Global Graphics Software Ltd. - gDocCreator Client application.) -- F:\CorelCreatorClient.exe O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe O4 - HKLM\..\Run: [OpwareSE4] . (.Nuance Communications, Inc. - OCR Aware.) -- F:\OpwareSE4.exe O4 - HKLM\..\Run: [WrtMon.exe] . (.Pas de propriétaire - NsWrtMon Microsoft Base Class Application.) -- C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe O4 - HKLM\..\Run: [Everything] . (.Pas de propriétaire - Everything.) -- F:\Everything\Everything.exe O4 - HKLM\..\Run: [EaseUs Watch] . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- F:\Todo Backup\bin\EuWatch.exe O4 - HKLM\..\Run: [EaseUs Tray] . (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Application.) -- F:\Todo Backup\bin\TrayNotify.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- F:\iTunesHelper.exe O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-1195143013-4257383624-559912087-1001\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: VuPassword.lnk . (.Pierre TORRIS - Afficheur de mots de passe.) -- C:\Program Files\VuPassword\VuPassword.exe O4 - GS\TaskBar: 21st.lnk . (...) -- F:\21st.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Digital Radio Tuner.lnk . (.Robin Bailleux - Lecteur/Enregistreur de Radios sur Internet.) -- F:\Internet Digital Radio Tuner\IDRT.exe O4 - GS\TaskBar: Microsoft Word Starter 2010.lnk . (.Microsoft Corporation - Microsoft Office Client Virtualization Hand.) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.exe O4 - GS\TaskBar: On-Screen Keyboard.lnk . (.Microsoft Corporation - Accessibilité au Clavier visuel.) -- C:\Windows\system32\osk.exe O4 - GS\TaskBar: Search Everything.lnk . (...) -- F:\Everything\Everything.exe O4 - GS\TaskBar: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\system32\SnippingTool.exe O4 - GS\TaskBar: Sticky Notes.lnk . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\system32\StikyNot.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: Corel PHOTO-PAINT X4 (2).lnk . (.Macrovision Corporation - InstallShield.) -- c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF014}\NewShortcut2.exe O4 - GS\Desktop: CorelDRAW X4.lnk . (.Macrovision Corporation - InstallShield.) -- c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\NewShortcut1.exe O4 - GS\Desktop: Downloads.lnk . (...) -- C:\Users\mikepeter\Downloads O4 - GS\Desktop: Search Everything.lnk . (...) -- F:\Everything\Everything.exe O4 - GS\Desktop: usbfix - Raccourci.lnk . (.El Desaparecido - SosVirus.net - UsbFix - Remove malware from yours drive!.) -- C:\Users\mikepeter\Downloads\usbfix.exe O4 - GS\Desktop: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe ~ Global Startup: Scanned in 00mn 02s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{93B3D523-2946-4B7E-9A03-5474A67E648E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{93B3D523-2946-4B7E-9A03-5474A67E648E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{93B3D523-2946-4B7E-9A03-5474A67E648E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{3368A452-C726-47D9-A786-B40EF7BBB012}] (...) -- F:\1-UT-exeC -(F)\Revouninstaller.exe (.not file.) [0] [MD5.CE8DF01A9085566E1515A7D3DD0059B4] [APT] [{7EA6176F-CC7E-4A00-8D2A-86AD93E4DB1F}] (.EASEUS.) -- F:\Downloads\epm.exe [11703104] [MD5.00000000000000000000000000000000] [APT] [{BF65D2DB-F2D3-48D7-8E26-33657C337093}] (...) -- D:\Realtek\RTL8139\Windows\setup.exe (.not file.) [0] ~ Scheduled Task: 12 Legitimates Filtered in 00mn 07s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (SamsungMonitorFirmware) . (.Samsung Electronics, Inc. - MagicTunePremium Driver.) - C:\Windows\system32\drivers\MFWCtwl.sys ~ Drivers: 66 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 31/12/2012 - 20:13:28 - [18,098] ----D C:\Program Files\Common Files\PDFView O43 - CFD: 23/06/2013 - 08:10:32 - [5,434] ----D C:\ProgramData\BrowserDefender ~ Program Folder: 138 Legitimates Filtered in 00mn 07s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F9E94F4F897B077A5012812ED0572D73] - 28/06/2013 - 22:47:22 ---A- . (...) -- C:\Upload_UsbFix.zip [18841395] O44 - LFC:[MD5.CCC71E3DF25FA773DFE0F7EF76BB0570] - 28/06/2013 - 22:47:22 ---A- . (...) -- C:\UsbFix [Clean 2] MIKEPETER-PC.txt [110158] O44 - LFC:[MD5.6056AA27B90C6DD475B4E4D9D6D02F20] - 28/06/2013 - 22:44:34 ----- . (...) -- C:\UsbFix [Clean 1] MIKEPETER-PC.txt [112085] O44 - LFC:[MD5.71795AF4AF620381637947ED3373F9F4] - 28/06/2013 - 22:36:25 ----- . (...) -- C:\UsbFix [Scan 3] MIKEPETER-PC.txt [7137] O44 - LFC:[MD5.B143613E4EE4D798FB612432FA1ECF14] - 28/06/2013 - 18:37:40 ----- . (...) -- C:\UsbFix [Scan 1] MIKEPETER-PC.txt [7466] O44 - LFC:[MD5.B608B5E646180336B245EC04D9D6F125] - 27/06/2013 - 23:37:05 ----- . (...) -- C:\PhysicalMBR.bin [512] O44 - LFC:[MD5.F390146AE3A191CF2C6F7E06F7A79D6A] - 27/06/2013 - 23:01:42 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [98] O44 - LFC:[MD5.793FE87864DF96B611F3481CCA66A801] - 21/06/2013 - 23:09:31 ---A- . (...) -- C:\Windows\System32\shortcut_ex.dat [17] ~ Files: 20 Legitimates Filtered in 00mn 07s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.BC7B240C2D5FF1CDFEBA76E8A37E5225] - 28/06/2013 - 22:45:18 ---A- - C:\Windows\Prefetch\GO.EXE-759C3391.pf O45 - LFCP:[MD5.52C505F869B5D338523EFED66198CDD6] - 29/06/2013 - 18:14:28 ---A- - C:\Windows\Prefetch\LOADER.EXE-0363467D.pf O45 - LFCP:[MD5.B78CA7112044ADD82BEEFAA8DD08B663] - 29/06/2013 - 18:14:28 ---A- - C:\Windows\Prefetch\TBCONSOLEUI.EXE-EE2D96D5.pf O45 - LFCP:[MD5.9AA55ED9979C1A5DA40C6C1A00536AA2] - 30/06/2013 - 19:00:23 ---A- - C:\Windows\Prefetch\OTM.EXE-252A51F0.pf O45 - LFCP:[MD5.984E8D960C44521D5C1356AFAC40428E] - 30/06/2013 - 19:09:26 ---A- - C:\Windows\Prefetch\EVERYTHING.EXE-6E84F247.pf O45 - LFCP:[MD5.507389FC2A4C0E5C54357901FA9F2C50] - 30/06/2013 - 19:14:20 ---A- - C:\Windows\Prefetch\TRAYTIP.EXE-A52511EB.pf ~ Prefetcher: 95 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 27/06/2013 - 06:37:03 --HA- C:\Users\mikepeter\AppData\Roaming\Microsoft\Templates\~$Normal.dotm [162] O61 - LFC: 27/06/2013 - 22:59:44 ---A- C:\Users\mikepeter\Downloads\adwcleaner.exe [648201] O61 - LFC: 27/06/2013 - 23:17:46 ---A- C:\Users\mikepeter\Downloads\OTL.exe - Raccourci.lnk [1446] O61 - LFC: 28/06/2013 - 18:19:44 ---A- C:\Users\mikepeter\Downloads\usbfix.exe [1030081] O61 - LFC: 29/06/2013 - 20:39:32 ---A- C:\Users\mikepeter\Downloads\seaf.exe [498868] O61 - LFC: 30/06/2013 - 18:44:27 ---A- C:\Users\mikepeter\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270233] O61 - LFC: 30/06/2013 - 18:58:00 ---A- C:\Users\mikepeter\Documents\backup.reg [184124444] O61 - LFC: 30/06/2013 - 20:43:05 ---A- C:\Users\mikepeter\AppData\Local\Google\Chrome\User Data\Local State [37341] ~ 1 Fichiers temporaires (Temporary files) ~ Files: 130 Legitimates Filtered in 00mn 05s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: OTL - (.OldTimer.) O63 - Logiciel: OTM - (.OldTimer.) ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 19/10/2012 - Pas de propriétaire (EUBKMON) .(...) - LEGACY_EUBKMON O64 - Services: CurCS - 19/10/2012 - C:\Windows\system32\drivers\eudskacs.sys (EUDSKACS) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver.) - LEGACY_EUDSKACS O64 - Services: CurCS - 19/10/2012 - C:\Windows\system32\drivers\EuFdDisk.sys (EUFDDISK) .(.CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver.) - LEGACY_EUFDDISK O64 - Services: CurCS - 23/12/2011 - C:\Windows\system32\drivers\MFWCtwl.sys (SamsungMonitorFirmware) .(.Samsung Electronics, Inc. - MagicTunePremium Driver.) - LEGACY_SAMSUNGMONITORFIRMWARE ~ Legacy: 81 Legitimates Filtered in 00mn 42s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\APPLIC~1\chrome.exe O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\APPLIC~1\chrome.exe ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - () - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.4ADCFEE16EE9978F06157634669D36FB] [SPRF][27/06/2013] (.OldTimer Tools - Pas de description.) -- C:\Users\mikepeter\Desktop\OTL.exe [602112] [MD5.ABE171BFF8277921FD92BF5DEC76F363] [SPRF][30/06/2013] (.OldTimer Tools - Pas de description.) -- C:\Users\mikepeter\Desktop\OTM.exe [522240] [MD5.5DFC376BC9A09B7D9538B068AA1F3A20] [SPRF][28/02/2013] (.Hewlett-Packard Development Company, L.P. - Realtek High Definition Audio Driver Update.) -- C:\Users\mikepeter\Desktop\sp37325.exe [13098832] [MD5.2985A4D99C4F1CECC4EAA3DB43A2B30A] [SPRF][30/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\mikepeter\Desktop\ZHPDiag2.exe [5694929] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [401408] ~ Files: Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.12631 - (30/06/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector C:\ProgramData\BrowserDefender =>Hijacker.Eazel ~ Additionnel Scan: 209305 Items scanned in 01mn 04s ---\\ Product Upgrade Codes (O90) O90 - PUC: "461BA3C3F469D9146A8818E027B8D9D7" . (.GalleryImages.) -- c:\Windows\Installer\{3C3AB164-964F-419D-A688-810E728B9D7D}\ARPPRODUCTICON.exe ~ Update Products: 74 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Demand 25/04/2012 73728 | (CorelCreatorMessages) . (.Global Graphics Software Ltd.) - C:\Windows\system32\CorelCreatorMessages.exe SR - | Auto 30/10/2012 69192 | (EaseUS Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - F:\Todo Backup\bin\Agent.exe SR - | Auto 19/10/2012 23624 | (Guard Agent) . (.CHENGDU YIWO Tech Development Co., Ltd.) - F:\Todo Backup\bin\GuardAgent.exe SS - | Auto 24/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 24/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Demand 31/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 21/07/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe SS - | Demand 04/11/2008 68760 | (SandraAgentSrv) . (.SiSoftware.) - F:\SiSoftware Sandra Lite 2013\RpcAgentSrv.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 07/09/2007 1373480 | (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Windows\system32\Wacom_Tablet.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 05s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by mikepeter at 30/06/2013 21:54:49 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by mikepeter at 30/06/2013 21:54:51 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Malicius Software Information ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ MSI: Scanned in 00mn 04s ~ 1156 Legitimates filtered by white list End of the scan (466 lines in 11mn 32s)(0)