Rapport de ZHPDiag v2013.6.10.15 par Nicolas Coolman, Update du 10/06/2013 Run by Nicolas at 14/06/2013 22:09:58 WebSite: http://nicolascoolman.webs.com State : Nouvelle version disponible WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) MFIE: Mozilla Firefox 21.0 GCIE: Google Chrome ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : P92J4 Windows License : OK Windows Automatic Updates : OK ---\\ System Protection Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.22 =>Piriform Ltd ---\\ Peer To Peer (P2P) eMule ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 15 Model 127 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1789 MB (55% free) System Restore: Activé (Enable) System drive C: has 19 GB (18%) free of 102 GB ---\\ Logged in mode ~ Computer Name: NICOLAS-PORT ~ User Name: Nicolas ~ All Users Names: Nicolas, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Nicolas\AppData\Roaming\ ~ %Desktop% : C:\Users\Nicolas\Desktop\ ~ %Favorites% : C:\Users\Nicolas\Favorites\ ~ %LocalAppData% : C:\Users\Nicolas\AppData\Local\ ~ %StartMenu% : C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 102 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go) ---\\ Security Center & Tools Informations ~ Security Center: 37 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/312 ~ Mes musiques (My Musics) : 1/26 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/110 ~ Mes Documents (My Documents) : 1/4057 ~ Mon Bureau (My Desktop) : 1/1411 ~ Menu demarrer (Programs) : 1/22 ~ Hidden Files: Scanned in 00mn 05s ---\\ Processus lancés [MD5.D93985F5D87DF1A119E939EADB5C4B9E] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6266880] [PID.1920] [MD5.78BE2C080AA7F6EB7289EA505D3D8D57] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1037608] [PID.1932] [MD5.4AB05041D5C922B9A7A5D9059F5538CD] - (.Microsoft Corporation - User session Windows Mobile device handler.) -- C:\Windows\WindowsMobile\wmdSync.exe [215552] [PID.1948] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.1984] [MD5.78A1D5697D67D4663977A732FB9460B2] - (.Ulead Systems, Inc. - Photo Express -- Calendar Checker.) -- C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [55296] [PID.2012] [MD5.B2994EC6452DBD04E57828EEFEDFB93C] - (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Users\Nicolas\AppData\Local\Temp\RtkBtMnt.exe [204800] [PID.3556] [MD5.6D70A8A4C20346F63570F0C2DF6BC11C] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528] [PID.3816] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3740] [MD5.EB819EC79D3D913E30FF5558CF04A8B9] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe [814472] [PID.1292] [MD5.67EE46FD4D3B56531C5DD1BDC149275A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757400] [PID.2796] [MD5.3A32FAFEEE290E6E6C058DE59EC4EC88] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7478272] [PID.3340] [MD5.4604DB6D5ECA6362873CC3A76D2204BA] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\Windows\system32\Ati2evxx.exe [692224] [PID.916] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1184] [MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1676] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.12] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.548] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.828] [MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [PID.1280] [MD5.4D06D9A26227AC485305133916888DF1] - (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [24576] [PID.1440] [MD5.793FF718477345CD5D232C50BED1E452] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.1008] [MD5.CB76F68BA0D57C5D25B538981B1C611C] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [50424] [PID.972] [MD5.DF1C10A75DF7E50195FC417F88A33227] - (...) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [PID.452] [MD5.E46B17060D3962A384AE484094614788] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.4000] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\5zu6wpvs.default\prefs.js ~ Firefox Browser: 29 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - User session Windows Mobile device handler.) -- C:\Windows\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [BrStsWnd] . (.brother - brstswnd.) -- C:\Program Files\Brownie\BrstsWnd.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKCU\..\Run: [eMuleAutoStart] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe O4 - HKUS\S-1-5-21-4210551420-1716069962-2498686098-1000\..\Run: [eMuleAutoStart] . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Free Video Converter.lnk . (.Koyote Soft - FreeVideoConverter.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\SendTo: WinAce Archiver.lnk . (.e-merge GmbH - WinAce Archiver v2.65.) -- C:\Program Files\WinAce\winace.exe O4 - GS\Desktop: Free Video Converter.lnk . (.Koyote Soft - FreeVideoConverter.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe O4 - GS\Desktop: iexplore - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} ((no name)) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{7FB873FA-9C83-4BA9-9627-924FC7C3B242}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{AC2174CD-6D54-4C8B-AEB4-7A15A553FAED}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{7FB873FA-9C83-4BA9-9627-924FC7C3B242}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{AC2174CD-6D54-4C8B-AEB4-7A15A553FAED}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk /p \??\E:) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\CreateChoiceProcessTask.job [214] ~ Scheduled Task: 11 Legitimates Filtered in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: BitSpirit v3.3.2.365 Stable - (.LANSPIRIT.NET.) [HKLM] -- BitSpirit_is1 O42 - Logiciel: WinAce Archiver - (.e-merge GmbH.) [HKLM] -- WinAce Archiver ~ Logic: 67 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\1964emu_099] [HKCU\Software\AV2MP3] [HKCU\Software\ByteLinker] [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Digital Video Converter] [HKCU\Software\EmuZWin] [HKCU\Software\RICEDAEDALUS520] [HKCU\Software\e-merge] [HKCU\Software\vfcC] [HKLM\Software\BitSpirit] [HKLM\Software\Converter] ~ Key Software: 223 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 09/04/2013 - 21:45:07 - [0,000] ----D C:\Program Files\ABC 3GP Converter O43 - CFD: 16/01/2009 - 23:10:33 - [0] ----D C:\Program Files\AP Tuner O43 - CFD: 06/02/2009 - 08:30:06 - [18,668] ----D C:\Program Files\BitSpirit O43 - CFD: 02/05/2009 - 18:45:58 - [0] ----D C:\Program Files\NBTVA O43 - CFD: 18/10/2009 - 21:13:30 - [7,678] ----D C:\Program Files\WinAce O43 - CFD: 10/01/2009 - 12:52:20 - [0,625] ----D C:\Program Files\Common Files\BitSpirit O43 - CFD: 10/01/2009 - 12:53:07 - [0] ----D C:\Users\Nicolas\AppData\Roaming\BitSpirit O43 - CFD: 14/06/2013 - 16:59:53 - [29,729] ----D C:\Users\Nicolas\AppData\Roaming\FixZeroAccess ~ Program Folder: 208 Legitimates Filtered in 00mn 04s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.CA9D5826A58411E0095BA6D41E31FF9B] - 14/06/2013 - 20:55:41 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log [4003] O44 - LFC:[MD5.3E9F61CCE5204722D2BF7C7FEB7A847D] - 14/06/2013 - 19:03:10 ---A- . (...) -- C:\Windows\Brownie.ini [237] O44 - LFC:[MD5.32050008B7F0496DB68BEB963C03C8DF] - 14/06/2013 - 19:03:09 ---A- . (...) -- C:\Windows\ulead32.ini [739] O44 - LFC:[MD5.CEAF98D916D2B75B8704BEE7680EE0B5] - 14/06/2013 - 19:03:01 ---A- . (...) -- C:\Windows\System32\agent.log [147] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/06/2013 - 19:03:00 ---A- . (...) -- C:\Windows\System32\LogConfigTemp.xml [0] O44 - LFC:[MD5.63F80CF3B69DCF832A3BFE9994C3307B] - 14/06/2013 - 18:09:28 ---A- . (...) -- C:\ComboFix.txt [10820] O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 14/06/2013 - 18:02:56 ---A- . (...) -- C:\Windows\system.ini [215] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 14/06/2013 - 17:49:26 ---A- . (...) -- C:\Windows\MBR.exe [208896] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 14/06/2013 - 17:49:26 ---A- . (...) -- C:\Windows\PEV.exe [256000] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 14/06/2013 - 17:49:26 ---A- . (...) -- C:\Windows\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 14/06/2013 - 17:49:26 ---A- . (...) -- C:\Windows\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 14/06/2013 - 17:49:26 ---A- . (...) -- C:\Windows\zip.exe [68096] ~ Files: 69 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.BF8DB44721479618EC289A3E3E118D74] - 04/06/2013 - 13:04:36 ---A- - C:\Windows\Prefetch\6588.TMP-CF10B1F8.pf O45 - LFCP:[MD5.8E4158EDF74D6F51A3F9B7615758266E] - 04/06/2013 - 13:04:41 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-AC00E650.pf O45 - LFCP:[MD5.88AB99028E4B9DF9385EA8F5D099A3AC] - 04/06/2013 - 17:37:29 ---A- - C:\Windows\Prefetch\ADOBEREADER_FR-FR.EXE-6A685A11.pf O45 - LFCP:[MD5.A5F98A1505806978E8B49D320B0B7387] - 07/06/2013 - 23:11:04 ---A- - C:\Windows\Prefetch\AGENTSVC.EXE-EDF9C0DC.pf O45 - LFCP:[MD5.6047C68351034D2830B04F65FA3853B0] - 07/06/2013 - 23:11:04 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-BF83F3AB.pf =>Hijacker.Eazel O45 - LFCP:[MD5.4573941F9CA83BE2A49F07A478C2C972] - 07/06/2013 - 23:26:20 ---A- - C:\Windows\Prefetch\LINKCREATOR.EXE-46C3DD3C.pf O45 - LFCP:[MD5.4F98D8D8097C5A0C04B6BB0A8B1A8952] - 07/06/2013 - 23:35:06 ---A- - C:\Windows\Prefetch\01NET_EMULE.EXE-86102B17.pf O45 - LFCP:[MD5.AFD6C52399C588CBBA8AA8005C9A75E9] - 07/06/2013 - 23:36:11 ---A- - C:\Windows\Prefetch\DOWNLOADACC.EXE-4D3D06FF.pf O45 - LFCP:[MD5.172B7010DFA9D2C8308D2959288B5FC5] - 07/06/2013 - 23:36:43 ---A- - C:\Windows\Prefetch\BI.EXE-4FD278F3.pf O45 - LFCP:[MD5.F8C21D3F8D4D55C0ED4F4AE1C88A74BD] - 07/06/2013 - 23:36:50 ---A- - C:\Windows\Prefetch\EMULE0.50A-INSTALLER.EXE-5A5DA617.pf O45 - LFCP:[MD5.E71ACC6525EDCA835753966253A1A394] - 07/06/2013 - 23:59:51 ---A- - C:\Windows\Prefetch\ZSOFT_UNINSTALLER_2.4.1.EXE-0882EF87.pf O45 - LFCP:[MD5.484E5DC4120D5CF089DB4F4D26AB64F0] - 08/06/2013 - 00:02:07 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-5640D407.pf O45 - LFCP:[MD5.AC1B7B16ECDCDC77DF973A2B6813FCA4] - 08/06/2013 - 00:37:02 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-F5D7B3FF.pf O45 - LFCP:[MD5.B9B31F2913C11FCED99E3A4861642B34] - 08/06/2013 - 00:57:10 ---A- - C:\Windows\Prefetch\UNINST1.EXE-41125C68.pf O45 - LFCP:[MD5.75F7203AF1E04CCEC4265308C4C00895] - 13/06/2013 - 09:15:38 ---A- - C:\Windows\Prefetch\HIDCHK.EXE-0E572CF7.pf O45 - LFCP:[MD5.9D7D637D589BFF2007A3CAFA80CFC7FB] - 13/06/2013 - 09:33:01 ---A- - C:\Windows\Prefetch\EMULE.EXE-188E10F6.pf O45 - LFCP:[MD5.866076F3A898FD93239BA08844F9AC49] - 30/05/2013 - 12:58:00 ---A- - C:\Windows\Prefetch\BRAND.EXE-A1088E11.pf O45 - LFCP:[MD5.A814889E286E6FE468EA587F4CAFBFAD] - 30/05/2013 - 12:58:00 ---A- - C:\Windows\Prefetch\BRAND.TMP-30277858.pf O45 - LFCP:[MD5.43D2440C6885FC9C6E9E054A487673D7] - 30/05/2013 - 17:28:15 ---A- - C:\Windows\Prefetch\CSTBOX.EXE-2A0C3FE5.pf ~ Prefetcher: 141 Legitimates Filtered in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \drivers.desc\"xvid.dll"="XviD MPEG-4 Video Codec" . (...) -- C:\Windows\System32\xvid.dll ~ TDSD: 11 Legitimates Filtered in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\WarReg_PopUp [Key] . (.eMachines - WR_PopUp.) -- C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe ~ SMSR Keys: 2 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "TurnOffSPIAnimations"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:32:46 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422968] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 14/06/2013 - 15:59:11 ---A- C:\Users\Nicolas\AppData\Roaming\FixZeroAccess\Archive\FixZeroAccess.sys [35752] O61 - LFC: 14/06/2013 - 17:47:23 ---A- C:\Users\Nicolas\Videos\Sample Videos.lnk [645] ~ 8 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 18 Legitimates Filtered in 00mn 12s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.cmd> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Not Key.) ~ FASS Keys: 23 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.FB7538850B50A19FBD7F28E983D3F01A] [SPRF][22/04/2012] (...) -- C:\Users\Nicolas\AppData\Local\d3d9caps.dat [680] [MD5.EB99C16D4D8076DB90FE3B1EC2A8AC15] [SPRF][16/11/2009] (.alharaquiento - s'enthousiasmât.) -- C:\Users\Nicolas\AppData\Local\jfcxm.exe [294912] [MD5.8D85EDC72F7AF9ABEF0B52380F821F0B] [SPRF][24/11/2009] (...) -- C:\Users\Nicolas\AppData\Local\wccouou.bat [92] [MD5.B2994EC6452DBD04E57828EEFEDFB93C] [SPRF][14/06/2013] (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) -- C:\Users\Nicolas\AppData\Local\Temp\RtkBtMnt.exe [204800] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][02/01/2009] (...) -- C:\Users\Nicolas\AppData\Roaming\wklnhst.dat [0] [MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][13/06/2013] (...) -- C:\Users\Nicolas\Desktop\adwcleaner.exe [648201] [MD5.48545CC5D8F7ADF4643BBAFF6ECA1295] [SPRF][14/06/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Nicolas\Desktop\ComboFix.exe [5080197] [MD5.BE36FC21D6ED7E665A9310CF23E4640E] [SPRF][14/06/2013] (.Symantec Corporation - Zero Access Fix Tool.) -- C:\Users\Nicolas\Desktop\FixZeroAccess.exe [1805736] [MD5.09A3F926C400C29B3CF04FD15A0D8DEA] [SPRF][13/06/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Users\Nicolas\Desktop\JRT.exe [545954] [MD5.1CD51AE9BCEAC9F0CEE159821A1817B8] [SPRF][04/02/2013] (...) -- C:\Users\Nicolas\Desktop\RogueKiller.exe [816128] [MD5.DE2EB468A14E00F9A99326C6C9C07075] [SPRF][02/02/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1914440] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12437 - (10/06/2013) Clés trouvées (Keys found) : 15 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1] =>PUP.Dealio [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKCU\Software\DataMngr_Toolbar] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A65E491F-A436-4952-B49A-B24ED99A0F67}] =>Toolbar.TomsGuide [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A65E491F-A436-4952-B49A-B24ED99A0F67}] =>Toolbar.TomsGuide ~ Additionnel Scan: 216516 Items scanned in 00mn 23s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 14/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 04/07/2008 692224 | (Ati External Event Utility) . (.ATI Technologies Inc..) - C:\Windows\System32\Ati2evxx.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 03/03/2008 16384 | (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe SR - | Auto 24576 | (ETService) . (...) - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe SS - | Auto 27/06/2009 133104 | (gupdate1c9f6e53b880f30) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 27/06/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 11/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 06/04/2008 50424 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 131072 | (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Nicolas at 14/06/2013 22:12:56 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys ahcix86s.sys C:\Windows\System32\drivers\sfsync02.sys Protection Technology StarForce Protection System C:\Windows\system32\DRIVERS\ahcix86s.sys AMD Technologies Inc. AMD Technology AHCI Compatible Controller 1 ntkrnlpa!IofCallDriver[0x82A5F916] >> \Device\Harddisk0\DR0[0x863B2AC8] kernel: MBR read successfully user & kernel MBR OK error: Read Ressources système insuffisantes pour terminer le service demandé. ~ MBR: 16 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Nicolas at 14/06/2013 22:12:58 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1338 Legitimates filtered by white list End of the scan (502 lines in 03mn 00s)(0)