Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013 Run by norbert at 21/06/2013 17:04:13 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 (Defaut) GCIE: Google Chrome v27.0.1453.116 OBIE: Safari v5.34.57.2 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit (Build 7600) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 9YQTR Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection avast! Free Antivirus v7.0.1426.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.2.0223.1 Windows Defender W7 ---\\ System Optimizer ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 ActiveX Adobe Reader XI ---\\ System Information ~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (58% free) System Restore: Activé (Enable) System drive C: has 11 GB (9%) free of 116 GB ---\\ Logged in mode ~ Computer Name: NORBERT-PC ~ User Name: norbert ~ All Users Names: norbert, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\norbert\AppData\Roaming\ ~ %Desktop% : C:\Users\norbert\Desktop\ ~ %Favorites% : C:\Users\norbert\Favorites\ ~ %LocalAppData% : C:\Users\norbert\AppData\Local\ ~ %StartMenu% : C:\Users\norbert\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 11 Go of 116 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 329 Go of 330 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 06:49:19.) -- C:\Windows\System32\wininet.dll [1198080] [MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.17/08/2010 - 19:36:45.) -- C:\Windows\System32\Winlogon.exe [389632] [MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936] [MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696] [MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072] [MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840] [MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/517 ~ Mes musiques (My Musics) : 1/166 ~ Mes Favoris (My Favorites) : 1/34 ~ Mes Documents (My Documents) : 1/45 ~ Mon Bureau (My Desktop) : 1/2892 ~ Menu demarrer (Programs) : 1/34 ~ Hidden Files: Scanned in 00mn 04s ---\\ Processus lancés [MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [51768] [PID.2100] [MD5.852EE4F61139A1B3F44EDAA0D5B3FC14] - (...) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [53888] [PID.2132] [MD5.868E3486E7EC522330344152A5535783] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [305720] [PID.2148] [MD5.BDD790326FABC31FB635130810245062] - (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440] [PID.2508] [MD5.37DEB76A2CF005841C4E45DE2B94D84F] - (.ASUS - AsScrPro.) -- C:\Windows\AsScrPro.exe [3058304] [PID.2988] [MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2748] [MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512] [PID.4068] [MD5.58D926F3B2113BF849162C9C26FE21DC] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [672912] [PID.3848] [MD5.1DAC4ABDD489EF891A924F4954C13172] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [277104] [PID.4952] [MD5.FCB358973491095D026BB289EA5CC75A] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712] [PID.2604] [MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7521280] [PID.2772] [MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1412] [MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1440] [MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768] [PID.1484] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1768] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1788] [MD5.65608C44E71D7BA056C9EFCD8A00A7FE] - (.Microsoft Corp. - Bing Desktop updating service.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192] [PID.1852] [MD5.9E897C2438BF9A48EE8F01076C403DA8] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe [182912] [PID.2516] [MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe [2488888] [PID.2864] [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe [113208] [PID.2944] [MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe [174648] [PID.3000] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\norbert\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: (no name) [64Bits] - {d5f79f97-94aa-439c-9f38-54a9298600e5} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) ~ IE Browser: 18 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\norbert\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files (x86)\Winamp\winamp.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - Global Startup: C:\Users\norbert\Desktop\Aller sur MSN.fr.url . (.Skype Technologies S.A. - Skype.) -- C:\Users\norbert\Desktop\Aller sur MSN.fr.url O4 - GS\Desktop: DVDVideoSoft Free Studio.lnk . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe O4 - Global Startup: C:\Users\norbert\Desktop\Découvrez Hotmail.url . (.DvdVideoSoft Ltd. - FreeStudioManager.) -- C:\Users\norbert\Desktop\Découvrez Hotmail.url O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop: Ordinateur - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Windows Live Messenger.lnk . (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) ~ Global Startup: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpNameServer = 192.168.254.1 192.168.254.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{D8B98488-B177-4FE3-8780-2AA4D3C965A3}: DhcpDomain = solutek.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1 192.168.254.2 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{76AEE4B6-CE8A-4502-B384-C4FA202CC3F0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7A8CFA46-941E-4A86-B854-662A58F662B6}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C0BBE1D5-A962-4AFF-AB5D-43D1581FA1E0}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F5057DC6-312A-441B-BFAD-07716B5B1BD1}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0] ~ Scheduled Task: 19 Legitimates Filtered in 00mn 05s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] ~ Key Software: 157 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 10/01/2011 - 08:48:12 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 10/01/2011 - 08:46:14 - [0,023] ----D C:\ProgramData\IncrediMail O43 - CFD: 17/10/2012 - 20:33:09 - [0,099] ----D C:\Users\norbert\AppData\Roaming\Shareaza O43 - CFD: 11/01/2011 - 19:15:26 - [54,117] ----D C:\Users\norbert\AppData\Local\IM O43 - CFD: 08/01/2012 - 11:22:17 - [0] ----D C:\Users\norbert\AppData\Local\Shareaza ~ 278 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 463 Legitimates Filtered in 00mn 26s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0404.dat [116342] O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [144906] O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0404.dat [395034] O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [700386] O44 - LFC:[MD5.33355434198F2C09A40A27D1E0A717AF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0404.dat [116342] O44 - LFC:[MD5.4B8CB56C10F0FBB4EE21CF734345BDA4] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfc0816.dat [144906] O44 - LFC:[MD5.215AE10010A60A5E072B54AC49425AA7] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0404.dat [395034] O44 - LFC:[MD5.BB130E734F7B549518717516627F62DF] - 18/06/2013 - 08:54:17 RSHAD . (...) -- C:\Windows\System32\prfh0816.dat [700386] O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagerr.xml [1908] O44 - LFC:[MD5.16EDC8540B951620E64DC656CA954381] - 17/06/2013 - 13:22:04 ---A- . (...) -- C:\Windows\diagwrn.xml [2622] O44 - LFC:[MD5.07B9A02E29D6A41B051876030B61B205] - 13/06/2013 - 13:43:21 ---A- . (...) -- C:\Windows\ntbtlog.txt [395742] O44 - LFC:[MD5.503F58A2054453521E92E876EB50A0E2] - 11/06/2013 - 16:05:39 ---A- . (...) -- C:\WinUpdateFix.txt [1286] O44 - LFC:[MD5.B200508C361F341A25935816294330FC] - 07/06/2013 - 14:09:52 ---A- . (...) -- C:\Windows\IE9_main.log [15192] ~ Files: 59 Legitimates Filtered in 00mn 24s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\AmIcoSinglun64 [Key] . (.AlcorMicro Co., Ltd. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O53 - SMSR:HKLM\...\startupreg\Hiyo [Key] . (...) -- C:\Program Files (x86)\HiYo\bin\HiYo.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Magentic [Key] . (...) -- C:\Program Files (x86)\Magentic\bin\Magentic.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Setwallpaper [Key] . (...) -- c:\programdata\SetWallpaper.cmd (.not file.) ~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {4399BB5B-4A79-4CEE-ABC0-7A0483AC0223} [DefaultScope] - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {FD1D6973-B94F-47E2-971E-FC8C56677C7F} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/12/2009] (...) -- C:\ProgramData\FullRemove.exe [131368] [MD5.718D8BD731B457E7A387AD66A4601F61] [SPRF][18/06/2013] (...) -- C:\Users\norbert\AppData\Local\Temp\ICReinstall_7z920.exe [605576] [MD5.8377FA7E5AFE48D93BD646446EFD22D8] [SPRF][12/01/2011] (.Pas de propriétaire - Photo Notifier and Animation Creator Installer.) -- C:\Users\norbert\Desktop\pnac_install.exe [444240] ~ Files: Scanned in 00mn 04s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{A073D531-AB2F-409E-9567-0BFA06E46020}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{17E037BA-8D04-4570-98D1-8F37FB2BE025}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{A740BEFF-791F-452C-BA9D-86DA44B1C59F}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{2323AEF7-1FE0-46B8-B32F-FC0D2D2CE665}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{528D0B95-A7B1-4D0B-BC1D-C05F73668F0D}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{82A744E5-95E5-479C-AC41-B8F586A809AC}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{E0E22E96-C223-4E1C-82E6-60B27C6C3978}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{99C8B23E-E748-4A63-9108-86BEEFC2C2DF}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "TCP Query User{F8BB361F-432D-4F12-A4CE-1513EAB0AC66}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.) O87 - FAEL: "UDP Query User{75E4D1B4-B752-4146-B8EE-3713DD4213B7}C:\program files (x86)\shareaza\shareaza.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\shareaza\shareaza.exe (.not file.) O87 - FAEL: "{B2DCC7D5-89A4-4CCB-A1C1-469C48C0A9E2}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{F3C4345A-6B38-41C6-87E7-BF4B0EEF3C80}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{3427553A-B43C-4C1A-B616-4C39FD191160}" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{5C7B35FB-2789-4276-8E88-5D60483CC463}" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) ~ Firewall: 203 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.12520 - (18/06/2013) Clés trouvées (Keys found) : 14 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing ~ Additionnel Scan: 251471 Items scanned in 00mn 32s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 21/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 08/12/2009 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe SR - | Auto 11/12/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe SR - | Auto 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe SR - | Auto 07/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 17/08/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 17/08/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 17/08/2010 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 18/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 05s ~ 1392 Legitimates filtered by white list End of the scan (417 lines in 02mn 13s)(0)