Rapport de ZHPDiag v1.27.145a par Nicolas Coolman, Update du 23/12/2010
Run by dida-59 at 24/12/2010 01:19:49
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr
---\\ Web Browser
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut)
GCIE: Google Chrome v8.0.552.224
---\\ System Information
Windows 7 Home Premium Edition, 32-bit (Build 7600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (45% free)
System Restore:
System drive C: has 46 GB (30%) free of 149 GB
---\\ Logged in mode
Computer Name: PC-DE-DIDA-59
User Name: dida-59
All Users Names: dida-59, ASPNET, Administrateur,
Unselected Option: O1,O45,O61,O62,O65,O66,O82
Logged in as Administrator
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 46 Go of 149 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 137 Go of 139 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: Modified
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 07:32:26.) -- C:\Windows\System32\drivers\atapi.sys [19944]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 07:32:49.) -- C:\Windows\System32\drivers\ntfs.sys [1083880]
---\\ Processus lancés
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] - (.Pas de propriétaire - ALU.) -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe [51768]
[MD5.38595C19227D211B5A0932F6609A6C32] - (.ASUS - SmartLogon Application.) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [297528]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.74EF10CD035DE51171C98E60E53AE221] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [104936]
[MD5.A6001C8CF042D31AB1377CC7626A1046] - (.Pas de propriétaire - HControlUser.) -- C:\Program Files\ATK Hotkey\HControlUser.exe [98304]
[MD5.2299E0CBEFB41A9DD72E293CE0B00C8B] - (.Pas de propriétaire - ATKOSD2.) -- C:\Program Files\ATKOSD2\ATKOSD2.exe [7766016]
[MD5.470674DE4E14D147777B40A1ACC1F6B0] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [6265376]
[MD5.98888488D0E6DB0256E5E661BCD35EB6] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416]
[MD5.18A713EFF246F3C1293AD1D921B44396] - (.ASUS - ATK Media.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe [159744]
[MD5.12C5C40440637B87D61600AE3DBEFA70] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\ASScrPro.exe [33136]
[MD5.9DEBACAC653B229557F8935267962812] (
) C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe [311808]
[MD5.9AEF1107109189F955192D4B714B516C] - (.France Telecom SA - Pas de description.) -- C:\Program Files\OrangeHSS\Systray\SystrayApp.exe [90112]
[MD5.968B7A2E6BE07CF337A34E07D0BE3ECC] - (.Microsoft Corporation - XBoxStat.exe.) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [734264]
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488]
[MD5.93DB1FF92B03D24738A71E6E4992DFD3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552]
[MD5.869A67EE7C237DD9F9104854CAE0A9CD] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [141608]
[MD5.FB3071F95E602ED69B51598043441ABA] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe [74752]
[MD5.86805548E45DA1668A7035966C64FC3E] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [344736]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952]
[MD5.F34E7705751BB413283434697BF8E55D] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696]
[MD5.094676A83A021CA8EC297D6A70A56993] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [752168]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
[MD5.6028CEB1A1486AAB7BA16DEE39A23AEB] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe [1845800]
[MD5.09CFCEB5072C9FA0BFE0A551F6D5CE07] - (.Synaptics, Inc. - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [95528]
[MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344]
[MD5.3CED5346A0944AEBFA68C1DB4AE06D5F] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe [129720]
[MD5.BA9A09CF1B9503C363617F3748F6D791] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [963976]
[MD5.50565CDB505FA755CCC670EF55931E33] - (.Nicolas Coolman - Diagnostic outil.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [621568]
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)
M1 - SPR:Search Page Redirection - C:\Program Files\Mozilla FireFox\extensions\ hxxp://bing.zugo.com/?cfg=2-80-0-1tNpg
P2 - FPN:Firefox Plugin Navigator . (.Pas de propriétaire - Pas de description.) -- c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 8.2.5.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.Nullsoft, Inc. - Winamp Application Detector.) -- C:\Program Files\Mozilla Firefox\Plugins\npwachk.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIACorporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=0.9.9] - (.the VideoLAN Team - Version 0.9.9, copyright 1996-2009 The VideoLAN Team
[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 Shell Spawning: <.exe> [HKCU\..\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O67 Shell Spawning: <.exe> [HKCR\..\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O67 Shell Spawning: <.exe> [HKCU\..\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O67 Shell Spawning: <.exe> [HKCR\..\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
---\\ Start Menu Internet (SMI) (O68)
O68 StartMenuInternet: [HKLM\..\Shell\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O68 StartMenuInternet: [HKLM\..\Shell\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O68 StartMenuInternet: [HKLM\..\Shell\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
O68 StartMenuInternet: [HKLM\..\Shell\open\Command] (
) « C:\Documents and Settings\dida-59\Local Settings\Application Data\vz.exe
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [dida-59 - puydhj0x.default] user_pref("extensions.snipit.askTbInstalled", true);
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com/results.aspx?q={searchTerms}&src=
{referrer:source?}
O69 - SBI: SearchScopes [HKCU] {18EAB056-9057-F224-FD4C-1F6569C4D8D2} [DefaultScope] - (Ask) - http://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_frFR309
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com/search?q={searchTerms}&rlz=1I7ASUS_frFR309&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
---\\ Internet Feature Controls (O81)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe
---\\ Recherche des services démarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience dapplication.) -- C:\Windows\System32\aelupsvc.dll [24576]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [62976]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [247296]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [125952]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [576512]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [438784]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [315392]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique daccès distant.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\System32\rasmans.dll [262144]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire dinterface dynamique.) -- C:\Windows\System32\mprdim.dll [68608]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification dévénements système (SENS).) -- C:\Windows\system32\sens.dll [47104]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [288256]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [242688]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes Terminal Server.) -- C:\Windows\System32\termsrv.dll [449024]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1929952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [758784]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [247296]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [200704]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [19968]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations dapplication.) -- C:\Windows\System32\appinfo.dll [33280]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [111616]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [45056]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [153088]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [57344]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [162304]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [601600]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service de configuration des services Terminal Server.) -- C:\Windows\system32\sessenv.dll [84992]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur dordinateurs.) -- C:\Windows\System32\browser.dll [81920]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [68096]
---\\ Recherche particuliere à la racine de certains dossiers (SPRF) (O84)
[MD5.676A86173A1FE2698C6F049D74DC6EB2] [SPRF] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\dida-59\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe [875296]
[MD5.2038D1B0E3BA8DEF744F0F53A1B08D5E] [SPRF] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\dida-59\AppData\Local\Temp\MSN1130.exe [466704]
[MD5.60343852375783A274644DF44C4D063C] [SPRF] (.Yuna Software - Messenger Plus! Live Setup.) -- C:\Users\dida-59\AppData\Local\Temp\Update_ddbf.exe [4865432]
[MD5.D2989B6A599572B7EA78574805CF6C2C] [SPRF] (.Samsung Electronics - Samsung Media Studio.) -- C:\Users\dida-59\AppData\Local\Temp\_isB640.exe [455600]
[MD5.D2989B6A599572B7EA78574805CF6C2C] [SPRF] (.Samsung Electronics - Samsung Media Studio.) -- C:\Users\dida-59\AppData\Local\Temp\_isFA13.exe [455600]
[MD5.D2989B6A599572B7EA78574805CF6C2C] [SPRF] (.Samsung Electronics - Samsung Media Studio.) -- C:\Users\dida-59\AppData\Local\Temp\_isFB0D.exe [455600]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\dida-59\AppData\Roaming\pcouffin.sys [47360]
[MD5.A719B9EE6116B496F4000C0B1311EA13] [SPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\dida-59\AppData\Roaming\PnkBstrK.sys [22328]
[MD5.65D0DC98661A3B7170E0F3ACF3F3ACE4] [SPRF] (.PortableAppZ.blogspot.com - Virtual DJ Portable.) -- C:\Users\dida-59\AppData\Roaming\VirtualDJ_Portable_6.0.5_Multilingual.paf.exe [17849613]
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 08/02/2009 72704 | "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 18/05/2007 73728 | C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ADSMService) . (.Pas de propriétaire.) - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 03/10/2007 94208 | C:\Program Files\ATK Hotkey\ASLDRSrv.exe (ASLDRService) . (.Pas de propriétaire.) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | C:\Program Files\ATKGFNEX\GFNEXSrv.exe (ATKGFNEXSrv) . (.Pas de propriétaire.) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 07/05/2010 344736 | "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
SR - | Auto 30/07/2008 522792 | C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 25/05/2010 95568 | C:\Windows\system32\dgdersvc.exe (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SR - | Auto 28/05/2010 233472 | C:\Windows\system32\FsUsbExService.exe (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SS - | Auto 04/11/2010 136176 | "C:\Program Files\Google\Update\GoogleUpdate.exe (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 21/07/2010 540968 | "C:\Program Files\iPod\bin\iPodService.exe (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 21/07/2010 0 | C:\Windows\System32\libusbd-nt.exe (libusbd) . (.http://libusb-win32.sourceforge.net.) - c:\system32\libusbd-nt.exe
SR - | Auto 09/06/2008 73728 | "C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 06/09/2009 71096 | C:\Program Files\CDBurnerXP\NMSAccessU.exe (NMSAccessU) . (.Pas de propriétaire.) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 16/10/2010 600680 | C:\Windows\system32\nvvsvc.exe (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 06/07/2009 66872 | C:\Windows\system32\PnkBstrA.exe (PnkBstrA) . (.Pas de propriétaire.) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 28/05/2007 275968 | C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SR - | Auto 16/10/2010 369256 | C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 17/12/2009 185640 | "C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: VMware_Virtual_IDE_Hard_Drive rev.00000001 -> \Device\Ide\IdePort0
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskVMware_Virtual_IDE_Hard_Drive___________00000001#3030303030303030303030303030303030303130#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8231A292
user != kernel MBR !!!
sectors 16777214 (+208): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by dida-59 at 24/12/2010 01:21:03
Use the desktop link 'MBRCheck' to have full report
---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O58 - SDL:[MD5.5B6C11DE7E839C05248CED8825470FEF] - 02/02/2009 - 21:39:13 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Windows\system32\drivers\pcouffin.sys [47360]
O58 - SDL:[MD5.08EE12005489B77500FCFD7FDCEE1200] - 19/11/2010 - 00:00:00 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\drivers\sptd.sys [691696]
---\\ Infection BT - BHO/Toolbar (Possible)
O42 - Logiciel: Ask.com Search Assistant 1.0.2 - (.Ask.com.) [HKLM] -- Ask.com Search Assistant
End of the scan (1519 lines in 01mn 14s)(0)