psh
Nombre d'articles : 0

Ok bonjour H.A.W.X

zhpdiag:
[spoiler:2mh7q9s3]~ Rapport de ZHPDiag v2013.10.9.26 – Nicolas Coolman (09/10/2013)
~ Lancé par Danet (09/10/2013 18:48:29)
~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox v2.0.0.16 (fr)
GCIE: Google Chrome v30.0.1599.69 (Defaut)
OBIE: Safari v5.33.16.0

—\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : MQ3CQ
Windows License : OK
Windows Automatic Updates : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.3.0216.0
McAfee Security Scan Plus v3.8.130.8

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.5 – Français
Java 7 Update 40

—\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3061 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 60 GB (42%) free of 141 GB

—\ Mode de connexion au système
~ Computer Name: PC-DE-DANET
~ User Name: Danet
~ All Users Names: Danet, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersDanetAppDataRoamingZHP
~ %AppData% : C:UsersDanetAppDataRoaming
~ %Desktop% : C:UsersDanetDesktop
~ %Favorites% : C:UsersDanetFavorites
~ %LocalAppData% : C:UsersDanetAppDataLocal
~ %StartMenu% : C:UsersDanetAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 60 Go of 141 Go)
D: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
~ Security Center: 36 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.19/01/2008 – 08:33:37.) — C:WindowsSystem32Wininit.exe [96768]
[MD5.21A5424935A32080A58DD40F2712212C] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.31/07/2013 – 10:52:44.) — C:WindowsSystem32wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.19/01/2008 – 06:28:02.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.19/01/2008 – 06:49:18.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.19/01/2008 – 06:56:28.) — C:Windowssystem32DriversIpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.19/01/2008 – 06:56:34.) — C:Windowssystem32DriversRasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.02/11/2006 – 10:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 04s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 19/208
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/57
~ Mes Documents (My Documents) : 1/3197
~ Mon Bureau (My Desktop) : 1/13644
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 01mn 08s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe [532040] [PID.3052]
[MD5.D4F80A8E700ADABEC388071C8C81F395] – (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [857648] [PID.1252]
[MD5.BF38C273C3EC524880AF0AEB2E7CE160] – (.Sonic Solutions – RoxMMTrayApp Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe [232184] [PID.2348]
[MD5.E26642C193B81F2AA06D6013D4E07D03] – (…) — C:Program FilesCyberLinkMagicSportsKernelMagicSportsMSPMirage.exe [102400] [PID.2828]
[MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] – (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe [174872] [PID.3736]
[MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.3588]
[MD5.E3E35989184E217D5B10986E1207D3AA] – (.Guillemot Corporation S.A. – CamService Application.) — C:Program FilesHerculesDualPix ExchangeCamService.exe [81920] [PID.3668]
[MD5.A244E67F073377DE0E53D3068932B040] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [142120] [PID.3096]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [254336] [PID.3452]
[MD5.B1D8669CD13163585CA133332EDD60E3] – (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe [1120568] [PID.3184]
[MD5.BF08674925F151BD4537B89A493E3E0C] – (.Microsoft Corporation – Media Center Tray Applet.) — C:Windowsehomeehtray.exe [125952] [PID.3980]
[MD5.43D083268A0919F3527A2837390BAF63] – (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [218032] [PID.4000]
[MD5.2A30429FDE9CA91D9547933C637A3D8D] – (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe [206184] [PID.2552]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.2304] =>Toolbar.Google
[MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] – (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe [366536] [PID.3280]
[MD5.2DB9877A60E2343490D71C8EA7E26FE3] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [16945032] [PID.3804]
[MD5.85EBCDF930AD766B46A521A9149D3276] – (.Pas de propriétaire – Netgear.) — C:Program FilesNETGEARWNA3100WNA3100.exe [4577760] [PID.3124]
[MD5.1B898F334DE8CDCC142FEA0F99E3814D] – (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [789032] [PID.3568]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:Windowsehomeehmsas.exe [37376] [PID.160]
[MD5.D3D4BD94434A9CB4B35E82283EAE8EFB] – (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe [273296] [PID.2928]
[MD5.32C26797AB646074A2BB562F9D10ADB5] – (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe [97680] [PID.1440]
[MD5.2D4040F03702E79F6FA98D2E76BA831F] – (.Sonic Solutions – ROXHelpRunner Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMCPSHelpRunner.exe [17656] [PID.4424]
[MD5.F4762082DDCFD241BE8BA5DD35133F4A] – (.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe [264136] [PID.5608]
[MD5.AA9CBDCD4675A48755DDA3A73BE3E283] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [757400] [PID.5692]
[MD5.10B01048B1DA075CD1EE27E30B4CF342] – (.Google Inc. – Google Toolbar Broker.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe [308816] [PID.3408] =>Toolbar.Google
[MD5.D52F1D46D9C862BB8271734E1834BA5A] – (.Adobe Systems, Inc. – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil11g_ActiveX.exe [250528] [PID.4328]
[MD5.B4081C369797ED1BA5B9E8FFC821DE16] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8068608] [PID.5532]
[MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.5148]
[MD5.3EA6A1A744D79328AE7E2C6FAE4C4420] – (.Microsoft Corporation – Antimalware Service Executable.) — c:Program FilesMicrosoft Security ClientMsMpEng.exe [22216] [PID.1004]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1328]
[MD5.095AAFC4129ED6CC8EA6BB1BC712AF72] – (.Lexmark International, Inc. – LexBce Service.) — C:WindowsSystem32LEXBCES.exe [311296] [PID.1756]
[MD5.917672BCDCDE6A80663736D93FA073B2] – (.Lexmark International, Inc. – LEXPPS.EXE.) — C:WindowsSystem32LEXPPS.exe [174592] [PID.1812]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] – (.Microsoft Corporation – Infrastructure d'extensibilité pour les ser.) — C:Windowssystem32WLANExt.exe [74240] [PID.2016]
[MD5.D503DF3ABA595F551B98B9BAE017A271] – (.Apple Inc. – Apple Mobile Device Service.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [144672] [PID.380]
[MD5.EBAD0F51D8D4DADE7660B1851ADDBD07] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [345376] [PID.404]
[MD5.FE7FCACE3678200AE202EB29C9B6A8E8] – (.Broadcom Corporation. – Bluetooth Support Server.) — C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe [567848] [PID.560]
[MD5.BCEEF2999CB7DE5BEB17C17D73784058] – (.Textalk AB – ExtraFilm upload service.) — C:Program FilesExtrafilm Designer FREFUploadSrv.exe [1716224] [PID.2056]
[MD5.AE38A12F79A4980DDB88F36514F8A1DA] – (.Intel Corporation – RAID Monitor.) — C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe [355096] [PID.2168]
[MD5.E076BAE968916E9D2980814CA7E7AB8C] – (.CybelSoft – Service de détection matériel.) — C:Program Filesma-config.comMaConfigAgent.exe [1786704] [PID.2240]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2584]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2752]
[MD5.6987DC1DD7A7159752DFB1F6AABAE062] – (.Intel(R) Corporation – Intel(R) PROSet/Wireless Registry Service.) — C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe [481552] [PID.2912]
[MD5.C3162AC1B592CEB43ABE2F972A7222D3] – (.Pas de propriétaire – RichVideo Module.) — C:Program FilesCyberLinkShared FilesRichVideo.exe [266343] [PID.2980]
[MD5.D0697918519A4CF059C2C7E3B9E93A53] – (.Pas de propriétaire – Wifi Service.) — C:Program FilesNETGEARWNA3100WifiSvc.exe [285152] [PID.3380]
[MD5.9D6A019DEA917F305AF23209FEDD5F16] – (.Intel(R) Corporation – Intel(R) PROSet/Wireless Event Log Service.) — C:Program FilesIntelWiFibinEvtEng.exe [870672] [PID.3424]
[MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.3876]
[MD5.3C30491045DBBD44A42876B3D6F3917D] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [545576] [PID.4460]
[MD5.F8D8BB3F6173FFF00128612F33D3197A] – (.Microsoft Corporation – WMI Reverse Performance Adapter Maintenance.) — C:Windowssystem32wbemWMIADAP.exe [117248] [PID.4300]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] – (.Microsoft Corporation – Programme d’installation de modules Windows.) — C:WindowsservicingTrustedInstaller.exe [39424] [PID.2176]
~ Processes Running: Scanned in 00mn 27s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersDanetAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 12 Legitimates Filtered in 00mn 22s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.defaultprefs.js
M3 – MFPP: Plugins – [Danet] — C:Program FilesMozilla FireFoxsearchpluginsMediaDICO-fr.xml
M2 – MFEP: prefs.js [Danet – 66tq159t.default{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v3.1.20080730W (..) =>Toolbar.Google
P2 – FPN:Firefox Plugin Navigator . (…) — C:Program FilesMozilla FirefoxPluginsNPSWF32.dll
~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R4 – HKCUSOFTWAREMicrosoftInternet ExplorerPhishingFilter,Enabled = 1
~ IE Browser: 13 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL « sysdm.cpl »
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Assistant de configuration NETGEAR WNA3100.lnk . (…) — C:Program FilesNETGEARWNA3100WNA3100.exe
O4 – GSDesktop [Public]: Augmentez la vitesse de votre ordinateur !.lnk . (…) — C:Program FilesIncrediMailBinIobit.url
O4 – GSDesktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
O4 – GSDesktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee.) — C:Program FilesMcAfee Security Scan3.8.130McUICnt.exe
O4 – GSProgram [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{AFAC914D-9E83-4A89-8ABE-427521C82CCF}SafariIco.exe
O4 – GSQuickLaunch [Danet]: Apple Safari.lnk . (…) — C:WindowsInstaller{AFAC914D-9E83-4A89-8ABE-427521C82CCF}SafariIco.exe
O4 – GSQuickLaunch [Danet]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
O4 – GSDesktop [Danet]: Ordinateur.lnk – Clé orpheline
O4 – GSDesktop [Danet]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.sosvirus.net » onclick= »window.open(this.href);return false;
~ Global Startup: 71 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Assistant de configuration NETGEAR WNA3100.lnk . (…) — C:Program FilesNETGEARWNA3100WNA3100.exe
O4 – GSStartup [Public]: Bluetooth.lnk . (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
O4 – GSStartup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.130SSScheduler.exe
O4 – GSStartup [Danet]: OneNote 2007 – Capture d'écran et lancement.lnk . (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe
O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – HKLM..Run: [JMB36X IDE Setup] . (…) — C:WindowsRaidToolxInsIDE.exe
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [RoxWatchTray] . (.Sonic Solutions – RoxMMTrayApp Module.) — C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe =>.Sonic Solutions
O4 – HKLM..Run: [MSPService] . (…) — C:Program FilesCyberLinkMagicSportsKernelMagicSportsMSPMirage.exe
O4 – HKLM..Run: [toolbar_eula_launcher] . (…) — C:Program FilesPackard BellGOOGLE_EULAEULALauncher.exe
O4 – HKLM..Run: [IAAnotif] . (.Intel Corporation – Event Monitor User Notification Tool.) — C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
O4 – HKLM..Run: [NvSvc] . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 156.5.) — C:Windowssystem32nvsvc.dll
O4 – HKLM..Run: [NvCplDaemon] . (.NVIDIA Corporation – NVIDIA Display Properties Extension.) — C:Windowssystem32NvCpl.dll
O4 – HKLM..Run: [NvMediaCenter] . (.NVIDIA Corporation – NVIDIA Media Center Library.) — C:Windowssystem32NvMcTray.dll
O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 – HKLM..Run: [CamserviceDP] . (.Guillemot Corporation S.A. – CamService Application.) — C:Program FilesHerculesDualPix ExchangeCamservice.exe
O4 – HKLM..Run: [Lexmark 2200 Series] C:Program FilesLexmark 2200 Serieslxbvbmgr.exe (.not file.)
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — c:Program FilesMicrosoft Security Clientmsseces.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe
O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
O4 – HKCU..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
O4 – HKCU..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKCU..Run: [IncrediMail] . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailbinIncMail.exe
O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] oobefldr.dll
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] oobefldr.dll
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:Program FilesPackard BellSetUpMyPCSmpSys.exe
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2HOMERunner.exe
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [IncrediMail] . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailbinIncMail.exe
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1416320695-3183783021-3842953559-1002..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab » onclick= »window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{65D2E0DE-E92F-4221-8DD2-93E3ADB91311}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{6B5E9C55-FC6A-45C1-A038-251C36D12584}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{98F09440-8CCE-4390-A801-94E878C60A99}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{B3FA9D68-7E3E-4ACE-A9B1-8A2F82CFFC3C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{F22F5A6E-6E3B-4BAF-868C-D58A7F6BACA0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:Windowssystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: ExtraFilm upload service (EFUploadSrv) . (.Textalk AB – ExtraFilm upload service.) – C:Program FilesExtrafilm Designer FREFUploadSrv.exe
O23 – Service: WSWNA3100 (WSWNA3100) . (.Pas de propriétaire – Wifi Service.) – C:Program FilesNETGEARWNA3100WifiSvc.exe
~ Services: 15 Legitimates Filtered in 00mn 14s

—\ Tâches planifiées en automatique (O39)
[MD5.1C4F38FF4F96589E48E6A5BE885156BC] [APT] [{11EA508C-021E-43BB-A0B3-C554A4DE4DCD}] (…) — C:Windowssystem32spooldriversw32x863LXBVUN5C.exe [101376]
[MD5.00000000000000000000000000000000] [APT] [{324AF8FE-6993-43B3-AA9C-CE784C4A92EA}] (…) — D:NERO 6nero63115.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s

—\ Logiciels installés (O42)
O42 – Logiciel: GoogleToolbar – (…) [HKLM] — GoogleToolbar =>Toolbar.Google
O42 – Logiciel: IncrediMail – (.IncrediMail.) [HKLM] — {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 – Logiciel: IncrediMail 2.0 – (.IncrediMail Ltd..) [HKLM] — IncrediMail
~ Logic: 121 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareIM]
[HKCUSoftwareIncrediMail]
~ Key Software: 185 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 24/09/2013 – 13:59:00 – [0,095] —-D C:Program FilesBonjour(1)
O43 – CFD: 17/01/2010 – 18:02:35 – [26,472] —-D C:Program FilesIncrediMail
O43 – CFD: 17/01/2010 – 18:03:42 – [0] —-D C:ProgramDataIM
O43 – CFD: 17/01/2010 – 18:02:36 – [11,784] —-D C:ProgramDataIncrediMail
O43 – CFD: 19/04/2010 – 18:53:39 – [808,926] —-D C:UsersDanetAppDataLocalIM
~ 8 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 202 Legitimates Filtered in 00mn 54s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.86E4E3C69244CE51C565C0B7C6FD6114] – 08/10/2013 – 12:33:35 —A- . (…) — C:Windowsfsavunin_2.log [70]
O44 – LFC:[MD5.D0A3F5942E970A5DEC6351E4FF10AB90] – 08/10/2013 – 12:33:46 —A- . (…) — C:Windowsfsavunin.log [31615]
O44 – LFC:[MD5.7F69938CF338DFEF417C57AEC0DAB817] – 08/10/2013 – 12:34:06 —A- . (…) — C:Windowsdaasunin.LOG [824]
O44 – LFC:[MD5.9A0C38C5DBFE1774C8DDF269250A1EF1] – 08/10/2013 – 12:34:09 —A- . (…) — C:WindowsFSLDIN.LOG [20684]
O44 – LFC:[MD5.822F2CE17E06FB72DFFDFBEC309CB8AF] – 08/10/2013 – 12:34:11 —A- . (…) — C:WindowsFSGKIAIN.log [23877]
O44 – LFC:[MD5.C723C061B56C42A5A2438C5B6B5F69AD] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSDEPH.log [1257037]
O44 – LFC:[MD5.E4FC18CD01C790849273B78427B6B3DD] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSISU.log [18335670]
O44 – LFC:[MD5.776DB1A12BEFE98186B57D78DE98E30C] – 08/10/2013 – 12:34:20 —A- . (…) — C:WindowsFSUNINST.log [842784]
O44 – LFC:[MD5.2464E44D13A1076046E22695EA3DFC33] – 08/10/2013 – 12:34:20 —A- . (…) — C:Windowsuninstaller.log [122069]
O44 – LFC:[MD5.DC5CF40F4B826C56CD8C0E1364F1A58C] – 09/10/2013 – 16:54:58 —A- . (…) — C:UsbFix [Clean 2] PC-DE-DANET.txt [11402]
~ Files: 25 Legitimates Filtered in 00mn 16s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.95CD9B5C6E800751D7A12996D12C513A] – 09/10/2013 – 11:47:39 —A- – C:WindowsPrefetchDPISCALING.EXE-B25934CE.pf
O45 – LFCP:[MD5.1C8D57A28E51F0BA1D48F785DC7FAF4B] – 09/10/2013 – 11:59:39 —A- – C:WindowsPrefetchSECURITYSCAN_INNER.EXE-2A403820.pf
O45 – LFCP:[MD5.2CE93322448F269FA7EBF62207FEDE1B] – 09/10/2013 – 16:37:52 —A- – C:WindowsPrefetchGO.EXE-0A7DE786.pf
O45 – LFCP:[MD5.B2DB4D0CA32ED60AEDCF6C263A66443C] – 09/10/2013 – 16:39:25 —A- – C:WindowsPrefetchCONTENTDATS.EXE-82493AF7.pf
O45 – LFCP:[MD5.BCE81595FACC3B95C11E0023E00D55F5] – 09/10/2013 – 16:46:55 —A- – C:WindowsPrefetchLEXBCES.EXE-DBA613A6.pf
O45 – LFCP:[MD5.EEFA1B540399B7D57C32AD0C6D331674] – 09/10/2013 – 16:46:55 —A- – C:WindowsPrefetchLEXPPS.EXE-D81723A4.pf
O45 – LFCP:[MD5.112057220FAE58DB89E19E63E78AB214] – 09/10/2013 – 17:39:33 —A- – C:WindowsPrefetchIMNOTFY.EXE-E138605A.pf
O45 – LFCP:[MD5.C62D72C504ABB6A954545AC293EB290A] – 09/10/2013 – 17:43:26 —A- – C:WindowsPrefetchIWRAP.EXE-20582B89.pf
O45 – LFCP:[MD5.78A8F89C1F14D65E76A79BFED43DC3A2] – 09/10/2013 – 17:44:49 —A- – C:WindowsPrefetchIMLPP.EXE-8B4B9E1E.pf
O45 – LFCP:[MD5.AD3DCFB8FFB31782E59A9014BAA29FAA] – 09/10/2013 – 17:44:54 —A- – C:WindowsPrefetchAELDR.EXE-26B3893E.pf
O45 – LFCP:[MD5.C23A3E63517D156AFBF955569FFC92FD] – 09/10/2013 – 17:44:54 —A- – C:WindowsPrefetchIMAPP.EXE-005076D7.pf
~ Prefetcher: 126 Legitimates Filtered in 00mn 00s

—\ Export de clé d'application autorisée (O47)
O47 – AAKE:Key Export SP – « C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.EXE » [Enabled] .(…) — C:UsersDanetAppDataLocalTempIXP002.TMPJKYTJT~1.exe (.not file.)
~ Keys Export: 1 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] – 02/11/2006 – 10:51:34 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [316520]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 08/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalApplicationHistoryRestartExplorer.exe.d85212b3.ini.inuse [0]
O61 – LFC: 08/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataLocal State~RF1d6815.TMP [42649]
O61 – LFC: 08/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleToolbar Cache7.5.4413.1752frtranslate_element.js.content [2381]
O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGDIPFONTCACHEV1.DAT [118088]
O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [260961]
O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
O61 – LFC: 09/10/2013 – 18:52:47 —A- . (…) — C:UsersDanetAppDataLocald3d9caps.dat [8268]
O61 – LFC: 09/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalGoogleChromeUser DataLocal State [41087]
O61 – LFC: 09/10/2013 – 18:52:58 —A- . (…) — C:UsersDanetAppDataLocalIMcontent.xml [22333]
O61 – LFC: 09/10/2013 – 18:53:09 —A- . (…) — C:UsersDanetAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [7582]
O61 – LFC: 09/10/2013 – 18:53:12 —A- . (…) — C:UsersDanetAppDataRoamingZHPLog.txt [19641] =>.Nicolas Coolman
O61 – LFC: 09/10/2013 – 18:53:12 —A- . (…) — C:UsersDanetAppDataRoamingZHPTestsZHPDiag.txt [2819] =>.Nicolas Coolman
~ 481 Fichiers temporaires (Temporary files)
~ 7 Fichiers cookies (Cookies files)
~ Files: 1196 Legitimates Filtered in 00mn 32s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) » onclick= »window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
~ FASS Keys: 21 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program FilesSafariSafari.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6E060DC0E34176DCADE58F9BCC5C2119] [SPRF][09/10/2013] (…) — C:UsersDanetAppDataLocald3d9caps.dat [8268]
[MD5.AA801BC69CC63ABA85BA4E24AC027F8B] [SPRF][09/03/2008] (…) — C:UsersDanetAppDataLocalfusioncache.dat [93]
[MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (…) — C:UsersDanetAppDataLocalTempQuarantine.exe [344355]
[MD5.9AB2BD729256E1A47256D3468D6543A0] [SPRF][17/09/2013] (…) — C:UsersDanetAppDataRoamingnvModes.dat [65707]
[MD5.537713D2F5AC4F5F16F4210C6415E84E] [SPRF][09/09/2010] (…) — C:UsersDanetAppDataRoamingwklnhst.dat [426]
[MD5.31E39E9FF261030F71C0209C016580F4] [SPRF][09/10/2013] (…) — C:UsersDanetDesktopadwcleaner.exe [1048960]
~ Files: 12 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: « {21E544FF-3ABF-4DE6-9DEC-A7DE4E92810F} » | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
O87 – FAEL: « {02CFBD3F-C2D8-4916-9E49-B958EF4EF42A} » | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program FilesIncrediMailBinIncMail.exe
O87 – FAEL: « {3E7046A7-EAE0-481A-A5F0-4247AE68771F} » | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe
O87 – FAEL: « {BD734CA6-9AA2-4468-A240-5590D203505F} » | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailBinImApp.exe
O87 – FAEL: « {73524291-5683-4D9F-B319-7457A85C0354} » | In – Public – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program FilesIncrediMailBinImpCnt.exe
O87 – FAEL: « {A4A19897-494E-4723-8A9B-8893A3F10087} » | In – Public – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program FilesIncrediMailBinImpCnt.exe
O87 – FAEL: « TCP Query User{5B662277-D5B6-4F54-AD66-13295C2B0C37}C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe » | In – Private – P6 – TRUE | .(…) — C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe
O87 – FAEL: « UDP Query User{00911D61-4F1C-407C-829D-CB86748C9441}C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe » | In – Private – P17 – TRUE | .(…) — C:usersdanetdesktopuwampbindatabasemysql-5.6.11binmysqld.exe
~ Firewall: 205 Legitimates Filtered in 00mn 02s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: « DB3F79E5CDDC8814D98935E241AFBBD5 » . (.IncrediMail.) — C:WindowsInstaller{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}ARPPRODUCTICON.exe
~ Update Products: 88 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.234F1813D4E98B798BBB2259D48EB73D] [WIS][31/05/2012] (.IncrediMail – IncrediMail.) — C:WindowsInstaller55507.msi [2889216]
~ WIS: 89 Legitimates Filtered in 00mn 08s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 16/04/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 08/04/2010 345376 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 01/03/2009 567848 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
SS – | Auto 10/07/1658 0 | (CLTNetCnService) . (…) – C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
SR – | Auto 09/07/2009 1716224 | (EFUploadSrv) . (.Textalk AB.) – C:Program FilesExtrafilm Designer FREFUploadSrv.exe
SR – | Auto 24/10/2011 870672 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
SS – | Auto 02/02/2010 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 02/02/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 20/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Auto 21/03/2007 355096 | (IAANTMON) . (.Intel Corporation.) – C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
SR – | Demand 28/04/2010 545576 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 14/01/2004 311296 | (LexBceS) . (.Lexmark International, Inc..) – C:WindowsSystem32LEXBCES.exe
SR – | Auto 08/09/2013 1786704 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
SS – | Demand 06/09/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.130McCHSvc.exe
SR – | Auto 24/10/2011 481552 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
SR – | Auto 06/03/2007 266343 | (RichVideo) . (…) – C:Program FilesCyberLinkShared FilesRichVideo.exe
SS – | Demand 11/01/2007 887544 | (RoxMediaDB9) . (.Sonic Solutions.) – C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
SS – | Auto 11/01/2007 166648 | (RoxWatch9) . (.Sonic Solutions.) – C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
SS – | Demand 14/09/2006 73728 | (stllssvr) . (.MicroVision Development, Inc..) – C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
SS – | Auto 19/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 26/08/2010 285152 | (WSWNA3100) . (…) – C:Program FilesNETGEARWNA3100WifiSvc.exe
SR – | Auto 19/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 10s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net » onclick= »window.open(this.href);return false;
Run by Danet at 09/10/2013 18:54:01

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
C:Windowssystem32DRIVERSiaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8207F916] >> DeviceHarddisk0DR0[0x8651C620]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
Run by Danet at 09/10/2013 18:54:03

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12944 – (09/10/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 3

[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallGoogleToolbar] =>Toolbar.Google^
[HKLMSoftwareClassesIncrediSpooler.DeltaSync] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesIncrediSpooler.DeltaSync.1] =>Toolbar.DeltaSearch
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:UsersDanetAppDataRoamingMozillaFirefoxProfiles66tq159t.default{3112ca9c-de6d-4884-a869-9855de68056c} =>Toolbar.Google^
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google^
~ Additionnel Scan: 287290 Items scanned in 00mn 54s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google » onclick= »window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch » onclick= »window.open(this.href);return false; =>Toolbar.DeltaSearch
~ MSI: 2 link(s) detected in 00mn 54s

~ 2435 Legitimates filtered by white list
End of the scan (601 lines in 06mn 29s)(0)[/spoiler:2mh7q9s3]