Virus qui modifié le thème et désactive le son
Fermé
aitchaffa
Messages postés
1
Date d'inscription
mardi 18 juin 2013
Statut
Membre
Dernière intervention
18 juin 2013
-
18 juin 2013 à 13:23
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 18 juin 2013 à 18:30
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 18 juin 2013 à 18:30
Virus modifié le thème et désactive le son
aitchaffa - 18 juin 2013 à 13:20
Suivre
j'ai bien télécharger et installé le logiciel que tu m'a recommandé ZHPDiag, j'attend des réponses merci, voila le repport qui j'ai récupéré sur le site https://www.cjoint.com/
Rapport de ZHPDiag v2013.6.16.21 par Nicolas Coolman, Update du 16/06/2013
Run by Administrateur at 18/06/2013 11:57:32
WebSite: https://nicolascoolman.webs.com/
State : Problème connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System Protection
Kaspersky Internet Security 2012 v12.0.0.374
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
---\\ Peer To Peer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 15
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (1%) free of 181 GB
---\\ Logged in mode
~ Computer Name: AREZKI
~ User Name: Administrateur
~ All Users Names: HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 181 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 117 Go)
E:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 8 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.1A5B88015B3823D31C5842DE0DBFE842] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/05/2012 - 16:06:36.) -- C:\WINDOWS\system32\wininet.dll [916992]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/23
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 2/9299
~ Mon Bureau (My Desktop) : 1/820
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 23s
---\\ Processus lancés
[MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.1900]
[MD5.71A56E43DDCE106416E45A42106DAA19] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [18791456] [PID.1912]
[MD5.5FD0A7F1966B0FA55F39CFA38B82A4B2] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe [406944] [PID.1928]
[MD5.E5AE6E63005A79FA54859EFB75003A51] - (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintDisp.) -- C:\WINDOWS\system32\PrintDisp.exe [826368] [PID.1936]
[MD5.653951958059071B7BF4E1A21134CC15] - (.Pas de propriétaire - HIPL2000Popup MFC Application.) -- C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe [126976] [PID.2004]
[MD5.04663A391E779815ACED5F071EA51B79] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [129536] [PID.2016]
[MD5.260440CBC6512C43B55F4AEBD45F3999] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [164352] [PID.2044]
[MD5.3760DFC12A4DDA6101EFAC4AA28BB5FC] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [141312] [PID.124]
[MD5.D078198A9674114551D0DF6BB706B475] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1015808] [PID.172]
[MD5.C0E0151199EC1BE8007438308616BC06] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880] [PID.204]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176] [PID.228]
[MD5.588299FCCD50C786F50F5DCD958B0848] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3474840] [PID.248]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.324]
[MD5.746886D62F5912C366A25B01D3A971F0] - (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe [1044560] [PID.440] =>P2P.µTorrent
[MD5.07CBAD62FAE42E81487150F0D81EF334] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.exe [181624] [PID.716]
[MD5.2675908EF1C2CEFC3A9CC0D817A52076] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.exe [1119624] [PID.732]
[MD5.B1AD855A9EE2BED8F96E5C3285EBA4AB] - (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe [192856] [PID.448]
[MD5.E2310ECEAA1E0DE0EE8FE32C7BAB3422] - (.L'Aventure Multimedia - Dictionnaire MediaDICO pour Windows.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDICO38.exe [281088] [PID.1152]
[MD5.FB3784D0A806A85952199E0FFCBEE06B] - (.L'Aventure Multimedia - Reconnaissance Automatique de Caractères.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\Rac38.exe [200792] [PID.2060]
[MD5.249A44DCFA2500EB1C020E33A3E9F25B] - (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [163328] [PID.2616]
[MD5.F195FBC375342BD25C936982245A8FB0] - (.Wireless Service - ANIWZCS2 Service Launcher.) -- C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976] [PID.1884]
[MD5.4DB0907D750E0810309F8D8FA36625A6] - (.Pas de propriétaire - ANIWConnService.) -- C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [40960] [PID.1276]
[MD5.1758AF653723679E3746FC7DDD93C69B] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.692]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.228]
[MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.2836]
[MD5.76B35CB0F3A4E69D6DFF27F542B9F856] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968] [PID.2996]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3008]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3144]
[MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [769432] [PID.2352]
[MD5.81DBFB92EC47CAC5A7DBAC688886C212] - (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintCtrl.) -- C:\WINDOWS\system32\PrintCtrl.exe [65536] [PID.3396]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3400]
[MD5.753D254205E0A62100A050BD8B458D06] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3416]
[MD5.2BD5E2941074788FC5765CFBBA4B3DE9] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [257536] [PID.600]
[MD5.731DC94E205541B848B92A098E3AFB06] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7510016] [PID.3788]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.428]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 34
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} Clé orpheline
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKLM\..\Run: [PrintDisp] . (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintDisp.) -- C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [Synchronization Manager] . (.Microsoft Corporation - Gestionnaire de synchronisation Microsoft.) -- C:\WINDOWS\system32\mobsync.exe
O4 - HKLM\..\Run: [NeroCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (.not file.)
O4 - HKLM\..\Run: [HyperappelPL] . (.Pas de propriétaire - HIPL2000Popup MFC Application.) -- C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [D-Link D-Link DWA-525] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - HKCU\..\Run: [DrvUpdater] . (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe (.not file.)
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [DrvUpdater] . (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) . (.Pas de propriétaire - ANIWConnService.) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
O23 - Service: (Printer Control) . (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintCtrl.) - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 09s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job [300]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job [300]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Express Files Updater.job [290]
[MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: PCCOMPTA Windows - (...) [HKLM] -- PCCOMPTA Windows
O42 - Logiciel: PIXresizer - (.Bluefive software.) [HKLM] -- PIXresizer_is1
O42 - Logiciel: Remo Recover 4.0 - (.Remo Software.) [HKLM] -- {A573D759-F894-448D-A420-3A9C31879F88}_is1
~ Logic: 188 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BlueFive]
[HKCU\Software\Gestion PME]
[HKCU\Software\IncrediMail]
[HKCU\Software\Liter]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\onthegoSoft]
[HKLM\Software\InstallIQ]
[HKLM\Software\Ipgoal22]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\csc22]
[HKLM\Software\onthegoSoft]
~ Key Software: 254 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2012 - 10:23:12 - [58,551] ----D C:\Program Files\DLG
O43 - CFD: 02/06/2013 - 14:26:15 - [0,123] ----D C:\Program Files\GameTop.com
O43 - CFD: 05/12/2012 - 08:03:42 - [0,000] ----D C:\Program Files\OpenApp
O43 - CFD: 25/10/2012 - 08:47:44 - [2,245] ----D C:\Program Files\PIXresizer
O43 - CFD: 31/03/2013 - 14:07:55 - [57,514] ----D C:\Program Files\Remo Recover 4.0
O43 - CFD: 22/03/2012 - 09:56:09 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\passport_photo
O43 - CFD: 26/01/2012 - 10:23:22 - [0,001] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\PCCOMPTA
~ Program Folder: 135 Legitimates Filtered in 00mn 26s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8BBBA13A2FC167ADD0FD241674B3F017] - 17/06/2013 - 11:41:39 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 17/06/2013 - 10:34:50 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{2B8D390D-F59C-4D56-8A8C-E8D4E0D1773B} [15]
O44 - LFC:[MD5.E18797778CE5558FFCAC84E050C17B85] - 17/06/2013 - 10:33:44 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.log [2944]
O44 - LFC:[MD5.4CA820F9E392D3CFCD7005AC46CD6CDE] - 17/06/2013 - 10:22:03 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCS{556CDC57-237A-45F8-9E46-63AA0F415816} [3284]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 17/06/2013 - 10:21:48 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{556CDC57-237A-45F8-9E46-63AA0F415816} [15]
O44 - LFC:[MD5.9D7A527409107A62057BD9186A049939] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [785814]
O44 - LFC:[MD5.5020CA929B4F65B6F5D2E12D4633AD3B] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [55064]
O44 - LFC:[MD5.B2B6D0490D874A84C66DC9709F8110EC] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\comsetup.log [269699]
O44 - LFC:[MD5.D881E413872EC9D00D021CE7F68DF67B] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\iis6.log [923494]
O44 - LFC:[MD5.27FA99260071E561838C292C1C0008B0] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\imsins.log [1917]
O44 - LFC:[MD5.0D9B7BA2F51CBC611EFFA9F46EBAD107] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\netfxocm.log [137007]
O44 - LFC:[MD5.B17A48684C320D8CADF98C9DCD7E803C] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [164094]
O44 - LFC:[MD5.F196F8910058114F939A256D9AA3F5ED] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\ocgen.log [308117]
O44 - LFC:[MD5.5F0BD639C40601DFD775EF4884ECDEB7] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\tabletoc.log [38883]
O44 - LFC:[MD5.E2D68B07DF653CEAF207CF82432A912D] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\tsoc.log [366452]
O44 - LFC:[MD5.337E0E2259FDA7F8DD3DA0105CDC940C] - 17/06/2013 - 09:48:25 ---A- . (...) -- C:\WINDOWS\msmqinst.log [254134]
O44 - LFC:[MD5.780D5319F18353C2185CF6E473EB9F6E] - 17/06/2013 - 09:48:18 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4566]
O44 - LFC:[MD5.7C45987207901F8F73F5772E07C3F37F] - 16/06/2013 - 14:33:41 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [95314]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 16/06/2013 - 14:31:04 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 16/06/2013 - 14:30:21 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 16/06/2013 - 14:30:21 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.4FD42BC7336F3E8B033FD3914015FC67] - 16/06/2013 - 14:26:41 ---A- . (...) -- C:\WINDOWS\wmsetup.log [39199]
O44 - LFC:[MD5.776D39BC4860842CB4E4869473148EA8] - 16/06/2013 - 14:26:36 ---A- . (...) -- C:\WINDOWS\WMFDist11Uninst.log [14379]
O44 - LFC:[MD5.46AEADC40A78C7D250AAD1849A46C51E] - 16/06/2013 - 14:26:30 ---A- . (...) -- C:\WINDOWS\updspapi.log [69268]
O44 - LFC:[MD5.4CA820F9E392D3CFCD7005AC46CD6CDE] - 16/06/2013 - 10:18:02 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCS{987D8164-D566-4583-BA2A-D79F7776106E} [3284]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 16/06/2013 - 10:17:53 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{987D8164-D566-4583-BA2A-D79F7776106E} [15]
~ Files: 46 Legitimates Filtered in 00mn 06s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\YourFileDownloader\Downloader.exe" [Enabled] .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O47 - AAKE:Key Export SP - "C:\Program Files\YourFileDownloader\YourFile.exe" [Enabled] .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
~ Keys Export: 13 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewOnDrive"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableLocalMachineRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableLocalMachineRunOnce"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableCurrentUserRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableCurrentUserRunOnce"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoShellSearchButton"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFile"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoTrayContextMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "StartMenuLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuSubFolders"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoViewOnDrive"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableLocalMachineRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableLocalMachineRunOnce"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableCurrentUserRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableCurrentUserRunOnce"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoShellSearchButton"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoFile"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoTrayContextMenu"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "StartMenuLogoff"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWindowsUpdate"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuSubFolders"=0
~ MWPE Keys: 77 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/08/2001 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.D33B28D9ED695CCF9520D70D825F9D85] - 26/01/2012 - 10:03:23 ---A- . (.Pas de propriétaire - ANPD (NT5) Driver.) -- C:\WINDOWS\system32\ANPD.SYS [29411]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/01/2012 - C:\WINDOWS\system32\ANPD.sys (ANPD) .(.Pas de propriétaire - ANPD (NT5) Driver.) - LEGACY_ANPD
O64 - Services: CurCS - 22/04/2010 - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe (D_Link_DWA-525) .(.Wireless Service - ANIWZCS2 Service Launcher.) - LEGACY_D_LINK_DWA-525
O64 - Services: CurCS - 22/04/2010 - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe (D_Link_DWA-525_WPS) .(.Pas de propriétaire - ANIWConnService.) - LEGACY_D_LINK_DWA-525_WPS
O64 - Services: CurCS - 12/02/2009 - C:\WINDOWS\system32\drivers\rsdrv.sys (ElRawDisk) .(.EldoS Corporation - RawDisk Driver. Allows write access to file.) - LEGACY_ELRAWDISK
~ Legacy: 137 Legitimates Filtered in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <exefile>[HKU\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0E6AFA52-71BA-4915-BBDF-7C4A6939E9C8} - (Search the web (Softonic)) - https://en.softonic.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {849F163C-F6D0-44DF-9CFD-5E1B43D74232} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKCU] {D3AC38B3-A712-41CA-9B31-A79CAE1EEDE6} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} - (mail.ru: ????? ? ?????????) - https://go.mail.ru/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.3CB26C7182D672392234819B7454BDE9] [SPRF][06/03/2013] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\d3d9caps.dat [664]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][17/06/2013] (...) -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe [632031]
[MD5.9A2347903D6EDB84C10F288BC0578C1C] [SPRF][18/06/2013] (.Trend Micro Inc. - HijackThis.) -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe [388608]
[MD5.3AA4A56B5A4E4F9FB086301C0B9221E6] [SPRF][17/06/2013] (.Norman AS - Norman Malware Cleaner.) -- C:\Documents and Settings\Administrateur\Bureau\Norman_Malware_Cleaner.exe [250832648]
[MD5.ADEE2448ACB28BDF831CD3B8DB550ABD] [SPRF][18/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.exe [5679832]
~ Files: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12486 - (16/06/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}] =>Trojan.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\InstallIQ] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}] =>Adware.Agent
[HKLM\Software\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
~ Additionnel Scan: 175530 Items scanned in 00mn 13s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/05/2013 163328 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 22/04/2010 126976 | (D_Link_DWA-525) . (.Wireless Service.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
SR - | Auto 40960 | (D_Link_DWA-525_WPS) . (...) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
SS - | Auto 27/01/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/01/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 26/02/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 28/10/2009 65536 | (Printer Control) . (.ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM.) - C:\WINDOWS\system32\PrintCtrl.exe
SR - | Auto 13/08/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 01s
~ 1035 Legitimates filtered by white list
End of the scan (540 lines in 01mn 44s)(0)
aitchaffa - 18 juin 2013 à 13:20
Suivre
j'ai bien télécharger et installé le logiciel que tu m'a recommandé ZHPDiag, j'attend des réponses merci, voila le repport qui j'ai récupéré sur le site https://www.cjoint.com/
Rapport de ZHPDiag v2013.6.16.21 par Nicolas Coolman, Update du 16/06/2013
Run by Administrateur at 18/06/2013 11:57:32
WebSite: https://nicolascoolman.webs.com/
State : Problème connexion internet
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System Protection
Kaspersky Internet Security 2012 v12.0.0.374
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
---\\ Peer To Peer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 15
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (1%) free of 181 GB
---\\ Logged in mode
~ Computer Name: AREZKI
~ User Name: Administrateur
~ All Users Names: HelpAssistant, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 181 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 117 Go)
E:\ Floppy drive, Flash card reader, USB Key (Free 7 Go of 8 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 40 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.1A5B88015B3823D31C5842DE0DBFE842] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/05/2012 - 16:06:36.) -- C:\WINDOWS\system32\wininet.dll [916992]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/23
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 2/9299
~ Mon Bureau (My Desktop) : 1/820
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 23s
---\\ Processus lancés
[MD5.6C9D5BADC8F83D410A278717C2EEA6F6] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448] [PID.1900]
[MD5.71A56E43DDCE106416E45A42106DAA19] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [18791456] [PID.1912]
[MD5.5FD0A7F1966B0FA55F39CFA38B82A4B2] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe [406944] [PID.1928]
[MD5.E5AE6E63005A79FA54859EFB75003A51] - (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintDisp.) -- C:\WINDOWS\system32\PrintDisp.exe [826368] [PID.1936]
[MD5.653951958059071B7BF4E1A21134CC15] - (.Pas de propriétaire - HIPL2000Popup MFC Application.) -- C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe [126976] [PID.2004]
[MD5.04663A391E779815ACED5F071EA51B79] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [129536] [PID.2016]
[MD5.260440CBC6512C43B55F4AEBD45F3999] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [164352] [PID.2044]
[MD5.3760DFC12A4DDA6101EFAC4AA28BB5FC] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [141312] [PID.124]
[MD5.D078198A9674114551D0DF6BB706B475] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1015808] [PID.172]
[MD5.C0E0151199EC1BE8007438308616BC06] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880] [PID.204]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176] [PID.228]
[MD5.588299FCCD50C786F50F5DCD958B0848] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3474840] [PID.248]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18642024] [PID.324]
[MD5.746886D62F5912C366A25B01D3A971F0] - (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe [1044560] [PID.440] =>P2P.µTorrent
[MD5.07CBAD62FAE42E81487150F0D81EF334] - (.CANON INC. - Canon Advanced Printing Technology Status M.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.exe [181624] [PID.716]
[MD5.2675908EF1C2CEFC3A9CC0D817A52076] - (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.exe [1119624] [PID.732]
[MD5.B1AD855A9EE2BED8F96E5C3285EBA4AB] - (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe [192856] [PID.448]
[MD5.E2310ECEAA1E0DE0EE8FE32C7BAB3422] - (.L'Aventure Multimedia - Dictionnaire MediaDICO pour Windows.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDICO38.exe [281088] [PID.1152]
[MD5.FB3784D0A806A85952199E0FFCBEE06B] - (.L'Aventure Multimedia - Reconnaissance Automatique de Caractères.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\Rac38.exe [200792] [PID.2060]
[MD5.249A44DCFA2500EB1C020E33A3E9F25B] - (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [163328] [PID.2616]
[MD5.F195FBC375342BD25C936982245A8FB0] - (.Wireless Service - ANIWZCS2 Service Launcher.) -- C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976] [PID.1884]
[MD5.4DB0907D750E0810309F8D8FA36625A6] - (.Pas de propriétaire - ANIWConnService.) -- C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [40960] [PID.1276]
[MD5.1758AF653723679E3746FC7DDD93C69B] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.692]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.228]
[MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.2836]
[MD5.76B35CB0F3A4E69D6DFF27F542B9F856] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe [216968] [PID.2996]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.3008]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.3144]
[MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [769432] [PID.2352]
[MD5.81DBFB92EC47CAC5A7DBAC688886C212] - (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintCtrl.) -- C:\WINDOWS\system32\PrintCtrl.exe [65536] [PID.3396]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3400]
[MD5.753D254205E0A62100A050BD8B458D06] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000] [PID.3416]
[MD5.2BD5E2941074788FC5765CFBBA4B3DE9] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [257536] [PID.600]
[MD5.731DC94E205541B848B92A098E3AFB06] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7510016] [PID.3788]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.428]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 34
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} Clé orpheline
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKLM\..\Run: [PrintDisp] . (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintDisp.) -- C:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [Synchronization Manager] . (.Microsoft Corporation - Gestionnaire de synchronisation Microsoft.) -- C:\WINDOWS\system32\mobsync.exe
O4 - HKLM\..\Run: [NeroCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (.not file.)
O4 - HKLM\..\Run: [HyperappelPL] . (.Pas de propriétaire - HIPL2000Popup MFC Application.) -- C:\Program Files\Larousse\Petit Larousse 2005\bin\HIPL2002Popup.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [D-Link D-Link DWA-525] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKCU\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe (.not file.)
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - HKCU\..\Run: [DrvUpdater] . (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [MediaDICO38] . (.L'Aventure Multimedia - Pas de description.) -- C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [CNAP2 Launcher] . (.CANON INC. - Canon Advanced Printing Technology Printer.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.exe
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe (.not file.)
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Administrateur\Application Data\uTorrent\uTorrent.exe =>P2P.µTorrent
O4 - HKUS\S-1-5-21-436374069-1844237615-682003330-500\..\Run: [DrvUpdater] . (.Pas de propriétaire - DRP Su Updater.) -- C:\Documents and Settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) . (.Pas de propriétaire - ANIWConnService.) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
O23 - Service: (Printer Control) . (.ActMask Co.,Ltd - https://www.all2pdf.com/ - PrintCtrl.) - C:\WINDOWS\system32\PrintCtrl.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 13 Legitimates Filtered in 00mn 09s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job [300]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job [300]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Express Files Updater.job [290]
[MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
~ Scheduled Task: 20 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: PCCOMPTA Windows - (...) [HKLM] -- PCCOMPTA Windows
O42 - Logiciel: PIXresizer - (.Bluefive software.) [HKLM] -- PIXresizer_is1
O42 - Logiciel: Remo Recover 4.0 - (.Remo Software.) [HKLM] -- {A573D759-F894-448D-A420-3A9C31879F88}_is1
~ Logic: 188 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\BlueFive]
[HKCU\Software\Gestion PME]
[HKCU\Software\IncrediMail]
[HKCU\Software\Liter]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\onthegoSoft]
[HKLM\Software\InstallIQ]
[HKLM\Software\Ipgoal22]
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\csc22]
[HKLM\Software\onthegoSoft]
~ Key Software: 254 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/01/2012 - 10:23:12 - [58,551] ----D C:\Program Files\DLG
O43 - CFD: 02/06/2013 - 14:26:15 - [0,123] ----D C:\Program Files\GameTop.com
O43 - CFD: 05/12/2012 - 08:03:42 - [0,000] ----D C:\Program Files\OpenApp
O43 - CFD: 25/10/2012 - 08:47:44 - [2,245] ----D C:\Program Files\PIXresizer
O43 - CFD: 31/03/2013 - 14:07:55 - [57,514] ----D C:\Program Files\Remo Recover 4.0
O43 - CFD: 22/03/2012 - 09:56:09 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\passport_photo
O43 - CFD: 26/01/2012 - 10:23:22 - [0,001] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\PCCOMPTA
~ Program Folder: 135 Legitimates Filtered in 00mn 26s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8BBBA13A2FC167ADD0FD241674B3F017] - 17/06/2013 - 11:41:39 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [1324]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 17/06/2013 - 10:34:50 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{2B8D390D-F59C-4D56-8A8C-E8D4E0D1773B} [15]
O44 - LFC:[MD5.E18797778CE5558FFCAC84E050C17B85] - 17/06/2013 - 10:33:44 ---A- . (...) -- C:\WINDOWS\system32\RaCoInst.log [2944]
O44 - LFC:[MD5.4CA820F9E392D3CFCD7005AC46CD6CDE] - 17/06/2013 - 10:22:03 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCS{556CDC57-237A-45F8-9E46-63AA0F415816} [3284]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 17/06/2013 - 10:21:48 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{556CDC57-237A-45F8-9E46-63AA0F415816} [15]
O44 - LFC:[MD5.9D7A527409107A62057BD9186A049939] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [785814]
O44 - LFC:[MD5.5020CA929B4F65B6F5D2E12D4633AD3B] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [55064]
O44 - LFC:[MD5.B2B6D0490D874A84C66DC9709F8110EC] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\comsetup.log [269699]
O44 - LFC:[MD5.D881E413872EC9D00D021CE7F68DF67B] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\iis6.log [923494]
O44 - LFC:[MD5.27FA99260071E561838C292C1C0008B0] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\imsins.log [1917]
O44 - LFC:[MD5.0D9B7BA2F51CBC611EFFA9F46EBAD107] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\netfxocm.log [137007]
O44 - LFC:[MD5.B17A48684C320D8CADF98C9DCD7E803C] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [164094]
O44 - LFC:[MD5.F196F8910058114F939A256D9AA3F5ED] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\ocgen.log [308117]
O44 - LFC:[MD5.5F0BD639C40601DFD775EF4884ECDEB7] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\tabletoc.log [38883]
O44 - LFC:[MD5.E2D68B07DF653CEAF207CF82432A912D] - 17/06/2013 - 09:48:27 ---A- . (...) -- C:\WINDOWS\tsoc.log [366452]
O44 - LFC:[MD5.337E0E2259FDA7F8DD3DA0105CDC940C] - 17/06/2013 - 09:48:25 ---A- . (...) -- C:\WINDOWS\msmqinst.log [254134]
O44 - LFC:[MD5.780D5319F18353C2185CF6E473EB9F6E] - 17/06/2013 - 09:48:18 ---A- . (...) -- C:\WINDOWS\imsins.BAK [4566]
O44 - LFC:[MD5.7C45987207901F8F73F5772E07C3F37F] - 16/06/2013 - 14:33:41 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [95314]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 16/06/2013 - 14:31:04 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 16/06/2013 - 14:30:21 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 16/06/2013 - 14:30:21 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.4FD42BC7336F3E8B033FD3914015FC67] - 16/06/2013 - 14:26:41 ---A- . (...) -- C:\WINDOWS\wmsetup.log [39199]
O44 - LFC:[MD5.776D39BC4860842CB4E4869473148EA8] - 16/06/2013 - 14:26:36 ---A- . (...) -- C:\WINDOWS\WMFDist11Uninst.log [14379]
O44 - LFC:[MD5.46AEADC40A78C7D250AAD1849A46C51E] - 16/06/2013 - 14:26:30 ---A- . (...) -- C:\WINDOWS\updspapi.log [69268]
O44 - LFC:[MD5.4CA820F9E392D3CFCD7005AC46CD6CDE] - 16/06/2013 - 10:18:02 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCS{987D8164-D566-4583-BA2A-D79F7776106E} [3284]
O44 - LFC:[MD5.3E23D0B5E185B758AB2280C2B88C06F2] - 16/06/2013 - 10:17:53 ---A- . (...) -- C:\WINDOWS\system32\ANIWZCSUSERNAME{987D8164-D566-4583-BA2A-D79F7776106E} [15]
~ Files: 46 Legitimates Filtered in 00mn 06s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\YourFileDownloader\Downloader.exe" [Enabled] .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.) =>PUP.YourFileDownloader
O47 - AAKE:Key Export SP - "C:\Program Files\YourFileDownloader\YourFile.exe" [Enabled] .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.) =>PUP.YourFileDownloader
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
O47 - AAKE:Key Export SP - "C:\Program Files\ExpressFiles\expressdl.exe" [Enabled] .(...) -- C:\Program Files\ExpressFiles\expressdl.exe (.not file.) =>Adware.ExpressFiles
~ Keys Export: 13 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewOnDrive"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableLocalMachineRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableLocalMachineRunOnce"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableCurrentUserRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisableCurrentUserRunOnce"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoShellSearchButton"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFile"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoTrayContextMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "StartMenuLogoff"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuSubFolders"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoViewOnDrive"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableLocalMachineRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableLocalMachineRunOnce"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableCurrentUserRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "DisableCurrentUserRunOnce"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoShellSearchButton"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoFile"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoTrayContextMenu"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoClose"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoLogoff"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "StartMenuLogoff"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWindowsUpdate"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuSubFolders"=0
~ MWPE Keys: 77 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 24/08/2001 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.D33B28D9ED695CCF9520D70D825F9D85] - 26/01/2012 - 10:03:23 ---A- . (.Pas de propriétaire - ANPD (NT5) Driver.) -- C:\WINDOWS\system32\ANPD.SYS [29411]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 26/01/2012 - C:\WINDOWS\system32\ANPD.sys (ANPD) .(.Pas de propriétaire - ANPD (NT5) Driver.) - LEGACY_ANPD
O64 - Services: CurCS - 22/04/2010 - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe (D_Link_DWA-525) .(.Wireless Service - ANIWZCS2 Service Launcher.) - LEGACY_D_LINK_DWA-525
O64 - Services: CurCS - 22/04/2010 - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe (D_Link_DWA-525_WPS) .(.Pas de propriétaire - ANIWConnService.) - LEGACY_D_LINK_DWA-525_WPS
O64 - Services: CurCS - 12/02/2009 - C:\WINDOWS\system32\drivers\rsdrv.sys (ElRawDisk) .(.EldoS Corporation - RawDisk Driver. Allows write access to file.) - LEGACY_ELRAWDISK
~ Legacy: 137 Legitimates Filtered in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <exefile>[HKU\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0E6AFA52-71BA-4915-BBDF-7C4A6939E9C8} - (Search the web (Softonic)) - https://en.softonic.com =>Adware.IMBooster
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {849F163C-F6D0-44DF-9CFD-5E1B43D74232} - (Web Search) - http://ww7.certified-toolbar.com =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKCU] {D3AC38B3-A712-41CA-9B31-A79CAE1EEDE6} - (Search Here) - http://www.mysearchresults.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} - (mail.ru: ????? ? ?????????) - https://go.mail.ru/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.3CB26C7182D672392234819B7454BDE9] [SPRF][06/03/2013] (...) -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\d3d9caps.dat [664]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][17/06/2013] (...) -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe [632031]
[MD5.9A2347903D6EDB84C10F288BC0578C1C] [SPRF][18/06/2013] (.Trend Micro Inc. - HijackThis.) -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe [388608]
[MD5.3AA4A56B5A4E4F9FB086301C0B9221E6] [SPRF][17/06/2013] (.Norman AS - Norman Malware Cleaner.) -- C:\Documents and Settings\Administrateur\Bureau\Norman_Malware_Cleaner.exe [250832648]
[MD5.ADEE2448ACB28BDF831CD3B8DB550ABD] [SPRF][18/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.exe [5679832]
~ Files: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : v2.12486 - (16/06/2013)
Clés trouvées (Keys found) : 21
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}] =>Trojan.BHO
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\InstallIQ] =>Toolbar.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}] =>Adware.Agent
[HKLM\Software\Google\Chrome\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol] =>Toolbar.Conduit
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
~ Additionnel Scan: 175530 Items scanned in 00mn 13s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 28/05/2013 163328 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 31/10/2012 206448 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 22/04/2010 126976 | (D_Link_DWA-525) . (.Wireless Service.) - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe
SR - | Auto 40960 | (D_Link_DWA-525_WPS) . (...) - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
SS - | Auto 27/01/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 27/01/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 26/02/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 28/10/2009 65536 | (Printer Control) . (.ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM.) - C:\WINDOWS\system32\PrintCtrl.exe
SR - | Auto 13/08/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 01s
~ 1035 Legitimates filtered by white list
End of the scan (540 lines in 01mn 44s)(0)
A voir également:
- Virus qui modifié le thème et désactive le son
- Pave tactile desactive - Guide
- Compte facebook désactivé - Guide
- Gertrude a préparé la liste des affaires à prendre pour l'excursion. juliette a modifié cette liste en utilisant le mode suivi des modifications proposé par le traitement de texte. - Guide
- Theme sombre chrome - Guide
- Récupérer compte yahoo désactivé - Guide
1 réponse
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
18 juin 2013 à 18:25
18 juin 2013 à 18:25
bonjour, System drive C: has 3 GB (1%) free of 181 GB
commence par faire de la place sur ton DD car tu risque de planter car tu as que 1% d'espace libre et il faut un minimum de 10% d'espace libre pour que windows fonctionne normalement pour toi 18 Go serait le minimum !!
je regarde ton rapport de plus près et je reviens !
commence par faire de la place sur ton DD car tu risque de planter car tu as que 1% d'espace libre et il faut un minimum de 10% d'espace libre pour que windows fonctionne normalement pour toi 18 Go serait le minimum !!
je regarde ton rapport de plus près et je reviens !
18 juin 2013 à 18:30
passes adwcleaner mode suppression
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
si problème avec la sécurité de internet explorer regarde se lien : http://general-changelog-team.fr/fr/accueil/58-multilangue/securite/214-fausse-alerte-du-filtre-smartscreen-sur-le-telechargement-d-adwcleaner
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt