Problème avec http://www.searchnu.com/406
Bonsoir,
J'ai attrapé le virus
http://www.searchnu.com/406. Je suis débutant, alors milles excuses pour les erreurs techniques.
J'ai essayé de résoudre avec AdwCleaner "de Xplode". Rien n'a fait.
J'ai le rapport de ZHPDiag. le voici.
Pouvez vous m'aider. Cordialement.
- Code: Tout sélectionner
Rapport de ZHPDiag v2013.4.6.35 par Nicolas Coolman, Update du 06/04/2013
Run by David at 07/04/2013 18:13:32
State : Version à jour.
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox 20.0 v20.0 (Defaut)
GCIE: Google Chrome v26.0.1410.43
---\\ Windows Product Information
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1975 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 12 GB (14%) free of 83 GB
---\\ Logged in mode
~ Computer Name: MAISON
~ User Name: David
~ All Users Names: SUPPORT_388945a0, HelpAssistant, David, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\David\Application Data\
~ %Desktop% : C:\Documents and Settings\David\Bureau\
~ %Favorites% : C:\Documents and Settings\David\Favoris\
~ %LocalAppData% : C:\Documents and Settings\David\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\David\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 12 Go of 83 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 161 Go of 215 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.52483379CBFA607F09525E69DBF9F210] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2013 - 11:48:31.) -- C:\WINDOWS\system32\wininet.dll [671232]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.CBC3DEF409549672B915FB9403D63F74] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.27/10/2004 - 14:21:36.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [138240]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1932
~ Mes musiques (My Musics) : 13/105
~ Mes Videos (My Videos) : 2/19
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 2/2876
~ Mon Bureau (My Desktop) : 1/844
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1580]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1732]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1744]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1824]
[MD5.1758AF653723679E3746FC7DDD93C69B] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.244]
[MD5.575ED0F5DCB34E5C243D2A7EBC860484] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [53248] [PID.332]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [154136] [PID.392]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.456]
[MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe [213384] [PID.528]
[MD5.44CD00EC8A07C690B9B05BA34B99FBF6] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\System32\igfxtray.exe [98304] [PID.1232]
[MD5.44C86D7970E00204CA677880489A5746] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\System32\hkcmd.exe [86016] [PID.1200]
[MD5.4CEAEE08310DAF5F86155839A5953DF2] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\System32\igfxpers.exe [81920] [PID.1328]
[MD5.1BE6FBEE744B1F35A8A57D7468DAA686] - (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776] [PID.1344]
[MD5.5A25A52B38E8406AAFD2E04325321165] - (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088] [PID.1800]
[MD5.3DF7AC30A381C57D0C70EAEFEE3C4EF2] - (.Google Inc. - Gmail Notifier.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232] [PID.1908]
[MD5.A7D1D48117611A0EBA1893C2240CFCE8] - (.TechCity Solutions France - BTLiveUpdate.) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe [103936] [PID.1944]
[MD5.340E2938AB37C3C01DC76C93157323DC] - (.Western Digital Technologies, Inc. - WD Spindown Utility.) -- C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe [278528] [PID.2068]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [81920] [PID.2168]
[MD5.4AFFDCAADCB1DBBFFAF06C7F82E7F6FC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421776] [PID.2292]
[MD5.2589FFE360BED8F824CBC6171CB5B874] - (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304] [PID.2300]
[MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.2308]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2320]
[MD5.EF1ECB9DF42AF6BF7514BB5EBC5C59EC] - (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968] [PID.2380]
[MD5.2B947855263AC91C9E7509682AE70F3B] - (.Realtek Semiconductor Corp. - RtWLan ( For XP/2003) Application.) -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [966656] [PID.2484]
[MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224] [PID.2536]
[MD5.8250FC644144DE71CE06D4E6EE8FD728] - (.Nuance Communications, Inc. - Dragon NaturallySpeaking for Windows.) -- C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [2520680] [PID.2576]
[MD5.98D472ECFBC0E8ED25A0483E765F42B6] - (...) -- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe [560472] [PID.2624]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3016]
[MD5.BC0EA61246F8D940FBC5F652D337D6BD] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [821648] [PID.3444]
[MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.4048]
[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe [507312] [PID.156]
[MD5.7A6638028D84C2B87EAB6D0A0F38A095] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6535680] [PID.2532]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\tfitot8l.default\prefs.js
M3 - MFPP: Plugins - [David] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml
M0 - MFSP: prefs.js [David - tfitot8l.default] about:home
M2 - MFEP: prefs.js [David - tfitot8l.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL
P2 - FPN: [HKLM] [@Diginext.fr/VirtualGeoGP] - (.DIGINEXT - VirtualGeoGP Plugin v3.1.0.1731.) -- C:\Program Files\VirtualGeo3-GP\WebPlugin\Win32\npQtAPI3DPlugin.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 35 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.4".) (No version) -- (.not file.)
~ IE Browser: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 14611
---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 4 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{4daac69c-cba7-45e2-9bc8-1044483d3352} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] . (.Analog Devices, Inc. - Audio Control Panel.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
O4 - HKLM\..\Run: [JMB36X Configure] . (.JMicron Technology Corp. - JMB36X RAID Configurer.) -- C:\WINDOWS\System32\JMRaidTool.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] . (.Google Inc. - Gmail Notifier.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BboxUpdate] . (.TechCity Solutions France - BTLiveUpdate.) -- C:\Program Files\BboxUpdate\BTLiveUpdate.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
O4 - HKLM\..\Run: [WD Spindown Utility] . (.Western Digital Technologies, Inc. - WD Spindown Utility.) -- C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] . (.Nuance Communications, Inc. - SSBkgdUpdate.) -- C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [DNS7reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Fichiers communs\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.exe
O4 - HKCU\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1547161642-1035525444-725345543-1003\..\Run: [EPSON SX110 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.exe
O4 - HKUS\S-1-5-21-1547161642-1035525444-725345543-1003\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-21-1547161642-1035525444-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1547161642-1035525444-725345543-1003\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Bridge CS5.lnk . (.Adobe Systems, Inc. - Adobe Bridge CS5.) -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
O4 - GS\Programs: Adobe Device Central CS5.lnk . (.Adobe Systems Inc. - Adobe Device Central CS5.) -- C:\Program Files\Adobe\Adobe Device Central CS5\DeviceCentral.exe
O4 - GS\Programs: Adobe ExtendScript Toolkit CS5.lnk . (.Adobe Systems Incorporated - ExtendScript Toolkit CS5 and Debugger (32 b.) -- C:\Program Files\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe
O4 - GS\Programs: Adobe Extension Manager CS5.lnk . (.Adobe Systems Incorporated - Adobe Extension Manager CS5.) -- C:\Program Files\Adobe\Adobe Extension Manager CS5\Adobe Extension Manager CS5.exe
O4 - GS\Programs: Adobe Help.lnk . (...) -- C:\Program Files\Adobe\Adobe Help\Adobe Help.exe
O4 - GS\Programs: Adobe Photoshop CS5.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS5.) -- C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe
O4 - GS\Programs: Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: NIKON IMAGE SPACE UPLOADER.lnk . (...) -- C:\Program Files\NIKON IMAGE SPACE UPLOADER\NIKON IMAGE SPACE UPLOADER.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 4 Legitimates Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.fr
O15 - Trusted Zone: [HKCU\...\Domains] http.geoportail.gouv.fr
O15 - Trusted Zone: [HKCU\...\Domains] http.localhost
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplay.com
O15 - Trusted Zone: [HKLM\...\Domains] *.canalplusactive.com
O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.fr
O15 - Trusted Zone: [HKLM\...\Domains] http.geoportail.gouv.fr
O15 - Trusted Zone: [HKCU\...\EscDomains] http.geoportail.fr
O15 - Trusted Zone: [HKCU\...\EscDomains] http.geoportail.gouv.fr
O15 - Trusted Zone: [HKLM\...\EscDomains] http.geoportail.fr
O15 - Trusted Zone: [HKLM\...\EscDomains] http.geoportail.gouv.fr
~ IE Zone Confiance: Scanned in 00mn 01s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A9B69202-2216-4653-9B73-DD40F224C39E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 5 Legitimates Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 9 Legitimates Scanned in 00mn 04s
---\\ Enumération Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
~ IE Control Panel: 11 Legitimates Scanned in 00mn 00s
---\\ Composants installés (ActiveSetup Installed Components) (O40)
~ Active Setup: 20 Legitimates Scanned in 00mn 00s
---\\ Pilotes lancés au démarrage (O41)
~ Drivers: 69 Legitimates Scanned in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Common File Installer - (.Adobe System Incorporated.) [HKLM] -- {8EDBA74D-0686-4C99-BFDD-F894678E5101}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.5.4 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A95000000001}
O42 - Logiciel: Autopano Pro - (.Kolor.) [HKLM] -- Autopano Pro
O42 - Logiciel: Avira Free Antivirus - (.Avira.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: BorderMaker - (.SEMANTICA.) [HKLM] -- BorderMaker
O42 - Logiciel: Géorando Alpes du Nord - (.IGN France.) [HKLM] -- {BB1F1E4E-D9AC-4AAC-A8C4-3827CAA94D66}
O42 - Logiciel: IGN Rando - (...) [HKLM] -- {8C4450E1-14A7-4F89-936A-335A216D3C7D}
O42 - Logiciel: JMB36X Raid Configurer - (.JMICRON Technology Corp..) [HKLM] -- {3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}
O42 - Logiciel: Java 7 Update 15 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217015FF}
O42 - Logiciel: RescuePRO 3.3 - (...) [HKLM] -- RescuePRO-3.0
O42 - Logiciel: RescuePRO 4.0 - (.LC Technology International, Inc..) [HKLM] -- {52BBFD55-F411-42DA-ADD5-309C072BB163}_is1
O42 - Logiciel: Spyder2express - (...) [HKLM] -- Spyder2express
O42 - Logiciel: WD Diagnostics - (.Western Digital Technologies.) [HKLM] -- {0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
O42 - Logiciel: WD Spindown or Stop Utility for External Drive, v1.00 - (.Western Digital Technologies.) [HKLM] -- {BE6F412F-C276-4FD8-B3E1-F996CC172776}
~ Logic: 174 Legitimates Scanned in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ColorVision]
[HKCU\Software\Console]
[HKCU\Software\Core Data Application]
[HKCU\Software\Dance Kit]
[HKCU\Software\LC Technology]
[HKCU\Software\LitexMedia]
[HKCU\Software\Pando Networks]
[HKCU\Software\Smart PC Solutions]
[HKLM\Software\Adobe Systems Incorporated]
[HKLM\Software\Dictionaries]
[HKLM\Software\Diginext]
[HKLM\Software\Digital Mono]
[HKLM\Software\Distortion]
[HKLM\Software\Gradient]
[HKLM\Software\IGN France]
[HKLM\Software\LOXANE]
[HKLM\Software\Pando Networks]
[HKLM\Software\PrinterCalibrationRef]
[HKLM\Software\SPACEYES]
[HKLM\Software\STAR]
[HKLM\Software\Set8188SU]
[HKLM\Software\Set8191SU]
[HKLM\Software\Set8192GU]
[HKLM\Software\Set8192SU]
[HKLM\Software\Set8712]
~ Key Software: 261 Legitimates Scanned in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/10/2010 - 09:50:51 - [4,825] ----D C:\Program Files\BorderMaker
O43 - CFD: 31/03/2011 - 20:44:13 - [68,426] ----D C:\Program Files\ColorVision
O43 - CFD: 20/05/2011 - 18:15:10 - [-61,911] ----D C:\Program Files\IGN France
O43 - CFD: 02/11/2010 - 11:40:59 - [69,619] ----D C:\Program Files\IGN Rando
O43 - CFD: 26/10/2010 - 17:13:12 - [2,861] ----D C:\Program Files\Maïdo Production
O43 - CFD: 18/12/2011 - 12:41:33 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 22/07/2012 - 19:16:51 - [60,114] ----D C:\Program Files\RescuePRO
O43 - CFD: 19/10/2010 - 22:01:31 - [5,839] ----D C:\Program Files\RescuePRO DEMO
O43 - CFD: 20/10/2010 - 10:55:03 - [3,272] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 05/02/2011 - 12:07:11 - [0,004] ----D C:\Documents and Settings\David\Application Data\georando
O43 - CFD: 22/07/2012 - 19:34:38 - [0,001] ----D C:\Documents and Settings\David\Local Settings\Application Data\DIGINEXT
O43 - CFD: 11/11/2010 - 18:08:06 - [33,915] ----D C:\Documents and Settings\David\Local Settings\Application Data\Installer1196
O43 - CFD: 23/11/2010 - 10:38:44 - [30,447] ----D C:\Documents and Settings\David\Local Settings\Application Data\Installer1892
O43 - CFD: 15/10/2010 - 16:22:39 - [0,002] ----D C:\Documents and Settings\David\Menu Démarrer\Programmes\Autopano Pro
O43 - CFD: 27/10/2010 - 09:50:51 - [0,001] ----D C:\Documents and Settings\David\Menu Démarrer\Programmes\BorderMaker
O43 - CFD: 15/10/2010 - 15:22:33 - [0,002] ----D C:\Documents and Settings\David\Menu Démarrer\Programmes\Gmail Notifier
O43 - CFD: 24/11/2010 - 17:54:25 - [0,004] ----D C:\Documents and Settings\David\Menu Démarrer\Programmes\WD Diagnostics
O43 - CFD: 29/11/2010 - 18:25:28 - [0,004] ----D C:\Documents and Settings\David\Menu Démarrer\Programmes\WD Spindown or Stop Utility
~ Program Folder: 181 Legitimates Scanned in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0489DEB94AFE525CA4A1BFE05FD4F596] - 07/04/2013 - 17:03:22 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.4E642D7B5C91A626352B144F353EC9F5] - 07/04/2013 - 17:03:22 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.21E8AD7AAB0A01E57FABEEE0D6B6B0E2] - 06/04/2013 - 18:18:46 ---A- . (...) -- C:\AdwCleaner[S2].txt [1620]
O44 - LFC:[MD5.DE85EE6DE724FBF50FD4005C29C6D8C0] - 06/04/2013 - 18:16:48 ---A- . (...) -- C:\AdwCleaner[R3].txt [1557]
O44 - LFC:[MD5.6639CE52AB7B03C2D762812C18D17F52] - 06/04/2013 - 11:25:12 ---A- . (...) -- C:\AdwCleaner[S1].txt [10950]
O44 - LFC:[MD5.B363E5B62105A9DC6A6443DA2E2E4FB6] - 06/04/2013 - 11:23:39 ---A- . (...) -- C:\AdwCleaner[R2].txt [10833]
O44 - LFC:[MD5.41BE41EEC7134E0D90732D9047905DF6] - 06/04/2013 - 11:20:17 ---A- . (...) -- C:\AdwCleaner[R1].txt [12367]
O44 - LFC:[MD5.CFB777B596F93ECCA2D90FED0A3284E4] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1877443]
O44 - LFC:[MD5.A7FFAE54ABC1FC542ABC474C6A4B0C2F] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\comsetup.log [516835]
O44 - LFC:[MD5.A19C3E904F8B7CB95BB197CAD5B91512] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\iis6.log [86862]
O44 - LFC:[MD5.B85E308702887E80931DFDBAFB73A98D] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.5FC0DB19DF7904D9B70E1EE1BA2E701E] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\medctroc.Log [131174]
O44 - LFC:[MD5.BA843E74A1A61335C4A585D374B63DDE] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\msgsocm.log [94287]
O44 - LFC:[MD5.6D652B3080620FB6DB31ED7CC605A43D] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\netfxocm.log [329525]
O44 - LFC:[MD5.7E70D734761B48488FC1FE9632313FAF] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [311495]
O44 - LFC:[MD5.BA7B82EBECA4826EC28E14805C58B809] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\ocgen.log [913734]
O44 - LFC:[MD5.1961BA8A2C1184FE3224C2CCC8A05FB5] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\ocmsn.log [83931]
O44 - LFC:[MD5.1687321B4C749185A1515E970832028C] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\tabletoc.log [95591]
O44 - LFC:[MD5.79446BFD82B30C49F43FD654955E08A9] - 15/03/2013 - 21:54:31 ---A- . (...) -- C:\WINDOWS\tsoc.log [863744]
O44 - LFC:[MD5.94AF1EFD63A23D0DCFA8B11C4E4110E1] - 15/03/2013 - 21:54:30 ---A- . (...) -- C:\WINDOWS\msmqinst.log [592700]
O44 - LFC:[MD5.9492E34132F7E83BE44B4A966E39D310] - 13/03/2013 - 21:28:08 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.73A9771531A4472B04F00C235EC34D1B] - 13/03/2013 - 21:28:03 ---A- . (...) -- C:\WINDOWS\updspapi.log [227911]
~ Files: 39 Legitimates Scanned in 00mn 36s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe" [Enabled] .(.Realtek Semiconductor Corp..) -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\David\Application Data\Wuala\Roaming\Wuala.exe" [Enabled] .(...) -- C:\Documents and Settings\David\Application Data\Wuala\Roaming\Wuala.exe (.not file.)
~ Keys Export: 16 Legitimates Scanned in 00mn 01s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 6 Legitimates Scanned in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
~ CBS: 21 Legitimates Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 9 Legitimates Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe
~ SMSR Keys: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 6 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
~ MWPS: 5 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 2 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.AB0D9669BAB1009E48CC91117E59912B] - 02/05/2006 - 10:12:06 R--A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\ADIHdAud.sys [229376]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 24/04/2003 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - 29/07/2008 - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (FontCache3.0.0.0) .(.Microsoft Corporation - PresentationFontCache.exe.) - LEGACY_FONTCACHE3.0.0.0
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\msgpc.sys (Gpc) .(.Microsoft Corporation - MS General Packet Classifier.) - LEGACY_GPC
O64 - Services: CurCS - 20/10/2009 - C:\WINDOWS\system32\Drivers\HTTP.sys (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec) .(.Microsoft Corporation - IPSec Driver.) - LEGACY_IPSEC
O64 - Services: CurCS - 07/02/2006 - C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JGOGO) .(.JMicron - SCSI Port upper filter driver.) - LEGACY_JGOGO
O64 - Services: CurCS - 19/06/2003 - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe (MDM) .(.Microsoft Corporation - Machine Debug Manager.) - LEGACY_MDM
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\Drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Mount Manager.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\mrxdav.sys (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - 15/07/2011 - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (MRxSmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\msdtc.exe (MSDTC) .(.Microsoft Corporation - MS DTC console program.) - LEGACY_MSDTC
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\msiexec.exe (MSIServer) .(.Microsoft Corporation - Windows® installer.) - LEGACY_MSISERVER
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 28/07/2003 - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.exe (ose) .(.Microsoft Corporation - Office Source Engine.) - LEGACY_OSE
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\Drivers\PartMgr.sys (PartMgr) .(.Microsoft Corporation - Partition Manager.) - LEGACY_PARTMGR
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\lsass.exe (PolicyAgent) .(.Microsoft Corporation - LSA Shell (Export Version).) - LEGACY_POLICYAGENT
O64 - Services: CurCS - 24/04/2003 - C:\WINDOWS\system32\DRIVERS\rasacd.sys (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\rdbss.sys (Rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - 24/04/2003 - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 17/08/2010 - C:\WINDOWS\system32\spoolsv.exe (Spooler) .(.Microsoft Corporation - Spooler SubSystem App.) - LEGACY_SPOOLER
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\DRIVERS\sr.sys (sr) .(.Microsoft Corporation - Pilote de filtre de système de fichiers pou.) - LEGACY_SR
O64 - Services: CurCS - 17/02/2011 - C:\WINDOWS\system32\DRIVERS\srv.sys (Srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\smlogsvc.exe (SysmonLog) .(.Microsoft Corporation - Service des alertes et des journaux de perf.) - LEGACY_SYSMONLOG
O64 - Services: CurCS - 20/06/2008 - C:\WINDOWS\system32\DRIVERS\tcpip.sys (Tcpip) .(.Microsoft Corporation - TCP/IP Protocol Driver.) - LEGACY_TCPIP
O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\DRIVERS\wanarp.sys (Wanarp) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARP
O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\System32\wbem\wmiapsrv.exe (WmiApSrv) .(.Microsoft Corporation - Service de la carte de performance WMI.) - LEGACY_WMIAPSRV
O64 - Services: CurCS - 28/09/2006 - C:\WINDOWS\system32\DRIVERS\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 135 Legitimates Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.js> <jsfile>[HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS3.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <MSN Explorer> <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services démarrés par Svchost (O83)
~ Services: 41 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.DAEE914ABCF0081AAF23689E4A8C27DD] [SPRF][14/09/2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r85.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2826192]
[MD5.3F4413DCD8D3BBABF08F68F25E6D60E1] [SPRF][16/02/2005] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [401408]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.11473 - (06/04/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
~ Additionnel: Scanned in 00mn 15s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "3933DAC50CEEEC44F939CBAA63B577BF" . (.Nikon Movie Editor.) -- C:\WINDOWS\Installer\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}\ARPPRODUCTICON.exe
~ Update Products: 90 Legitimates Scanned in 00mn 00s
---\\ MyComputer Name Space (O92)
O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Legitimates Scanned in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/10/2010 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 01/04/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 01/04/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 11/11/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 15/10/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/10/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/01/2007 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 09/09/2012 821648 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 24/02/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 24/07/2005 53248 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
SR - | Auto 07/10/2009 154136 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
SS - | Demand 03/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
~ Services: Scanned in 00mn 00s
~ 993 Legitimates filtered by white list
End of the scan (681 lines in 01mn 10s)(0)