aussitot demandé aussitot fait
~ Rapport de ZHPDiag v2013.10.4.9 - Nicolas Coolman (04/10/2013)
~ Lancé par odile (05/10/2013 14:20:13)
~ Adresse du Site Web
http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16686
GCIE: Google Chrome v30.0.1599.69 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.3.0216.0
Windows Defender W7
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 386 GB (84%) free of 458 GB
---\\ Mode de connexion au système
~ Computer Name: ODILE-PC
~ User Name: odile
~ All Users Names: UpdatusUser, odile, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\odile\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\odile\AppData\Roaming\
~ %Desktop% : C:\Users\odile\Desktop\
~ %Favorites% : C:\Users\odile\Favorites\
~ %LocalAppData% : C:\Users\odile\AppData\Local\
~ %StartMenu% : C:\Users\odile\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 386 Go of 458 Go)
D: Hard drive, Flash drive, Thumb drive (Free 458 Go of 458 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AAFA952E774DDDB0956D3BDFAE5B5B99] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2013 - 06:22:18.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2576
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/52
~ Mes Documents (My Documents) : 2/262
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.0D3745CA2F064F2D6B6388C6AA5D3BC7] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.252]
[MD5.6BB84262CF78A16DC79D0A5DA441D7D3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8042496] [PID.620]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.812]
[MD5.6D9FC1E7EA3C548F4D3455F0C3FEEF8C] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 7.0 (component).) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312] [PID.1576]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1828]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496] [PID.1888]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files (x86)\Tor\tor.exe [3233806] [PID.480]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160] [PID.1644]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\odile\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =Toolbar.BubbleDock
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial v.8.0.1, (Désactivé) =Adware.MyWebSearch
~ Google Browser: 15 Legitimates Filtered in 00mn 16s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@squareclock.com/SQ3DPlayer.Production_Castorama_Internet] - (...) -- C:\Users\odile\AppData\Local\SquareClock.Production_Castorama_Internet\NPSQ3D.dll (.not file.)
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Norton Online Backup.lnk . (...) -- C:\Windows\Installer\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}\Icon.ico (.not file.)
O4 - GS\Desktop [Public]: Packard Bell GameZone Console.lnk . (.Oberon Media - Packard Bell GameZone Console.) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\Packard Bell Game Console.exe
O4 - GS\Desktop [Public]: User's Guide (Packard Bell InfoCentre).lnk . (.Acer Incorporated - InfoCentre Web Browser.) -- C:\Program Files (x86)\Packard Bell\InfoCentre\InfoCtr.exe
O4 - GS\Desktop [Public]: VAFPlayer.lnk . (...) -- C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}\_AAA051C67F9CDDC2624EB5.exe (.not file.) =PUP.VAFPlayer
O4 - GS\QuickLaunch [odile]: les-pages.com.lnk - Clé orpheline
O4 - GS\QuickLaunch [odile]: Renseignements telephonique.lnk - Clé orpheline
O4 - GS\QuickLaunch [odile]: Vos Démarches Administratives.lnk - Clé orpheline
O4 - GS\Desktop [odile]: Bubble Dock.lnk . (...) -- C:\Users\odile\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =Toolbar.BubbleDock
O4 - GS\Desktop [odile]: C_y._joyeux_noel - Raccourci.lnk . (...) -- C:\Users\odile\Videos\C_y._joyeux_noel.pps
O4 - GS\Desktop [odile]: Images - Raccourci.lnk . (...) -- C:\Users\odile\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
O4 - GS\Desktop [odile]: Metaboli - Téléchargement de jeux vidéos.lnk . (...) -- C:\Program Files (x86)\Packard Bell\metaboli\MetaBoli.exe
~ Global Startup: 88 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-4109335938-1214908838-3114566061-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{BE05B85D-9BF2-45EC-A27E-8A2B4957965A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: Updater Service (Updater Service) . (.Acer - Acer Update Service.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
~ Services: 11 Legitimates Filtered in 00mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.5F4C2A882A1A0C56F5B1E8C352B298FF] [APT] [CPU Grid Computing] (...) -- C:\Windows\SysWOW64\dfrg\runner.exe [186368]
[MD5.00000000000000000000000000000000] [APT] [Test TimeTrigger] (...) -- C:\Users\odile\AppData\Local\Temp\Runner.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{46ADB59F-1C90-47A6-A88C-2C0CE22F120E}] (...) -- C:\Program Files (x86)\DnsBasic\uninstall.exe (.not file.) [0] =PUP.Zwangi
[MD5.00000000000000000000000000000000] [APT] [{D6E1A612-C2F7-439C-B737-6FBBDAAE7C35}] (...) -- C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe (.not file.) [0] =Adware.DomaIQ
~ Scheduled Task: 12 Legitimates Filtered in 00mn 03s
---\\ HKCU HKLM Software Keys
[HKLM\Software\Wow6432Node\FTI]
[HKLM\Software\Wow6432Node\IncrediMail]
~ Key Software: 158 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/05/2013 - 15:32:39 - [0] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 25/06/2013 - 09:17:43 - [0] ----D C:\Users\odile\AppData\Local\Updater12765 =PUP.CrossRider
~ Program Folder: 141 Legitimates Filtered in 00mn 14s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.E2A43F93CA4DC4EA0CF2B2700D1992A8] - 05/10/2013 - 09:32:13 ---A- . (...) -- C:\Windows\wininit.ini [6746]
O44 - LFC:[MD5.0145242DC7339A1ACF8FF2D143814C69] - 05/10/2013 - 11:13:44 ---A- . (...) -- C:\JRT.txt [127694]
~ Files: 9 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.222DD334491193FFDEE35F3B24B25D9E] - 02/10/2013 - 02:27:14 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-86EB8BEB.pf =PUP.BitGuard
O45 - LFCP:[MD5.A1242814F0140C50D6D1CB7229D0D344] - 03/10/2013 - 07:14:00 ---A- - C:\Windows\Prefetch\WKSSS.EXE-808251D1.pf
O45 - LFCP:[MD5.33602CDC6154DA6BFE90BB768EC6D28E] - 05/10/2013 - 09:55:01 ---A- - C:\Windows\Prefetch\EF.EXE-8480D680.pf
O45 - LFCP:[MD5.7249006D919111409FB1D857675029DE] - 05/10/2013 - 09:55:01 ---A- - C:\Windows\Prefetch\MF.EXE-B0146068.pf
O45 - LFCP:[MD5.E188631DD8172AB07CF55B5A2FF5E2D5] - 05/10/2013 - 09:55:04 ---A- - C:\Windows\Prefetch\MF.EXE-265FE7B7.pf
O45 - LFCP:[MD5.18C8B3C0288DF9574A5CD8176CC84AA8] - 05/10/2013 - 09:55:05 ---A- - C:\Windows\Prefetch\BUBBLE DOCK ADDONSUI.EXE-9683F430.pf =Toolbar.BubbleDock
O45 - LFCP:[MD5.18C41972CD98BEDE47F24793209A3104] - 05/10/2013 - 09:55:05 ---A- - C:\Windows\Prefetch\EF.EXE-FACC5DCF.pf
O45 - LFCP:[MD5.CD450EF3BEB798D772E588D383A4E740] - 05/10/2013 - 09:55:10 ---A- - C:\Windows\Prefetch\SPEEDUP.EXE-D12A1A7F.pf
O45 - LFCP:[MD5.F8D544F6782913F24F3EFD4525DD00BD] - 05/10/2013 - 09:55:14 ---A- - C:\Windows\Prefetch\PP.EXE-A1C4FD51.pf
O45 - LFCP:[MD5.D84BDD1D09018C317431A871B5386774] - 05/10/2013 - 09:55:26 ---A- - C:\Windows\Prefetch\197.EXE-F4E2C5CD.pf
O45 - LFCP:[MD5.B7E08822C068A3C56092F5788E08C933] - 05/10/2013 - 09:55:26 ---A- - C:\Windows\Prefetch\197.TMP-FD5D496B.pf
O45 - LFCP:[MD5.370B228C4A3FAA82CA1C72D3074706B4] - 05/10/2013 - 09:55:58 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-5C209D17.pf =Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.5C5EBFB02594BD715BC31D428458136A] - 05/10/2013 - 09:55:58 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-C4B9963F.pf =Rogue.SpeedUpMyPC
O45 - LFCP:[MD5.763C41C946F9314DCE3D5F957BB800BF] - 05/10/2013 - 10:21:43 ---A- - C:\Windows\Prefetch\DNSBASIC.EXE-7BC34C7C.pf =PUP.Zwangi
O45 - LFCP:[MD5.71E241726599489048CBE96007D09CBF] - 05/10/2013 - 10:35:55 ---A- - C:\Windows\Prefetch\BITGUARD.EXE-D63A8F3D.pf =PUP.BitGuard
O45 - LFCP:[MD5.DAC80D984FBC4CD1CC556407ECCB56F2] - 05/10/2013 - 10:37:15 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-65628C2F.pf
~ Prefetcher: 140 Legitimates Filtered in 00mn 01s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 27/06/2013 - 20:58:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
~ Drivers: 18 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 03/10/2013 - 07:14:15 ---A- . (...) -- C:\Users\odile\AppData\Roaming\wklnhst.dat [8906]
O61 - LFC: 03/10/2013 - 07:14:15 ---A- . (...) -- C:\Users\odile\Documents\Octobre 2013.xlr [16896]
O61 - LFC: 03/10/2013 - 07:19:23 ---A- . (...) -- C:\Users\odile\AppData\Roaming\WB.CFG [62]
O61 - LFC: 05/10/2013 - 08:32:37 ---A- . (...) -- C:\Users\odile\AppData\Local\Google\Chrome\User Data\First Run [0]
O61 - LFC: 05/10/2013 - 08:33:44 ---A- . (...) -- C:\Users\odile\AppData\Local\Google\Chrome\User Data\fr-FR-3-0.bdic [1074744]
O61 - LFC: 05/10/2013 - 10:04:19 ---A- . (...) -- C:\Users\odile\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =.Nicolas Coolman
O61 - LFC: 05/10/2013 - 10:05:28 ---A- . (...) -- C:\Users\odile\AppData\Roaming\ZHP\ZHPDiag.txt [66816] =.Nicolas Coolman
O61 - LFC: 05/10/2013 - 10:29:16 ---A- . (...) -- C:\Users\odile\AppData\Local\avgchrome\avgp [137958]
O61 - LFC: 05/10/2013 - 10:41:38 ---A- . (...) -- C:\Users\odile\Downloads\adwcleaner.exe [1045226]
O61 - LFC: 05/10/2013 - 10:41:39 ---A- . (...) -- C:\Users\odile\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [259747]
O61 - LFC: 05/10/2013 - 10:49:00 ---A- . (...) -- C:\Users\odile\Downloads\adwcleaner (1).exe [1045226]
O61 - LFC: 05/10/2013 - 13:20:03 ---A- . (...) -- C:\Users\odile\AppData\Roaming\ZHP\TestsZHPDiag.txt [2856] =.Nicolas Coolman
O61 - LFC: 05/10/2013 - 13:20:38 ---A- . (...) -- C:\Users\odile\AppData\Local\Google\Chrome\User Data\Local State [52475]
O61 - LFC: 05/10/2013 - 13:21:13 ---A- . (...) -- C:\Users\odile\AppData\Roaming\ZHP\Log.txt [58473] =.Nicolas Coolman
~ 24 Fichiers temporaires (Temporary files)
~ Files: 544 Legitimates Filtered in 01mn 39s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) -
http://www.google.com
O69 - SBI: SearchScopes [HKCU] {8E4ED2A0-8C18-402D-92FA-38803B1A7321 - (Mysearchdial) -
http://start.mysearchdial.com =Adware.MyWebSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} - (DnsBasic) -
http://www.dnsbasic.com =PUP.Zwangi
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {4C4C7AAB-5854-4241-A414-E2F1EF119C4A} - (DnsBasic) -
http://www.dnsbasic.com =PUP.Zwangi
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.57184DC9CC12566012452A47FB63B83D] [SPRF][18/05/2013] (.Setup © - Setup.) -- C:\Users\odile\AppData\Local\Temp\70093uninstall.exe [410624]
[MD5.32DCED18FFFEA0035E4FA975CA0AE8BE] [SPRF][22/04/2013] (.The Software Group - Software Update Setup.) -- C:\Users\odile\AppData\Local\Temp\BoxoreInstaller.exe [620656] =Adware.Boxore
[MD5.9182C3ECAB695D72C5937499705D68FB] [SPRF][01/10/2013] (...) -- C:\Users\odile\AppData\Local\Temp\Quarantine.exe [344601]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][18/05/2013] (...) -- C:\Users\odile\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.56DA32D02C0432C5DF8740A38DB26BF8] [SPRF][20/05/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\odile\AppData\Local\Temp\tbSea0.dll [5106464] =Toolbar.Conduit
[MD5.9A686FFBF945CA44DBDEECA7F6F941D0] [SPRF][14/04/2013] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\odile\AppData\Local\Temp\tbWis0.dll [5071648] =Toolbar.Conduit
[MD5.89505DACB8B6A97A448F3409DAB18BCD] [SPRF][20/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\odile\AppData\Local\Temp\uninst1.exe [395248] =Toolbar.Babylon
[MD5.6AA5C1C18911A059C99FBB014C9C18A3] [SPRF][03/10/2013] (...) -- C:\Users\odile\AppData\Roaming\wklnhst.dat [8906]
~ Files: 10 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{338289B7-05D1-403A-95DB-56F6C81AFC96}C:\users\odile\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\odile\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "UDP Query User{18EB671B-6E3F-4591-846F-188BE7082F93}C:\users\odile\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\odile\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =PUP.CacaoWeb
O87 - FAEL: "{6FE38D09-4463-4F41-B3AF-DE20B4D0833B}" | In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe
O87 - FAEL: "{391BECD9-EE79-4142-98DA-F709619B638B}" | Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe
O87 - FAEL: "{F9DEDD77-35E4-4705-B741-DE11911DFCA6}" |In - None - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
O87 - FAEL: "{50591649-E805-4B9F-8000-5803FAA99845}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
O87 - FAEL: "{287EF817-853D-4CAF-8A39-721E106945E9}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
O87 - FAEL: "{AE18FBAA-C590-4A36-9CA1-94A946B23CBE}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
O87 - FAEL: "{E15339BB-4587-4B49-A87E-C22F8EE526A9}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
~ Firewall: 205 Legitimates Filtered in 00mn 05s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "E17A8F77515323848B2BF2E1BD2D0E1F" . (.Bing Bar.) -- C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =Toolbar.Bing
~ Update Products: 123 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3F477D33DD7B1C483FE2959B1A13DAA9] [WIS][03/07/2013] (.Google, Inc. - Google Drive.) -- C:\Windows\Installer\3405b43.msi [31588352]
~ WIS: 123 Legitimates Filtered in 00mn 11s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 08/12/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SS - | Demand 19/09/2009 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 29/05/2009 625184 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
SR - | Auto 04/06/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
SS - | Auto 10/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 29/05/2009 207904 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 31/08/2013 3233806 | (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by odile at 05/10/2013 14:23:30
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
http://ad13.geekstog
Run by odile at 05/10/2013 14:23:32
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12937 - (04/10/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 16
[HKLM\Software\Google\Chrome\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp] =Toolbar.BubbleDock^
[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =Adware.MyWebSearch^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}] =PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =Adware.Boxore^
C:\Users\odile\AppData\Local\Updater12765 =PUP.CrossRider^
C:\Users\odile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp =Toolbar.BubbleDock^
C:\Users\odile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =Adware.MyWebSearch^
C:\Windows\Prefetch\BITGUARD.EXE-86EB8BEB.pf =PUP.BitGuard^
C:\Windows\Prefetch\BUBBLE DOCK ADDONSUI.EXE-9683F430.pf =Toolbar.BubbleDock^
C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-5C209D17.pf =Rogue.SpeedUpMyPC^
C:\Windows\Prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-C4B9963F.pf =Rogue.SpeedUpMyPC^
C:\Windows\Prefetch\DNSBASIC.EXE-7BC34C7C.pf =PUP.Zwangi^
C:\Windows\Prefetch\BITGUARD.EXE-D63A8F3D.pf =PUP.BitGuard^
C:\Users\odile\AppData\Local\Temp\BoxoreInstaller.exe =Adware.Boxore^
C:\Users\odile\AppData\Local\Temp\tbSea0.dll =Toolbar.Conduit^
C:\Users\odile\AppData\Local\Temp\tbWis0.dll =Toolbar.Conduit^
C:\Users\odile\AppData\Local\Temp\uninst1.exe =Toolbar.Babylon^
C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico =Toolbar.Bing^
~ Additionnel Scan: 255007 Items scanned in 00mn 21s
---\\ Récapitulatif des détections trouvées sur votre station
~
http://nicolascoolman.webs.com/apps/blo ... bubbledock =Toolbar.BubbleDock
~
http://nicolascoolman.webs.com/apps/blo ... ywebsearch =Adware.MyWebSearch
~
http://nicolascoolman.webs.com/apps/blo ... -vafplayer =PUP.VAFPlayer
~
http://nicolascoolman.webs.com/apps/blo ... pup-zwangi =PUP.Zwangi
~
http://nicolascoolman.webs.com/apps/blo ... are-domaiq =Adware.DomaIQ
~
http://nicolascoolman.webs.com/apps/blo ... crossrider =PUP.CrossRider
~
http://nicolascoolman.webs.com/apps/blo ... p-bitguard =PUP.BitGuard
~
http://nicolascoolman.webs.com/apps/blo ... peedupmypc =Rogue.SpeedUpMyPC
~
http://nicolascoolman.webs.com/apps/blo ... are-boxore =Adware.Boxore
~
http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~
http://nicolascoolman.webs.com/apps/blo ... ar-babylon =Toolbar.Babylon
~
http://nicolascoolman.webs.com/apps/blo ... p-cacaoweb =PUP.CacaoWeb
~
http://nicolascoolman.webs.com/apps/blo ... olbar-bing =Toolbar.Bing
~ MSI: 13 link(s) detected in 00mn 21s
~ 1669 Legitimates filtered by white list
End of the scan (484 lines in 03mn 40s)(0)
FLTL_BYEl Magnifico