Rapport de ZHPDiag v2013.5.20.139 par Nicolas Coolman, Update du 20/05/2013 Run by melanie at 21/05/2013 12:01:37 WebSite: http://nicolascoolman.wix.com/nicolascoolman State : Problème connexion internet WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 21.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection avast! Free Antivirus v7.0.1474.0 Ad-Aware v8.1.0 ---\\ System Optimizer CCleaner v3.04 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 10 Plugin Adobe Reader 9.4.5 - Français ---\\ System Information ~ Processor: x86 Family 15 Model 2 Stepping 4, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 767 MB (30% free) System Restore: Activé (Enable) System drive C: has 20 GB (53%) free of 37 GB ---\\ Logged in mode ~ Computer Name: MEL-0FYUTP6DYBH ~ User Name: melanie ~ All Users Names: SUPPORT_388945a0, melanie, HelpAssistant, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\melanie\Application Data\ ~ %Desktop% : C:\Documents and Settings\melanie\Bureau\ ~ %Favorites% : C:\Documents and Settings\melanie\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\melanie\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\melanie\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 20 Go of 37 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations ~ Security Center: 28 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.3405104CE3F9B8CDCF5F5A23EC26E681] - (.Microsoft Corporation - Internet Extensions for Win32.) (.16/04/2013 - 23:16:49.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 07s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/3 ~ Mes Favoris (My Favorites) : 1/51 ~ Mes Documents (My Documents) : 1/33 ~ Mon Bureau (My Desktop) : 0/295 ~ Menu demarrer (Programs) : 1/30 ~ Hidden Files: Scanned in 00mn 12s ---\\ Processus lancés [MD5.C48B0F913C944D736A455191ECD8FF45] - (.Lavasoft - Ad-Aware Service Application.) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1181328] [PID.1384] [MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1436] [MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [133104] [PID.1724] [MD5.AE5A69F44C1F97EDC83237FC0B29B6FB] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe [212432] [PID.1812] [MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136] [PID.268] [MD5.DA1485749B785ADCEB421874F5F3405B] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.916] [MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3196] [MD5.893F8E81D1117C48CB9D6E9E5F64BAB1] - (.AVAST Software - avast! antivirus Update.) -- C:\Program Files\AVAST Software\Avast\setup\avast.setup [6527128] [PID.3468] [MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.4040] [MD5.5915F5435337A5B4A68724925A27CB0F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7386624] [PID.2168] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2176] ~ Processes Running: Scanned in 00mn 04s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\melanie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 5 Legitimates Filtered in 00mn 04s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@www.dlmanager.net/omaha/tools//Software Update;version=8] - (.Boxore OU. - Software Update.) -- C:\Program Files\Software\Update\1.2.201.0\npSoftwareOneClick8.dll =>Adware.Boxore ~ Firefox Browser: 11 Legitimates Filtered in 00mn 07s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-21-117609710-1303643608-725345543-1004\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A94000000001}\SC_Reader.ico O4 - GS\Programs: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Contrôle Parental\Controle_parental.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Hwdoctor.lnk . (.winbond - Pas de description.) -- C:\Program Files\HWDOCTOR\Hwdoctor.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 39s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.orange.fr ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{55D4E4E7-1726-4531-8CA6-2AEAC4BCE5AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{8DEEF10F-56F5-43C9-9D6E-413CE0DDDA06}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{98F56F42-4E15-4664-91B6-328BBCCBC7D5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{55D4E4E7-1726-4531-8CA6-2AEAC4BCE5AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8DEEF10F-56F5-43C9-9D6E-413CE0DDDA06}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{98F56F42-4E15-4664-91B6-328BBCCBC7D5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{55D4E4E7-1726-4531-8CA6-2AEAC4BCE5AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8DEEF10F-56F5-43C9-9D6E-413CE0DDDA06}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{98F56F42-4E15-4664-91B6-328BBCCBC7D5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 01s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft - Ad-Aware Service Application.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ~ Services: 4 Legitimates Filtered in 00mn 17s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\melanie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (lsdelete) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job [1072] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job [1076] ~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (ssmdrv) . (. - .) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (.not file.) ~ Drivers: 63 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- Ad-Aware O42 - Logiciel: Ad-Aware - (.Lavasoft.) [HKLM] -- {DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} O42 - Logiciel: Avance AC'97 Audio - (...) [HKLM] -- {FB08F381-6533-4108-B7DD-039E11FBC27E} O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD} =>Adware.Boxore ~ Logic: 70 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Softonic] [HKLM\Software\ABIT] [HKLM\Software\Avance Logic, Inc.] [HKLM\Software\Boxore] =>Adware.Boxore ~ Key Software: 116 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 02/09/2009 - 22:01:48 - [0] ----D C:\Program Files\Avance Sound Manager O43 - CFD: 27/12/2012 - 20:18:34 - [1,278] ----D C:\Program Files\Boxore =>Adware.Boxore O43 - CFD: 02/09/2009 - 22:03:58 - [2,611] ----D C:\Program Files\HWDOCTOR ~ Program Folder: 80 Legitimates Filtered in 02mn 45s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C67E0BE98628A0BD4E6834D668A3D191] - 21/05/2013 - 10:38:52 ---A- . (...) -- C:\aaw7boot.log [15298] O44 - LFC:[MD5.3A001DC698989DFABD394B88FA0CBCB2] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [49462] O44 - LFC:[MD5.AE11B8496A65AB85699F7FB8F0174BB6] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\comsetup.log [16244] O44 - LFC:[MD5.DD2D254A0576B1EA483F3637930E9C7E] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\iis6.log [7851] O44 - LFC:[MD5.2B98F08A7F8CED476205BF6D7A492DD3] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.E655AA4EE7EB9060122E3F4C2F113DEB] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\msgsocm.log [2472] O44 - LFC:[MD5.7D6A9A91145EC25151072DF06C46D101] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [9850] O44 - LFC:[MD5.CF8351D2847CC99794A48576BF825130] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\ocgen.log [23648] O44 - LFC:[MD5.2DCEB61AAD798D0E57FC5C2CF028EF47] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\ocmsn.log [2736] O44 - LFC:[MD5.F3C08DA8CE2535607BB661076B99601B] - 17/05/2013 - 14:03:30 ---A- . (...) -- C:\WINDOWS\tsoc.log [18872] O44 - LFC:[MD5.E9402D45FB533006D0F09B3DCE3BE02E] - 17/05/2013 - 14:03:22 ---A- . (...) -- C:\WINDOWS\updspapi.log [3680] O44 - LFC:[MD5.A06C1E756793F9680BD880EFF6EC2FAB] - 17/05/2013 - 14:02:38 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] ~ Files: 37 Legitimates Filtered in 03mn 58s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" [Enabled] .(.Lavasoft.) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe ~ Keys Export: 7 Legitimates Filtered in 00mn 14s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.149A8F7ADF9742554DC323E290551E3E] - 30/10/2012 - 23:51:56 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 23/09/2009 - C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD ~ Legacy: 119 Legitimates Filtered in 00mn 20s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 03s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\Launcher\Launcher.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ~ Keys: Scanned in 00mn 02s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com ~ Keys: Scanned in 00mn 03s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.9687825CAC76C47BDE36509471849B72] [SPRF][14/01/2011] (...) -- C:\Documents and Settings\melanie\Bureau\OOo_3.2.1_Win_x86_install_fr.exe [53884957] [MD5.266404D2B89BDA7F1D528032C713C082] [SPRF][07/10/2012] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Documents and Settings\melanie\Bureau\Silverlight_x64.exe [13072536] ~ Files: Scanned in 00mn 39s ---\\ Scan Additionnel (O88) Database Version : v2.12209 - (20/05/2013) Clés trouvées (Keys found) : 33 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 3 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}] =>Adware.Boxore [HKLM\Software\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}] =>Adware.Agent [HKLM\Software\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}] =>Adware.Agent [HKLM\Software\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}] =>Adware.Agent [HKLM\Software\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}] =>Adware.Agent [HKLM\Software\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}] =>Adware.Agent [HKLM\Software\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}] =>Adware.Agent [HKLM\Software\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}] =>Adware.Agent [HKLM\Software\Classes\Software.OneClickCtrl.8] =>Adware.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24] =>Adware.PredictAd [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKLM\Software\Boxore] =>Adware.Boxore [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\SOFTWARE\SOFTWARE\UPDATE\CLIENTS\{5B54E9B6-D6C4-11E0-8E9D-92FB4824019B}] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore [HKLM\Software\Classes\Installer\Features\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore [HKLM\Software\Classes\Installer\Products\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FEB8FB96CD4CF54A95AB4311193C2DA] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD}] =>Adware.Boxore [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ C:\Program Files\Boxore =>Adware.Boxore C:\Program Files\Software =>Adware.Boxore C:\Documents and Settings\melanie\Local Settings\Application Data\Software =>Adware.Boxore ~ Additionnel Scan: 101469 Items scanned in 05mn 11s ---\\ Product Upgrade Codes (O90) O90 - PUC: "9FEB8FB96CD4CF54A95AB4311193C2DA" . (.Boxore Client.) -- C:\WINDOWS\Installer\{9BF8BEF9-4DC6-45FC-9AA5-4B1311392CAD}\boxore.ico =>Adware.Boxore ~ Update Products: 11 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 17/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 25/09/2007 65536 | C:\Program Files\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SS - | Auto 22/09/2009 133104 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 22/09/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 20/11/2008 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 29/04/2011 1181328 | (Lavasoft Ad-Aware Service) . (.Lavasoft.) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe ~ Services: Scanned in 00mn 12s ~ 644 Legitimates filtered by white list End of the scan (461 lines in 16mn 25s)(0)