Problème connexion Internet

[larsson]

Bonjour à tous , je suis nouveau donc je me présente steph 36 ans, j'ai de petites connaissances en informatique

:nouv:

 

Mon problème, pensant être infecté je fais 1 scan avec ZPHDiag, résultat?Pas de virus a mon humble avis mais 1 problème de connexion internet

 

sur l'interface de ZPPHDiag en haut à droite au lieu programme à jour; il y a écrit problème de connexion internet je n'arrive pas à aller sur pjpoint ,exusez moi je vais poster le rapport diretementRapport de ZHPDiag v2013.6.18.25 par Nicolas Coolman, Update du 18/06/2013

Run by Jean at 19/06/2013 21:34:06

WebSite: Home - Malicius Software Information

State : Problème connexion internet

WhiteList : Enable

High Elevated Privileges : OK

UAC : Activate by user

 

 

---\\ Web Browser

MSIE: Internet Explorer v10.0.9200.16618

 

---\\ Windows Product Information

~ Langage: Français

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : 7QJB7

Windows License : OK

~ Windows Remaining Initializations Number : 2

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Protection

Kaspersky PURE 3.0 v13.0.2.558

Windows Defender W7

 

---\\ System Optimizer

CCleaner v4.02 =>Piriform Ltd

 

---\\ Peer To Peer (P2P)

 

---\\ Software Update

Adobe Flash Player 11 Plugin

Adobe Reader XI

 

---\\ System Information

~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3817 MB (52% free)

System Restore: Activé (Enable)

System drive C: has 523 GB (90%) free of 580 GB

 

---\\ Logged in mode

~ Computer Name: PAUL-PC

~ User Name: Jean

~ All Users Names: Sonia, Jean, Administrateur,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Jean\AppData\Roaming\

~ %Desktop% : C:\Users\Jean\Desktop\

~ %Favorites% : C:\Users\Jean\Favorites\

~ %LocalAppData% : C:\Users\Jean\AppData\Local\

~ %StartMenu% : C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 523 Go of 580 Go)

D:\ CD-ROM drive (Not Inserted)

Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

~ Security Center: 37 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.12716D987D475B051F35895659159705] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/06/2013 - 23:19:50.) -- C:\Windows\System32\wininet.dll [2241024]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 1/4516

~ Mes musiques (My Musics) : 1/210

~ Mes Videos (My Videos) : 1/5

~ Mes Favoris (My Favorites) : 0/31

~ Mes Documents (My Documents) : 0/83

~ Mon Bureau (My Desktop) : 0/169

~ Menu demarrer (Programs) : 0/19

~ Hidden Files: Scanned in 00mn 19s

 

 

 

---\\ Processus lancés

[MD5.C6CDA4E093DD3B2977F87DA498827FCB] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968] [PID.1776]

[MD5.2F3390C8E3620B3991D7D82014E26AA7] - (.Google Inc. - Google Chrome.) -- C:\Users\Sonia\AppData\Local\Google\Chrome\Application\chrome.exe [825808] [PID.6260]

[MD5.612AF40F6F45DEFC00F68E868B75927A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7518208] [PID.5472]

[MD5.9243229DFCCC99B5441750EBA49F1B14] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272] [PID.968]

[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1728]

[MD5.A6B41F3044B2C099BBB5531CAA0551D5] - (.Canal+ Active - CanalPlus.VOD.Service.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [188416] [PID.1812]

[MD5.0F9FE82E229C039F0AC1996E44059653] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040] [PID.1860]

[MD5.0C16E2F7287875BB91DA452B3EC405FE] - (...) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2074760] [PID.1972]

[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.2020]

[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1176]

[MD5.B6AB40819ECEC4BA07266EC0EBBC85A7] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512448] [PID.1360]

[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376] [PID.1840]

[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2216]

[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.2396]

[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3112]

[MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [769432] [PID.4236]

[MD5.917D977C6C841EF5EC730C2029F94F36] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtbws.exe [201736] [PID.3812]

[MD5.B17C7C12A864669F075468A686730356] - (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe [130056] [PID.6176]

~ Processes Running: Scanned in 00mn 02s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

 

 

 

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Kaspersky Passsword Manager Toolbar [64Bits] - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} . (.Kaspersky Lab - Autofill Engine for IE-based web browsers.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll

O2 - BHO: Safe Money Plugin [64Bits] - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} . (.Kaspersky Lab ZAO - Safe Money Plugin.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll

~ BHO: 7 Legitimates Filtered in 00mn 01s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Application: Scanned in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - GS\TaskBar: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>Piriform Ltd

O4 - GS\TaskBar: Google Chrome (2).lnk . (...) -- C:\Users\Jean\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O4 - GS\TaskBar: Google Chrome.lnk . (...) -- C:\Users\Jean\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O4 - GS\TaskBar: SparkChess 6.lnk . (...) -- C:\Users\Jean\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O4 - GS\TaskBar: Video Web Camera.lnk . (.CyberLink Corp. - WebCam.) -- C:\Program Files (x86)\Video Web Camera\WebCam.exe

O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch: Google Chrome.lnk . (...) -- C:\Users\Jean\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)

O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe

O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe

O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Jean\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

~ Global Startup: Scanned in 00mn 01s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Clavier virtuel [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico

O9 - Extra button: Analyse des liens [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico

~ IE Extra Buttons: Scanned in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{006256C0-32AD-4014-88FB-A300C0A3C02C}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpNameServer = 192.168.1.250

O17 - HKLM\System\CCS\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpDomain = PXE.ACER.COM

O17 - HKLM\System\CS1\Services\Tcpip\..\{006256C0-32AD-4014-88FB-A300C0A3C02C}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpNameServer = 192.168.1.250

O17 - HKLM\System\CS1\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpDomain = PXE.ACER.COM

O17 - HKLM\System\CS2\Services\Tcpip\..\{006256C0-32AD-4014-88FB-A300C0A3C02C}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpNameServer = 192.168.1.250

O17 - HKLM\System\CS2\Services\Tcpip\..\{274CDC94-2957-4C52-9109-D0524DB6DC62}: DhcpDomain = PXE.ACER.COM

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

~ Protocole Additionnel: Scanned in 00mn 00s

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\DriverEasy Scheduled Scan.job [404]

~ Scheduled Task: 4 Legitimates Filtered in 00mn 11s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 17/06/2013 - 17:10:52 - [0,000] ----D C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}

~ Program Folder: 125 Legitimates Filtered in 00mn 14s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 17/06/2013 - 15:17:19 RSHAD . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys.bak [115776]

O44 - LFC:[MD5.72F2D357120F95C1E725C22915FE95E1] - 16/06/2013 - 19:55:26 ---A- . (...) -- C:\Windows\WORDPAD.INI [193]

O44 - LFC:[MD5.BF7E3A603CA922B25B81DFA503827A11] - 11/06/2013 - 23:29:28 ---A- . (...) -- C:\Windows\SysNative\ioloBootDefrag.cfg [406]

O44 - LFC:[MD5.BF7E3A603CA922B25B81DFA503827A11] - 11/06/2013 - 23:29:28 RSHAD . (...) -- C:\Windows\System32\ioloBootDefrag.cfg [406]

O44 - LFC:[MD5.DE7ECC022151ACB7375F09C5417E7425] - 11/06/2013 - 23:01:29 ---A- . (...) -- C:\Windows\SysWOW64mfc45.dll [74703]

O44 - LFC:[MD5.6FBB766EB79F9EED3684194EEAF838DF] - 08/06/2013 - 14:52:06 ---A- . (...) -- C:\Windows\ChangeLang_Done.tag [11453]

O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 08/06/2013 - 13:19:24 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]

O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 08/06/2013 - 13:19:24 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]

O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 08/06/2013 - 12:54:20 RSHAD . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]

O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 08/06/2013 - 12:54:19 RSHAD . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]

O44 - LFC:[MD5.15F9A041D0D03D7E4DA23D45606985D5] - 08/06/2013 - 05:31:03 ---A- . (...) -- C:\Windows\SysNative\oem_Get_OS_Language.log [222]

O44 - LFC:[MD5.15F9A041D0D03D7E4DA23D45606985D5] - 08/06/2013 - 05:31:03 RSHAD . (...) -- C:\Windows\System32\oem_Get_OS_Language.log [222]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 08/06/2013 - 05:28:13 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]

O44 - LFC:[MD5.4E84A165644886CC5333335C289B33D0] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTConvEQ.dat [247560]

O44 - LFC:[MD5.EBCA7473A23120CAE4066BEB3835D48F] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTEQEX0.dat [520]

O44 - LFC:[MD5.FCA6883B690E3722B6A60ADA972A831A] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTEQEX1.dat [520]

O44 - LFC:[MD5.57B8D47F171677E88563A42924D64D3D] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTEQEX2.dat [520]

O44 - LFC:[MD5.530A9FEB236FF8DD1BC941A7F08E6561] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTEQEX3.dat [520]

O44 - LFC:[MD5.C104D162A7AC593908FCE05456300619] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RTHDAEQ1.dat [176]

O44 - LFC:[MD5.DAE054749540938A0889AA40E0D5594A] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RtHdatEx.dat [1448]

O44 - LFC:[MD5.E67AAB6205BD45C9A9644CDAC9CE9664] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RtPCEE3.DAT [39672]

O44 - LFC:[MD5.0093E933C529617E785459DA4FC017A5] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\RtPCEE4.DAT [43506]

O44 - LFC:[MD5.F4BB52EC5B3FE911ED767A33A4EC3BBF] - 08/06/2013 - 05:24:33 RSHAD . (...) -- C:\Windows\System32\Drivers\rtkhdaud.dat [16]

O44 - LFC:[MD5.66E4EFA6CACCC787604772D8F418CA4F] - 08/06/2013 - 05:16:41 ---A- . (...) -- C:\Windows\LMv4.UNI [184]

O44 - LFC:[MD5.2EAE98B466CFE4C9362D004ED469422A] - 08/06/2013 - 05:14:23 ---A- . (...) -- C:\Windows\InfoCtrPackard Bell.ico [411494]

~ Files: 694 Legitimates Filtered in 00mn 29s

 

 

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.BE4C7BB4C3E01FB2D45C31211C9B978F] - 19/06/2013 - 09:30:08 ---A- - C:\Windows\Prefetch\REMINDER.EXE-CB45AD2F.pf

O45 - LFCP:[MD5.CF2516895CC3B869C5462F773939DB74] - 19/06/2013 - 09:36:15 ---A- - C:\Windows\Prefetch\WISECARE365.TMP-074F4EFA.pf

O45 - LFCP:[MD5.ABE3AC24072D100730A38489E35DA67B] - 19/06/2013 - 09:37:22 ---A- - C:\Windows\Prefetch\WISECARE365.EXE-0E2DC490.pf

O45 - LFCP:[MD5.46B7769D93FD91A768CB7708039AF59A] - 19/06/2013 - 09:37:30 ---A- - C:\Windows\Prefetch\WISECARE365.TMP-75B9D8E9.pf

O45 - LFCP:[MD5.4F66FEDE9966A17FC4FDF676D828D1D2] - 19/06/2013 - 09:37:57 ---A- - C:\Windows\Prefetch\LINKHINT.EXE-5845A5B2.pf

O45 - LFCP:[MD5.2426A4A25EE34BA52A6C26E02A96291C] - 19/06/2013 - 16:32:03 ---A- - C:\Windows\Prefetch\AUTOCARE.EXE-3FBAC695.pf

O45 - LFCP:[MD5.239AD6AB2414F7531F59D78ED9144470] - 19/06/2013 - 17:46:41 ---A- - C:\Windows\Prefetch\F-SECUREONLINESCANNER.EXE-862E4C98.pf

O45 - LFCP:[MD5.2FB2FB2672101FDD251A13497BB4E94F] - 19/06/2013 - 17:49:45 ---A- - C:\Windows\Prefetch\FSREMOVAL_LAUNCHER.COM-FB16DD45.pf

O45 - LFCP:[MD5.C6F8E90B85AB2CFDE864303DB0815498] - 19/06/2013 - 17:49:47 ---A- - C:\Windows\Prefetch\FSREMOVAL.DAT-64E90403.pf

O45 - LFCP:[MD5.16EE529D27547A56ED09950C61982221] - 19/06/2013 - 17:49:58 ---A- - C:\Windows\Prefetch\XCOPY.EXE-D1A45190.pf

~ Prefetcher: 115 Legitimates Filtered in 00mn 03s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53)

O53 - SMSR:HKLM\...\startupreg\CANAL+ CANALSAT A LA DEMANDE [Key] . (.Canal+ - Lancer CANAL+ CANALSAT A LA DEMANDE.) -- C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe

~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

~ MWPS: 19 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]

~ Drivers: Scanned in 00mn 00s

 

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC: 16/06/2013 - 10:29:43 ---A- C:\Users\Jean\Documents\Documents du PC\rapport KVRT.txt [304]

O61 - LFC: 16/06/2013 - 10:36:25 ---A- C:\Users\Jean\Documents\Documents du PC\Rapport KVRT complet.txt [117736459]

O61 - LFC: 17/06/2013 - 16:00:22 ---A- C:\Users\Jean\Documents\Inscripitions registre\cc_20130617_170016.reg [33484]

O61 - LFC: 17/06/2013 - 21:50:13 ---A- C:\Users\Jean\AppData\Roaming\mbam.context.scan [5]

O61 - LFC: 18/06/2013 - 00:30:19 ---A- C:\Users\Jean\Documents\Documents du PC\erofflps.txt [8687]

O61 - LFC: 18/06/2013 - 15:14:28 RSHA- C:\Users\Jean\ntuser.pol [664]

O61 - LFC: 18/06/2013 - 18:44:05 ---A- C:\Users\Jean\Documents\Inscripitions registre\cc_20130618_194400.reg [190]

O61 - LFC: 18/06/2013 - 20:50:14 ---A- C:\Users\Jean\Documents\Inscripitions registre\cc_20130618_215004.reg [296]

O61 - LFC: 18/06/2013 - 21:40:16 ---A- C:\Users\Jean\Documents\Document.rtf [36247]

O61 - LFC: 18/06/2013 - 21:58:35 ---A- C:\Users\Jean\Documents\Inscripitions registre\cc_20130618_225831.reg [194]

~ Files: 165 Legitimates Filtered in 01mn 22s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ ADS: Scanned in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 29/05/2013 - C:\Windows\system32\drivers\ElRawDsk.sys (ElRawDisk) .(.EldoS Corporation - RawDisk Driver. Allows write access to file.) - LEGACY_ELRAWDISK

~ Legacy: 95 Legitimates Filtered in 00mn 00s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.html> <DragonHTML>[HKCU\..\open\Command] (.Not Key.)

~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <Dragon> <Dragon>[HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe

O68 - StartMenuInternet: <Google Chrome.NZCNEQKAMCVHYPGMGU7URUD5IE> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Sonia\AppData\Local\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {D541576A-D3F9-459A-B683-6F59A112FAB8} [DefaultScope] - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {E3164239-FAB2-459E-A983-764DA94E2BF5} - (Yahoo!) - Yahoo! Search - Web Search

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {8D1F0ABD-38F9-4DC1-B6A4-E1B0884DCA45} - (Google) - Google

O69 - SBI: SearchScopes [HKUS\.DEFAULT] {C3281BAA-4ADD-4028-B147-A58C870CC75C} - (Yahoo!) - Yahoo! Search - Web Search

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {8D1F0ABD-38F9-4DC1-B6A4-E1B0884DCA45} - (Google) - Google

O69 - SBI: SearchScopes [HKUS\S-1-5-18] {C3281BAA-4ADD-4028-B147-A58C870CC75C} - (Yahoo!) - Yahoo! Search - Web Search

~ Keys: Scanned in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.FB7E289365E27C0B05DCC031875CF823] [sPRF][14/06/2013] (...) -- C:\ProgramData\1371238021.bdinstall.bin [92207]

~ Files: Scanned in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P6 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)

O87 - FAEL: "UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" |In - Public - P17 - TRUE | .(...) -- E:\programmation\qtchat\release\qtchat.exe (.not file.)

~ Firewall: 234 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : v2.12511 - (18/06/2013)

Clés trouvées (Keys found) : 0

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

~ Additionnel Scan: 194154 Items scanned in 01mn 25s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Disabled 30/09/2010 169408 | (AdobeActiveFileMonitor9.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe

SR - | Auto 20/12/2012 356968 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

SR - | Auto 06/07/2010 188416 | (CanalPlus.VOD) . (.Canal+ Active.) - C:\Program Files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe

SR - | Auto 21/12/2012 819040 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

SR - | Auto 2074760 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

SR - | Auto 01/07/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

SS - | Disabled 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

SS - | Disabled 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe

SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe

SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SS - | Auto 25/04/2013 580232 | (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe

SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 01s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

~ MBR: 1 Legitimates Filtered in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Jean at 19/06/2013 21:42:48

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

 

 

 

~ 2263 Legitimates filtered by white list

End of the scan (429 lines in 08mn 42s)(0)

en vous remerciant d'avance

[Apollo]

Bonjour,

 

Ton pc n'est pas infecté, ce qui ne m'étonne pas avec la forteresse qui y est installée.

 

Juste des vérifications et du nettoyage puis il faudra te rendre ici: Internet & Réseaux - Forums Zebulon.fr

 

1) Fais ces vérifications de sécurité stp: (n'utilise pas le PSI, tu as un module identique dans PURE - recherche de vulnérabilités)

 

Apollo Et Compagnie :: A vérifier de temps en temps, important!

 

---------------

2) Télécharger SFTGC.exe sur le Bureau >>>> il ne peut pas être ailleurs! L'y déplacer s'il est ailleurs.

 

Sous XP, double cliquer sur le fichier.

Sous les autres versions de Windows, clic droit sur le fichier et choisir Exécuter en tant qu'administrateur.

 

Après l'initialisation, cliquer sur Go pour lancer le nettoyage.

 

Un rapport va s'ouvrir à la fin.

Ce rapport est sur le bureau (SFT.txt)

 

Héberger sur Accueil de Cjoint.com pour ne pas planter le sujet.

 

 

Voilà

 

@++