A voir également:
- Rootkit a suprimer
- Suprimer edge - Guide
- Comment suprimer un compte gmail - Guide
- Suprimer page word - Guide
- Comment suprimer un compte insta - Guide
- Comment suprimer les alertes whathzap - Guide
4 réponses
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
11 nov. 2009 à 17:58
11 nov. 2009 à 17:58
Salut,
-+-+-+-> ZHPDiag <-+-+-+-
[x] Télécharge ZHPDiag ( de Nicolas coolman ).
[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau
[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
[x] Rend toi sur Cjoint
[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "
[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message
-+-+-+-> ZHPDiag <-+-+-+-
[x] Télécharge ZHPDiag ( de Nicolas coolman ).
[x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
[x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau
[x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
[x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
[x] Rend toi sur Cjoint
[x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] "
[x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
[x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message
usagijoli
Messages postés
1551
Date d'inscription
mercredi 29 juillet 2009
Statut
Membre
Dernière intervention
4 novembre 2014
268
11 nov. 2009 à 18:05
11 nov. 2009 à 18:05
Bonjour , le vrai processus windows n'a pas de e à la fin.donc c'est trés suspect.Mettez déja en quarantaine ce que vous a trouvé spybot.Faites un scan avec un antivirus à jour,votre antivirus ayant laissé passer l'infection.Pensez à le désactiver lors du scan.
COMMENT METTRE EN QUARANTAINE ?VOICI LE RAPPORT SYSPROTSysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: pxscan.sys
Service Name: pxscan
Module Base: B8338000
Module End: B833E000
Hidden: Yes
Module Name: \SystemRoot\System32\drivers\pxkbf.sys
Service Name: pxkbf
Module Base: B8438000
Module End: B843D000
Hidden: Yes
Module Name: \SystemRoot\System32\drivers\pxrts.sys
Service Name: pxrts
Module Base: B3721000
Module End: B372B000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS
Service Name: ---
Module Base: B85DA000
Module End: B85DC000
Hidden: Yes
Module Name: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwpirfoc.sys
Service Name: fwpirfoc
Module Base: A8D00000
Module End: A8D16000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A98515E0
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwAssignProcessToJobObject
Address: A98512CE
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwConnectPort
Address: A9851310
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateFile
Address: A98513BE
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcess
Address: A9851C66
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcessEx
Address: A9851CF2
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateThread
Address: A9851D82
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwDebugActiveProcess
Address: A985140E
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwDuplicateObject
Address: A9851450
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwLoadDriver
Address: A9851494
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenKey
Address: A98514D6
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenProcess
Address: B372251A
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwOpenSection
Address: A9851518
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenThread
Address: A985155A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwProtectVirtualMemory
Address: A9851628
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwRequestWaitReplyPort
Address: A985159C
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwRestoreKey
Address: A985166A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwResumeThread
Address: A98516B2
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSecureConnectPort
Address: A9851742
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSetContextThread
Address: B372218E
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwSetValueKey
Address: A98516F4
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSuspendProcess
Address: A98517E6
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSystemDebugControl
Address: A9851828
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwTerminateProcess
Address: A985186A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwTerminateThread
Address: B3722316
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwWriteVirtualMemory
Address: A98518B8
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No hidden files/folders found
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: pxscan.sys
Service Name: pxscan
Module Base: B8338000
Module End: B833E000
Hidden: Yes
Module Name: \SystemRoot\System32\drivers\pxkbf.sys
Service Name: pxkbf
Module Base: B8438000
Module End: B843D000
Hidden: Yes
Module Name: \SystemRoot\System32\drivers\pxrts.sys
Service Name: pxrts
Module Base: B3721000
Module End: B372B000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS
Service Name: ---
Module Base: B85DA000
Module End: B85DC000
Hidden: Yes
Module Name: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwpirfoc.sys
Service Name: fwpirfoc
Module Base: A8D00000
Module End: A8D16000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A98515E0
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwAssignProcessToJobObject
Address: A98512CE
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwConnectPort
Address: A9851310
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateFile
Address: A98513BE
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcess
Address: A9851C66
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcessEx
Address: A9851CF2
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateThread
Address: A9851D82
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwDebugActiveProcess
Address: A985140E
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwDuplicateObject
Address: A9851450
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwLoadDriver
Address: A9851494
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenKey
Address: A98514D6
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenProcess
Address: B372251A
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwOpenSection
Address: A9851518
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenThread
Address: A985155A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwProtectVirtualMemory
Address: A9851628
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwRequestWaitReplyPort
Address: A985159C
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwRestoreKey
Address: A985166A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwResumeThread
Address: A98516B2
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSecureConnectPort
Address: A9851742
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSetContextThread
Address: B372218E
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwSetValueKey
Address: A98516F4
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSuspendProcess
Address: A98517E6
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwSystemDebugControl
Address: A9851828
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwTerminateProcess
Address: A985186A
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
Function Name: ZwTerminateThread
Address: B3722316
Driver Base: B3721000
Driver End: B372B000
Driver Name: \SystemRoot\System32\drivers\pxrts.sys
Function Name: ZwWriteVirtualMemory
Address: A98518B8
Driver Base: A9846000
Driver End: A985A000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No hidden files/folders found
usagijoli
Messages postés
1551
Date d'inscription
mercredi 29 juillet 2009
Statut
Membre
Dernière intervention
4 novembre 2014
268
11 nov. 2009 à 18:09
11 nov. 2009 à 18:09
Ha j'ai posté pour rien mais tant mieux il va avoir une aide plus efficace
Xplode
Messages postés
8820
Date d'inscription
vendredi 21 août 2009
Statut
Contributeur sécurité
Dernière intervention
2 juillet 2015
726
11 nov. 2009 à 18:15
11 nov. 2009 à 18:15
Fred, il faut que tu heberges le rapport et que tu copie/colle le lien, sinon le rapport ne passera pas ( trop long )
---\\ Processus lancés
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
c:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
---\\ Plugin du navigateur Opera (P1)
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\libdivx.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npdivx32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nppl3260.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprpjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\ssldivx.dll
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
O4 - HKLM\..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
O4 - HKLM\..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKLM\..\policies\Explorer: [NoResolveSearch] Data=1
O4 - HKLM\..\policies\Explorer: [NoResolveTrack] Data=1
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=253
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoFolderOptions] Data=0
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} () - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ARSVC (ARSVC) - C:\WINDOWS\arservice.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Service de planification Media Center (ehSched) - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Google Updater Service (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService (lxduCATSCustConnectService) - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device (lxdu_device) - C:\WINDOWS\system32\lxducoms.exe -service
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
End of the scan: 142 lines
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
c:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
---\\ Plugin du navigateur Opera (P1)
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\libdivx.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npdivx32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nppl3260.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprpjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\ssldivx.dll
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
O4 - HKLM\..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
O4 - HKLM\..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKLM\..\policies\Explorer: [NoResolveSearch] Data=1
O4 - HKLM\..\policies\Explorer: [NoResolveTrack] Data=1
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=253
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoFolderOptions] Data=0
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} () - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ARSVC (ARSVC) - C:\WINDOWS\arservice.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Service de planification Media Center (ehSched) - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Google Updater Service (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService (lxduCATSCustConnectService) - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device (lxdu_device) - C:\WINDOWS\system32\lxducoms.exe -service
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
End of the scan: 142 lines
11 nov. 2009 à 18:12
Run by Administrateur at 11/11/2009 18:13:28
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
MSIE: Internet Explorer v8.0.6001.18702
OPIE: Opera 10.01
MFIE: Mozilla Firefox (3.0.10)
Total RAM: 2048,0 Mb (76 % free)
System drive C: 142 Go (103 Go free)
---\\ Processus lancés
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
c:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\services.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\ehome\mcrdsvc.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\spoolsv.exe
---\\ Plugin du navigateur Opera (P1)
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\libdivx.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npdivx32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nppl3260.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\nprpjplug.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32.dll
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe
P1 - OPN:Opera Plugin Navigator - C:\Program Files\Opera\Program\Plugins\ssldivx.dll
---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
O4 - HKLM\..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe
O4 - HKLM\..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [LinkResolveIgnoreLinkInfo] Data=0
O4 - HKLM\..\policies\Explorer: [NoResolveSearch] Data=1
O4 - HKLM\..\policies\Explorer: [NoResolveTrack] Data=1
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data=67108863
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data=253
O4 - HKLM\..\policies\Explorer: [NoDrives] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun-] Data=0
O4 - HKLM\..\policies\Explorer: [NoFolderOptions] Data=0
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} () - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ARSVC (ARSVC) - C:\WINDOWS\arservice.exe
O23 - Service: Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: Service de planification Media Center (ehSched) - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Google Updater Service (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxduCATSCustConnectService (lxduCATSCustConnectService) - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
O23 - Service: lxdu_device (lxdu_device) - C:\WINDOWS\system32\lxducoms.exe -service
O23 - Service: Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe
End of the scan: 142 lines