Firefoxe instable

Bonjour,

depuis ce matin le navigateur fire foxe 25 est instable au démarrage : doute d une infection ,joint log zhp
~ Rapport de ZHPDiag v2013.11.6.11 - Nicolas Coolman (06/11/2013)
~ Lancé par taky (06/11/2013 21:03:12)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 25.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 733WD
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2007 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 257 GB (86%) free of 297 GB

---\\ Mode de connexion au système
~ Computer Name: TAKY-PC
~ User Name: taky
~ All Users Names: taky, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\taky\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\taky\AppData\Roaming\
~ %Desktop% : C:\Users\taky\Desktop\
~ %Favorites% : C:\Users\taky\Documents\SEVEN 2\Favorites\
~ %LocalAppData% : C:\Users\taky\AppData\Local\
~ %StartMenu% : C:\Users\taky\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 257 Go of 297 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 5:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 1:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:28:06.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 12:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 12:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 0:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 1:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 8:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 8:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 9:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 2:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 8:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 13:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 10:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 8:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 12:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/168
~ Mes musiques (My Musics) : 23/178
~ Mes Videos (My Videos) : 1/165
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/640
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/51
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2112]
[MD5.E353D0C206AEEDDE2E2927E7D23A00DA] - (.TuneUp Software - TuneUp Utilities.) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe [1221944] [PID.2556]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3656]
[MD5.EF01D104449CC654FDCF423C92BD8846] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5212]
[MD5.2A43A30EF7FCFD1284F8C3318B784A68] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4528]
[MD5.EB68851F020D35293EADAADEB18B8220] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.3304]
[MD5.A7CD0071E46BDDCBF3463F3D0C9DEE17] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.2468]
[MD5.BBD4F4E6EF4506BB672C33EA3E1652E8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8182784] [PID.5776]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\taky\AppData\Roaming\Mozilla\Firefox\Profiles\lakmxi17.default-1368804805474\prefs.js
~ Firefox Browser: 25 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww25.allssearch.com/ =>Adware.SocialSkinz
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 2



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Internet Mobile.lnk . (...) -- C:\Program Files\Internet Mobile\Internet Mobile.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) -- C:\Program Files\Speccy\Speccy.exe
O4 - GS\Program [Public]: Assistant du gestionnaire de contenu pour PlayStation(R).lnk . (.Sony Computer Entertainment Inc. - Content Manager Assistant.) -- C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (.Dell Inc. - Dell Document Viewer.) -- C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [taky]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [taky]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [taky]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [taky]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [taky]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [taky]: 2013-10-16-105842 - Raccourci.lnk . (...) -- C:\Users\taky\Dropbox\Laid kbir\2013-10-16\2013-10-16-105842.mp4
O4 - GS\Desktop [taky]: Free Hide Folder.lnk . (...) -- C:\Program Files\Free Hide Folder\fhide.exe
O4 - GS\Desktop [taky]: Secret Maryo Chronicles.lnk . (...) -- C:\Program Files\Secret Maryo Chronicles\Secret Maryo Chronicles.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-1014692800-3519297534-427515985-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B2F571-81E5-44D9-BF54-09184C2AAA0F}: DhcpNameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C5AA000-5FA8-4F9E-92B9-E42541A6FD9E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9DAB2FF-8E03-4A80-AD89-3D947F1A4447}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{83B2F571-81E5-44D9-BF54-09184C2AAA0F}: DhcpNameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C5AA000-5FA8-4F9E-92B9-E42541A6FD9E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E9DAB2FF-8E03-4A80-AD89-3D947F1A4447}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{83B2F571-81E5-44D9-BF54-09184C2AAA0F}: DhcpNameServer = 212.217.0.1 212.217.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C5AA000-5FA8-4F9E-92B9-E42541A6FD9E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E9DAB2FF-8E03-4A80-AD89-3D947F1A4447}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{00B07AF9-28E1-421C-AE35-C6C697501F06}] (...) -- C:\Users\taky\Downloads\NDP35SP1-KB963707-x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{090CE838-F529-47D3-987B-C39FE73E42A6}] (...) -- C:\Users\taky\Desktop\WinSetupFromUSB_0-2-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{313A3B0E-7013-46F2-94D8-22ACF79FE618}] (...) -- D:\DataCard_Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6F47C7E0-1FBA-486C-91CB-ECCE7DD88A3F}] (...) -- C:\program files\avira\antivir desktop\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BBC77803-E852-4911-BB3B-D3F727157A81}] (...) -- D:\Internet Mobile\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C419E958-17F9-45C8-A65B-6B440DBEFE71}] (...) -- C:\Users\taky\Desktop\esetsmartinstaller_enu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D57BD430-53F4-477A-A4AF-B62627E78C07}] (...) -- C:\WinSetupFromUSB\WinSetupFromUSB_0-2-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E3D60CBD-1579-4DB1-BFEB-6DF95E28073E}] (...) -- C:\Users\taky\Documents\esetsmartinstaller_enu.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EB87E320-C998-4439-B393-F300DE8DDF1B}] (...) -- C:\Users\taky\Downloads\ToolBarSD.exe (.not file.) [0]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 07s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (FDCENT) . (.Silence of Troubles United Company Ltd. - Filter Device.) - C:\Windows\system32\drivers\FDCENT.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Secret Maryo Chronicles - (.Florian Richter.) [HKLM] -- secretmaryo
O42 - Logiciel: Security Wizards - (.Nom de votre société.) [HKLM] -- InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}
~ Logic: 100 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/11/2011 - 15:15:37 - [79,677] ----D C:\Program Files\Secret Maryo Chronicles
O43 - CFD: 14/08/2013 - 10:47:26 - [0] ----D C:\ProgramData\Driver Tool
O43 - CFD: 23/10/2011 - 9:43:39 - [0,008] ----D C:\Users\taky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Secret Maryo Chronicles
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 197 Legitimates Filtered in 00mn 14s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.3A2AF106584A7CFB1FE35E0394AB889D] - 06/11/2013 - 16:29:24 ---A- - C:\Windows\Prefetch\FLASH2PSPCONVERTER.EXE-F0C0B4B8.pf
O45 - LFCP:[MD5.4188855A61B41AD0216646913E994456] - 06/11/2013 - 16:30:27 ---A- - C:\Windows\Prefetch\NSC191.TMP-63DB63EE.pf
O45 - LFCP:[MD5.3337677CBD1462A166D58D89DA75AA26] - 06/11/2013 - 16:30:28 ---A- - C:\Windows\Prefetch\NSC8A3.TMP-3D174D53.pf
O45 - LFCP:[MD5.35BB5F5AF39DE2B24EF5C5D9BDC5AAB0] - 06/11/2013 - 16:30:37 ---A- - C:\Windows\Prefetch\FLASH2PSPCONVERTER [1].EXE-962BD77D.pf
O45 - LFCP:[MD5.E026CC72495C6AF76A1E3B02F0FE02A9] - 06/11/2013 - 16:33:10 ---A- - C:\Windows\Prefetch\WNETWATCHER.EXE-5D0D9689.pf
O45 - LFCP:[MD5.19B2B52695ED9F7AABDBDF135B65EA9D] - 06/11/2013 - 16:58:23 ---A- - C:\Windows\Prefetch\ASHQUICK.EXE-C7878A29.pf
O45 - LFCP:[MD5.6886704490285F710A0B8FBBE371225F] - 06/11/2013 - 17:51:54 ---A- - C:\Windows\Prefetch\MYPC BACKUP.EXE-E64F9341.pf =>PUP.MyPCBackup
O45 - LFCP:[MD5.55E8F5435067519CB0729CB105615293] - 06/11/2013 - 17:54:20 ---A- - C:\Windows\Prefetch\UNINST.EXE-F0E79E83.pf
O45 - LFCP:[MD5.4BA5996E8EA179AEFC2B3ADED309F31F] - 06/11/2013 - 17:54:26 ---A- - C:\Windows\Prefetch\NSA221.TMP-61DF286C.pf
O45 - LFCP:[MD5.0A252081D75EB5B3ACC1C587D1C67227] - 06/11/2013 - 17:54:28 ---A- - C:\Windows\Prefetch\NSAC7E.TMP-70C67386.pf
O45 - LFCP:[MD5.36ABB669A9EC1ED5DCBFE5F672C27B7C] - 06/11/2013 - 17:54:40 ---A- - C:\Windows\Prefetch\NSB45B.TMP-B38BCFCF.pf
O45 - LFCP:[MD5.8282EFDB43722137DB201F5E98C6AA7F] - 06/11/2013 - 17:54:41 ---A- - C:\Windows\Prefetch\UNREGISTEREXTENSIONS.EXE-2D4552DE.pf
O45 - LFCP:[MD5.0D44D419A5568FB8F406732D45D06D4A] - 06/11/2013 - 17:54:45 ---A- - C:\Windows\Prefetch\REGISTEREXTENSIONDOTNET20_X86-63D26571.pf
O45 - LFCP:[MD5.275B4E1E645A2957567DE0C655510519] - 06/11/2013 - 20:37:48 ---A- - C:\Windows\Prefetch\GO.EXE-9F5F9B7B.pf
O45 - LFCP:[MD5.493BDC0AD0B576ADE45630A991DFDB8B] - 06/11/2013 - 20:43:27 ---A- - C:\Windows\Prefetch\REGISTRYCLEANER.EXE-9B4168EC.pf
O45 - LFCP:[MD5.FB6892C232E17049377E4B4F92BC2106] - 06/11/2013 - 20:48:26 ---A- - C:\Windows\Prefetch\SHORTCUTCLEANER.EXE-C2F3860B.pf
O45 - LFCP:[MD5.24B39E4494DA86CAB7529139AA4CD2F0] - 06/11/2013 - 20:49:47 ---A- - C:\Windows\Prefetch\STARTUPOPTIMIZER.EXE-6CF1F123.pf
~ Prefetcher: 115 Legitimates Filtered in 00mn 01s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FDCENT.SYS . (.Silence of Troubles United Company Ltd. - Filter Device.) -- C:\Windows\System32\Drivers\FDCENT.SYS
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FDCENT.SYS . (.Silence of Troubles United Company Ltd. - Filter Device.) -- C:\Windows\System32\Drivers\FDCENT.SYS
~ CSB: 15 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - AcroRd32.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - adobe air application installer.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - imfrmwrk.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - mcdetection.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
O50 - IFEO:Image File Execution Options - mcsettings.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.3IV2"="3ivxVfWCodec.dll" . (.3ivx Technologies Pty. Ltd. - 3ivx MPEG-4 5.0.3 Video for Windows Codec.) -- C:\Windows\System32\3ivxVfWCodec.dll
~ TDSD: 10 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\hffsrv [Key] . (...) -- c:\windows\hffext\hffsrv.exe
O53 - SMSR:HKLM\...\startupreg\Report [Key] . (...) -- C:\AdwCleaner\AdwCleaner[S15].txt (.not file.)
~ SMSR Keys: 26 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C77A0C846D5B113FA5C4C3820EC529DF] - 28/07/2009 - 0:21:30 ---A- . (.ST Microelectronics - Accelerometer Port I/O.) -- C:\Windows\System32\Drivers\Acceler.sys [28136]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 21:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/11/2013 - 21:04:43 ---A- . (...) -- C:\Users\taky\Documents\omra\Saved Games\Searches\Downloads\EBOOT.PBP [32608261]
O61 - LFC: 05/11/2013 - 21:04:43 -SHA- . (...) -- C:\Users\taky\Documents\omra\Saved Games\Searches\Downloads\Thumbs.db [18944]
O61 - LFC: 06/11/2013 - 21:04:29 ---A- . (...) -- C:\Users\taky\AppData\Local\Mozilla\updates\308046B0AF4A39CB\active-update.xml [57]
O61 - LFC: 06/11/2013 - 21:04:29 ---A- . (...) -- C:\Users\taky\AppData\Local\Mozilla\updates\308046B0AF4A39CB\updates.xml [3034]
O61 - LFC: 06/11/2013 - 21:04:42 ---A- . (...) -- C:\Users\taky\AppData\Roaming\ZHP\Log.txt [18132] =>.Nicolas Coolman
O61 - LFC: 06/11/2013 - 21:04:42 ---A- . (...) -- C:\Users\taky\AppData\Roaming\ZHP\TestsZHPDiag.txt [2807] =>.Nicolas Coolman
~ 1 Fichiers temporaires (Temporary files)
~ Files: 99 Legitimates Filtered in 00mn 25s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/05/2009 - C:\Windows\system32\drivers\FDCENT.sys (FDCENT) .(.Silence of Troubles United Company Ltd. - Filter Device.) - LEGACY_FDCENT
~ Legacy: 182 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [taky - lakmxi17.default-1368804805474] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {396E4B72-E9BA-4FAE-83D1-605EA2ADA899} - (Wikipédia (fr)) - https://fr.wikipedia.org/wiki/Wikip%C3%A9dia:Accueil_principal
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {A32814D7-40D6-4CBC-9814-9DE50C825319} - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.83E29F2B507A6BE3DF8BF7875D3DE54D] [SPRF][22/05/2011] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.A9220115BF8D64017F66887732304B24] [SPRF][04/11/2013] (...) -- C:\Users\taky\Desktop\adwcleaner.exe [1073258]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "24E9EA15D04641C49A6B346FA44A3E2E" . (.Document Manager Lite.) -- C:\Windows\Installer\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\ARPPRODUCTICON.exe
O90 - PUC: "293A837E096FD9A408E8B7FA080E3B89" . (.ESC Home Page Plugin.) -- C:\Windows\Installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}\ARPPRODUCTICON.exe
O90 - PUC: "6E3E48CE6D2CBFD4180E4438428CDF4F" . (.Security Wizards.) -- C:\Windows\Installer\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\ARPPRODUCTICON.exe
~ Update Products: 98 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.22FB3F39E59041770FE68030DFDC272A] [WIS][22/06/2010] (.NTRU Cryptosystems - NTRU TCG Software Stack.) -- C:\Windows\Installer\6b06.msi [3345408]
~ WIS: 105 Legitimates Filtered in 00mn 17s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Disabled 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 31/03/2009 81920 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SS - | Disabled 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Disabled 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Disabled 24/10/2009 110592 | (BrcmMgmtAgent) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
SR - | Auto 09/05/2013 7454608 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SS - | Disabled 21/09/2009 858384 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 22/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 04/08/2013 1783632 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 05/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Disabled 21/09/2009 473360 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Demand 03/02/2010 1032192 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
SS - | Disabled 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 12/11/2008 1273856 | (tcsd_win32.exe) . (...) - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SR - | Auto 29/03/2010 1164648 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
SR - | Auto 22/10/2013 1529656 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SS - | Disabled 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by taky at 06/11/2013 21:05:37

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys halmacpi.dll
C:\Windows\system32\DRIVERS\stdcfltn.sys ST Microelectronics Disk Class Filter Driver for Accelerometer
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x83287BBA] >> \Device\Harddisk0\DR0[0x87A23030]
5 stdcfltn[0x899ED854] >> ntkrnlpa!IofCallDriver[0x83287BBA] >> \Device\Ide\IAAStorageDevice-0[0x85F0E028]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 15 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by taky at 06/11/2013 21:05:39

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12991 - (06/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 234173 Items scanned in 00mn 42s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ MSI: 2 link(s) detected in 00mn 42s



~ 1519 Legitimates filtered by white list
End of the scan (497 lines in 03mn 10s)(0)