~ Rapport de ZHPDiag v2013.9.22.410 - Nicolas Coolman (22.09.2013) ~ Lancé par Administrateur (22.09.2013 15:35:51) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v6.0.2900.5512 MFIE: Mozilla Firefox 23.0.1 (Defaut) GCIE: Google Chrome v29.0.1547.66 ---\\ Informations sur les produits Windows ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Panda Internet Security 2012 v17.01.00 Spybot - Search & Destroy v1.6.2 ---\\ Logiciels d'optimisation du système CCleaner v4.05 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 25 ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 32 Bits Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot) Total RAM: 3574.6 MB (88% free) System Restore: Activé (Enable) System drive C: has 220 GB (89%) free of 244 GB ---\\ Mode de connexion au système ~ Computer Name: ASCATE ~ User Name: Administrateur ~ All Users Names: UpdatusUser, SUPPORT_388945a0, PYB, HelpAssistant, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\ ~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\ ~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 220 Go of 244 Go) D: Hard drive, Flash drive, Thumb drive (Free 65 Go of 71 Go) E: Hard drive, Flash drive, Thumb drive (Free 338 Go of 342 Go) F: Hard drive, Flash drive, Thumb drive (Free 49 Go of 75 Go) G: Hard drive, Flash drive, Thumb drive (Free 75 Go of 78 Go) H: Hard drive, Flash drive, Thumb drive (Free 32 Go of 78 Go) I: Hard drive, Flash drive, Thumb drive (Free 345 Go of 346 Go) J: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go) X: CD-ROM drive (Free 0 Go of 1 Go) Y: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 33 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14.04.2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.E2E3219D9687BD2708D9F2BD7DC03EEF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01.08.2013 - 05:17:51.) -- C:\WINDOWS\system32\wininet.dll [672768] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14.04.2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17.08.2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13.04.2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13.04.2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13.04.2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14.04.2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13.04.2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14.04.2008 - 04:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13.04.2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13.04.2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13.04.2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15.07.2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13.04.2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13.04.2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.04.2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13.04.2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13.04.2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14.04.2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14.04.2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 0/0 ~ Mes musiques (My Musics) : 0/0 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 0/0 ~ Mes Documents (My Documents) : 0/12 ~ Mon Bureau (My Desktop) : 0/16 ~ Menu demarrer (Programs) : 1/17 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.F95B411DD5BC9BAED44005A35A209651] - (.SafeIP - Pas de description.) -- C:\Program Files\SafeIP\SafeIPs.exe [3825152] [PID.612] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- E:\E - 2012 MOZILLA FIREFOX\firefox.exe [276376] [PID.2152] [MD5.63DCE64797C64FB6110727B993440EA5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8000512] [PID.2816] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Copernic Agent Professional.lnk . (.Copernic Technologies Inc. - Copernic Agent.) -- E:\COPERNIC 2012\Copernic Agent\CopernicAgent.exe O4 - GS\Program [AllUsers]: KeePass 2.lnk . (.Dominik Reichl - KeePass.) -- C:\Program Files\KeePass Password Safe 2\KeePass.exe O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation O4 - GS\Program [AllUsers]: PowerpointImageExtractor V1.2.lnk . (.--- - Pas de description.) -- E:\POWERPOINT IMAGE EXTRACTOR\PowerpointImageExtractor_V1_2\PowerpointImageExtractor.exe O4 - GS\Program [AllUsers]: Webshots Desktop.lnk . (...) -- C:\Program Files\Webshots\Launcher.exe O4 - GS\Program [PYB]: Screenpresso.lnk . (.Learnpulse - Screenpresso.) -- C:\Documents and Settings\PYB\Local Settings\Application Data\Learnpulse\Screenpresso\Screenpresso.exe ~ Global Startup: 25 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: C-CHANNEL OnlineUpdate.lnk . (.C-Channel AG, 6331 Hünenberg ZG - PeOnlineUpdate.) -- D:\0 - A - BCN\LOGICIEL DES PAIEMENTS\OnlineUpdate\PeOnlineUpdate.exe O4 - GS\Program [AllUsers]: Logitech SetPoint.lnk . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - GS\Program [PYB]: MRU-Blaster Silent Clean.lnk . (...) -- E:\MRU BLASTER\MRU-Blaster\mrublaster.exe O4 - GS\Program [PYB]: Webshots.lnk . (...) -- C:\Program Files\Webshots\Launcher.exe O4 - GS\Program [PYB]: XDESK95 - G.lnk . (.Applied Micros Pty Limited - Personal Time & Data Organizer.) -- G:\X - DESK 95S\XDESK95.exe O4 - GS\Program [Administrateur]: Webshots.lnk . (...) -- D:\022 - WEBSHOTS FOR XP - 2006\Webshots\Launcher.exe O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - ???????? 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe O4 - HKLM\..\Run: [APVXDWIN] . (.Panda Security, S.L. - Panda permanent protection.) -- G:\0 - PANDA IS 2012 - G\APVXDWIN.exe O4 - HKLM\..\Run: [SCANINICIO] . (.Panda Security, S.L. - Inicio Programado.) -- G:\0 - PANDA IS 2012 - G\Inicio.exe O4 - HKLM\..\Run: [CTHelper] . (.Creative Technology Ltd - CtHelper Application.) -- C:\WINDOWS\system32\CTHELPER.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\WINDOWS\KHALMNPR.exe O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\RunOnce: [SAFE8] . (...) -- F:\STEGANOS SAFES 8 WIN XP - 2007 09 02\SAFE8.exe O4 - HKUS\S-1-5-20\..\RunOnce: [SAFE8] . (...) -- F:\STEGANOS SAFES 8 WIN XP - 2007 09 02\SAFE8.exe O4 - HKUS\S-1-5-21-220523388-1637723038-682003330-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-220523388-1637723038-682003330-500\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- E:\E - 2012 OFFICE 2003\OFFICE11\REFBARH.ICO O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355127870296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8C929269-BBE3-450A-B90D-06186BD78675}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8C929269-BBE3-450A-B90D-06186BD78675}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8C929269-BBE3-450A-B90D-06186BD78675}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{8C929269-BBE3-450A-B90D-06186BD78675}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: avldr . (.On-Access Anti-Malware Scanner Sync - On-Access Anti-Malware Scanner Sync.) -- C:\WINDOWS\system32\avldr.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Panda PSK service (PskSvcRetail) . (.Panda Security, S.L. - Anti-malware protection support executable.) - G:\0 - PANDA IS 2012 - G\PskSvc.exe O23 - Service: Second Copy VSS Service (SCVSSService) . (...) - E:\SECOND COPY\Second Copy 8\SCVSSSvc.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe ~ Services: 19 Legitimates Filtered in 00mn 02s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job [538] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Motorola Device Manager Engine.job [458] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Motorola Device Manager Update.job [474] [MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Engine] (...) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920] [MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Update] (...) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920] ~ Scheduled Task: 25 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (aflfile) . (.Giant Matrix Limited - AFL File.) - C:\WINDOWS\system32\drivers\aflfile.sys O41 - Driver: (ESProtectionDriver) . (...) - E:\MALWAREBITE ANTI EXPLOIT\Malwarebytes Anti-Exploit\MBAE.sys O41 - Driver: (HWiNFO32) . (.REALiX(tm) - HWiNFO x86 Kernel Driver.) - C:\WINDOWS\system32\drivers\HWiNFO32.sys O41 - Driver: (networx) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\WINDOWS\system32\drivers\networx.sys O41 - Driver: (SLEE_13_DRIVER) . (...) - C:\WINDOWS\system32\drivers\SLEE13.sys ~ Drivers: 136 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: SafeIP - (.SafeIP.) [HKLM] -- SAFEIP_is1 O42 - Logiciel: SysResources Manager - (.Fotis.) [HKLM] -- SysResources Manager12.0 O42 - Logiciel: Winmail Reader 1.2.15 - (.Kopf.) [HKLM] -- Winmail Reader_is1 ~ Logic: 136 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKLM\Software\Applied Micros] [HKLM\Software\SemaGanel] [HKLM\Software\Yahoo] =>Toolbar.Yahoo [HKLM\Software\appsmaker] ~ Key Software: 179 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 05.07.2013 - 13:00:00 - [0.554] ----D C:\Program Files\Dexclock O43 - CFD: 03.07.2013 - 07:29:54 - [2.584] ----D C:\Program Files\Dr.Oste_v2 O43 - CFD: 21.05.2013 - 05:59:29 - [7.200] ----D C:\Program Files\SafeIP O43 - CFD: 20.06.2012 - 14:49:16 - [0.209] ----D C:\Program Files\VMNetSrv O43 - CFD: 11.01.2013 - 09:02:43 - [2.049] ----D C:\Program Files\Winmail Reader O43 - CFD: 14.07.2012 - 04:07:55 - [0] ----D C:\Program Files\Yahoo! =>Toolbar.Yahoo O43 - CFD: 21.09.2013 - 09:47:10 - [0.000] ----D C:\Documents and Settings\All Users\Application Data\HiSlider O43 - CFD: 19.09.2012 - 15:16:37 - [0] -SH-D C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} ~ Program Folder: 139 Legitimates Filtered in 00mn 09s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.F4ADFD576BE02D83CBACBD1C60B93EBE] - 22.09.2013 - 14:23:14 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [787666] O44 - LFC:[MD5.0396615FC41FD454A942D20AD1E7C2E2] - 22.09.2013 - 14:21:02 ---A- . (...) -- C:\WINDOWS\system32\Drivers\APPFLTR.CFG [1132] O44 - LFC:[MD5.0396615FC41FD454A942D20AD1E7C2E2] - 22.09.2013 - 14:21:02 ---A- . (...) -- C:\WINDOWS\system32\Drivers\APPFLTR.CFG.bck [1132] O44 - LFC:[MD5.2EF8DBD865D8D566553456DA0C672F5D] - 22.09.2013 - 14:21:01 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.7BFEFE4026812317C1217A6E42941FED] - 22.09.2013 - 14:21:01 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.12C65E929FAAC6EA508BA87ECDEDEB67] - 21.09.2013 - 09:36:13 ---A- . (...) -- C:\WINDOWS\system32\settings.sfm [1080] O44 - LFC:[MD5.12C65E929FAAC6EA508BA87ECDEDEB67] - 21.09.2013 - 09:36:13 ---A- . (...) -- C:\WINDOWS\system32\settingsbkup.sfm [1080] O44 - LFC:[MD5.2774488149C50133617A469C4785C8F5] - 21.09.2013 - 09:07:17 ---A- . (...) -- C:\WINDOWS\system32\Drivers\APPFCONT.DAT [416976] O44 - LFC:[MD5.2774488149C50133617A469C4785C8F5] - 21.09.2013 - 09:07:17 ---A- . (...) -- C:\WINDOWS\system32\Drivers\APPFCONT.DAT.bck [416976] O44 - LFC:[MD5.1D03EF37D2A2157D48318FCE8073E577] - 21.09.2013 - 08:20:19 ---A- . (...) -- C:\WINDOWS\popcinfo.dat [10] O44 - LFC:[MD5.9B778DBF040656C1F3E26C7C2C1E61DE] - 20.09.2013 - 09:57:25 ---A- . (...) -- C:\WINDOWS\system32\PAV_FOG.OPC [8627] O44 - LFC:[MD5.DEC899257206803BB258B469CE5F9833] - 20.09.2013 - 09:40:40 ---A- . (...) -- C:\WINDOWS\Kyor.ini [97] O44 - LFC:[MD5.D9C33E68F61F27D8206F65B0190DC5CF] - 17.09.2013 - 02:58:02 ---A- . (.Pas de propriétaire - COMFiltr.) -- C:\WINDOWS\system32\Drivers\COMFiltr.sys [13880] ~ Files: 37 Legitimates Filtered in 00mn 06s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\WINDOWS\system32\Drivers\CleanHlp.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\WINDOWS\system32\Drivers\CleanHlp.sys (.not file.) ~ CSB: 25 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.15049386EDD269B3DD626F8425AE90B9] - 25.08.2012 - 04:25:08 ----- . (.Giant Matrix Limited - AFL File.) -- C:\WINDOWS\system32\Drivers\aflfile.sys [22984] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02.03.2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: 8 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: SEAF By C_XX - (.C_XX.) [HKLM] -- SEAF O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 25.08.2012 - C:\WINDOWS\system32\drivers\aflfile.sys (aflfile) .(.Giant Matrix Limited - AFL File.) - LEGACY_AFLFILE O64 - Services: CurCS - 02.01.1601 - Pas de propriétaire (AsrCDDrv) .(...) - LEGACY_ASRCDDRV O64 - Services: CurCS - 19.06.2013 - Pas de propriétaire (ESProtectionDriver) .(...) - LEGACY_ESPROTECTIONDRIVER O64 - Services: CurCS - 02.01.1601 - Pas de propriétaire (idrmkl) .(...) - LEGACY_IDRMKL O64 - Services: CurCS - 26.11.2012 - C:\WINDOWS\system32\drivers\networx.sys (networx) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETWORX O64 - Services: CurCS - 02.01.1601 - Pas de propriétaire (PavSRK.sys) .(...) - LEGACY_PAVSRK.SYS O64 - Services: CurCS - 16.08.2010 - G:\0 - PANDA IS 2012 - G\PskSvc.exe (PskSvcRetail) .(.Panda Security, S.L. - Anti-malware protection support executable.) - LEGACY_PSKSVCRETAIL O64 - Services: CurCS - 19.04.2013 - C:\Program Files\SafeIP\SafeIPs.exe (SafeIPS) .(.SafeIP - Pas de description.) - LEGACY_SAFEIPS O64 - Services: CurCS - 13.04.2010 - Pas de propriétaire (SCVSSService) .(...) - LEGACY_SCVSSSERVICE O64 - Services: CurCS - 04.10.2005 - Pas de propriétaire (SLEE_13_DRIVER) .(...) - LEGACY_SLEE_13_DRIVER ~ Legacy: 173 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- E:\E - 2012 MOZILLA FIREFOX\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "000000006375502401000A98E2C61B86" . (.Steganos Safe 8 (8.0.13).) -- C:\WINDOWS\Installer\{00000000-5736-4205-1000-A0892E6CB168}\ARPPRODUCTICON.exe ~ Update Products: 55 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.2022B254B92FA6BB7341FD75308F057E] [WIS][23.09.2012] (.Ginipic Ltd. - Ginipic.) -- C:\Windows\Installer\10b536f.msi [2361856] [MD5.44847BA49AFC916A83909C09D96835DF] [WIS][20.06.2012] (.BVRP Software - Blank Project Template.) -- C:\Windows\Installer\a07eaf.msi [279040] [MD5.20CA2BD942C74F6C3F097EBF3C3F594F] [WIS][24.06.2012] (.TuneUp Software - TuneUp Utilities Language Pack (fr-FR).) -- C:\Windows\Installer\b622c0.msi [26112] ~ WIS: 55 Legitimates Filtered in 00mn 02s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 20.09.2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\COMMONFX.dll (COMMONFX.DLL) . (.Creative Technology Ltd.) - c:\system32\COMMONFX.dll SS - | Auto 12.12.1999 44032 | (Creative Service for CDROM Access) . (.Creative Technology Ltd.) - C:\WINDOWS\system32\CTSvcCDA.exe SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CT20XUT.dll (CT20XUT.DLL) . (.Creative Technology Ltd..) - c:\system32\CT20XUT.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTAUDFX.dll (CTAUDFX.DLL) . (.Creative Technology Ltd.) - c:\system32\CTAUDFX.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTEAPSFX.dll (CTEAPSFX.DLL) . (.Creative Technology Ltd.) - c:\system32\CTEAPSFX.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTEDSPFX.dll (CTEDSPFX.DLL) . (.Creative Technology Ltd.) - c:\system32\CTEDSPFX.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTEDSPIO.dll (CTEDSPIO.DLL) . (.Creative Technology Ltd.) - c:\system32\CTEDSPIO.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTEDSPSY.dll (CTEDSPSY.DLL) . (.Creative Technology Ltd.) - c:\system32\CTEDSPSY.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTERFXFX.dll (CTERFXFX.DLL) . (.Creative Technology Ltd.) - c:\system32\CTERFXFX.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTEXFIFX.dll (CTEXFIFX.DLL) . (.Creative Technology Ltd..) - c:\system32\CTEXFIFX.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTHWIUT.dll (CTHWIUT.DLL) . (.Creative Technology Ltd..) - c:\system32\CTHWIUT.dll SS - | Demand 10.07.1658 0 | C:\WINDOWS\system32\CTSBLFX.dll (CTSBLFX.DLL) . (.Creative Technology Ltd.) - c:\system32\CTSBLFX.dll SS - | Demand 14.04.2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 19.06.2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 19.06.2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 20.04.2012 462048 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SS - | Auto 10.09.2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SS - | Auto 01.01.2000 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SS - | Auto 20.07.2009 121360 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe SS - | Auto 31.07.2013 137528 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe SS - | Demand 17.08.2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 29.12.2012 157112 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Auto 29.12.2012 1260472 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 10.08.2009 173312 | (Panda Software Controller) . (.Panda Security, S.L..) - G:\0 - PANDA IS 2012 - G\PsCtrls.exe SS - | Auto 17.10.2012 202016 | (PAVFNSVR) . (.Panda Security, S.L..) - G:\0 - PANDA IS 2012 - G\PavFnSvr.exe SS - | Auto 04.02.2008 62768 | (PavPrSrv) . (.Panda Security, S.L..) - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe SS - | Auto 04.06.2010 314176 | (PAVSRV) . (.Panda Security, S.L..) - G:\0 - PANDA IS 2012 - G\pavsrvx86.exe SS - | Demand 22.10.2003 65536 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SS - | Auto 26.11.2009 226560 | (PSHost) . (.Panda Security International.) - g:\0 - panda is 2012 - g\firewall\PSHOST.exe SS - | Auto 19.06.2008 108288 | (PSIMSVC) . (.Panda Security S.L..) - G:\0 - PANDA IS 2012 - G\PsImSvc.exe SS - | Auto 16.08.2010 28992 | (PskSvcRetail) . (.Panda Security, S.L..) - G:\0 - PANDA IS 2012 - G\PskSvc.exe SS - | Disabled 13.08.2012 260992 | (PuranDefrag) . (.Puran Software.) - C:\WINDOWS\system32\PuranDefragS.exe SR - | Demand 19.04.2013 3825152 | (SafeIPS) . (.SafeIP.) - C:\Program Files\SafeIP\SafeIPs.exe SS - | Auto 13.04.2010 968448 | (SCVSSService) . (...) - E:\SECOND COPY\Second Copy 8\SCVSSSvc.exe SS - | Auto 16.11.2012 156960 | (TPSrv) . (.Panda Security, S.L..) - G:\0 - PANDA IS 2012 - G\TPSrv.exe SS - | Auto 31.01.2013 1724192 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe SS - | Auto 14.04.2008 14336 | C:\WINDOWS\system32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\WINDOWS\system32\svchost.exe ~ Services: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12928 - (22.09.2013) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}] =>Toolbar.TuneUp C:\Program Files\Yahoo! =>Toolbar.Yahoo^ [HKLM\Software\Yahoo] =>Toolbar.Yahoo^ ~ Additionnel Scan: 180808 Items scanned in 00mn 10s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ MSI: 1 link(s) detected in 00mn 10s ~ 983 Legitimates filtered by white list End of the scan (453 lines in 00mn 53s)(0)