~ Rapport de ZHPDiag v2014.3.10.11 - Nicolas Coolman (10/03/2014) ~ Lancé par XH (11/03/2014 20:47:06) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 27.0.1 (Defaut) GCIE: Google Chrome v33.0.1750.146 ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système Pack sécurité GarminHeaven 27.1.2012 Pack sécurité GarminHeaven 27.1.2012 Microsoft Security Client v4.4.0304.0 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Java 7 Update 51 ---\\ Informations sur le système ~ Processor: x86 Family 21 Model 16 Stepping 1, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot) Total RAM: 2261 MB (77% free) System Restore: Activé (Enable) System drive C: has 3 GB (7%) free of 39 GB ---\\ Mode de connexion au système ~ Computer Name: XHD ~ User Name: XH ~ All Users Names: XH, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\XH\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\XH\Application Data\ ~ %Desktop% : C:\Documents and Settings\XH\Bureau\ ~ %Favorites% : C:\Documents and Settings\XH\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\XH\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\XH\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 39 Go) D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 39 Go) E: Hard drive, Flash drive, Thumb drive (Free 5 Go of 71 Go) F: CD-ROM drive (Free 0 Go of 4 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.2988BFF8257A55EA8AFD038F49F81A34] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2014 - 13:20:01.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 03:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 03:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1477 ~ Mes musiques (My Musics) : 14/2165 ~ Mes Videos (My Videos) : 2/50 ~ Mes Favoris (My Favorites) : 1/37 ~ Mes Documents (My Documents) : 4/7260 ~ Mon Bureau (My Desktop) : 1/810 ~ Menu demarrer (Programs) : 0/52 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1128] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.312] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.964] [MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8352256] [PID.684] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\XH\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://search.bearshare.net =>PUP.BearShare G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ~ Google Browser: 15 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr ~ IE Browser: 13 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 05s ~ Nombre de lignes (Lines number): 15313 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor Computer Inventory.) -- C:\Program Files\Belarc\Advisor\BelarcAdvisor.exe O4 - GS\Program [AllUsers]: EasyGPS.lnk . (.TopoGrafix - EasyGPS.) -- C:\Program Files\EasyGPS\EasyGPS.exe O4 - GS\Program [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe O4 - GS\Program [XH]: ApprendreLesTables.lnk . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Documents and Settings\XH\ApprendreLesTables\1.2\bin\1.2\bin\javaw.exe O4 - GS\Program [XH]: QCM Parapente 2012.lnk . (...) -- C:\Documents and Settings\XH\Local Settings\Application Data\QCM FFVL PARA2012\QCMParapente-2012.accdr O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation ~ Global Startup: 22 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nwiz] . (.NVIDIA Corporation - NVIDIA nView Wizard, Version 100.28.) -- C:\WINDOWS\system32\nwiz.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\System32\NvMcTray.dll O4 - HKLM\..\Run: [LXSUPMON] . (.Lexmark - Supplies Monitor.) -- C:\WINDOWS\system32\LXSUPMON.exe O4 - HKLM\..\Run: [VTTimer] Clé orpheline O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (.not file.) O4 - HKLM\..\Run: [WebCam Go Sti Service Application] Clé orpheline O4 - HKLM\..\Run: [NVMixerTray] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes - (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\CleanTemps.job [258] [MD5.D2431DB18D664CCEC617718E8D407497] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd [198] ~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys O41 - Driver: (BIOS) . (.BIOSTAR Group - I/O Interface driver file.) - C:\WINDOWS\system32\drivers\BIOS.sys ~ Drivers: 47 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 3D Exploration - (...) [HKLM] -- 3D Exploration O42 - Logiciel: Coloreal Bright - (...) [HKLM] -- {4BFF2645-303A-4C2D-B5C5-FD8F398E07A9} O42 - Logiciel: EasyGPS 4.45 - (.TopoGrafix.) [HKLM] -- EasyGPS_is1 O42 - Logiciel: GEONExT 1.74 - (.GEONExT Group.) [HKLM] -- GEONExT_is1 O42 - Logiciel: Les Chemins de la Lecture - (...) [HKLM] -- {352B2D26-26A3-468C-8295-AE2830EE0536} O42 - Logiciel: M3Gate - (...) [HKLM] -- {A128E661-349A-4E33-97D2-95C824BF4D90} O42 - Logiciel: SplitCam - (.LoteSoft Co..) [HKLM] -- {00718491-55BF-46C6-83EF-4B3B95AC807A} O42 - Logiciel: SuperTux 0.1.3 - (.SuperTux Development Team.) [HKLM] -- SuperTux_is1 O42 - Logiciel: Voxeet - (.Voxeet.) [HKLM] -- Voxeet O42 - Logiciel: Z-Anaglyph - (...) [HKLM] -- Z-Anaglyph ~ Logic: 49 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\GraphWeather] [HKCU\Software\LoteSoft] [HKCU\Software\NumericLabs] [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\Senvid] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\WSVCUPlugin] [HKCU\Software\X Dimension] [HKCU\Software\YahooPartnerToolbar] [HKLM\Software\FURI-CNED] [HKLM\Software\FXCD] [HKLM\Software\GEONExT Group] [HKLM\Software\LoteSoft Co.] [HKLM\Software\LoteSoft] [HKLM\Software\Neuratron] [HKLM\Software\NumericLabs] [HKLM\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Senvid] ~ Key Software: 430 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 28/02/2011 - 16:21:09 - [0,384] ----D C:\Program Files\Cumulus O43 - CFD: 02/08/2012 - 17:29:30 - [8,476] ----D C:\Program Files\EasyGPS O43 - CFD: 31/01/2009 - 19:17:36 - [0,059] ----D C:\Program Files\FURI-CNED O43 - CFD: 01/12/2012 - 17:16:02 - [10,672] ----D C:\Program Files\GEONExT O43 - CFD: 31/05/2012 - 19:29:08 - [0,365] ----D C:\Program Files\Neuratron PhotoScore Demo O43 - CFD: 02/03/2012 - 19:06:37 - [2,301] ----D C:\Program Files\NumericLabs O43 - CFD: 19/03/2013 - 11:38:05 - [17,093] ----D C:\Program Files\s3graphics O43 - CFD: 29/01/2009 - 00:49:09 - [23,319] ----D C:\Program Files\Sailmath O43 - CFD: 15/12/2013 - 11:08:40 - [4,897] ----D C:\Program Files\SplitCam O43 - CFD: 04/03/2010 - 17:49:36 - [15,494] ----D C:\Program Files\SuperTux O43 - CFD: 09/12/2011 - 05:13:03 - [9,386] ----D C:\Program Files\TPE O43 - CFD: 08/03/2013 - 13:39:11 - [20,507] ----D C:\Program Files\Voxeet O43 - CFD: 14/11/2011 - 04:44:23 - [2,071] ----D C:\Program Files\Zanag O43 - CFD: 07/04/2008 - 15:37:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\MailFrontier O43 - CFD: 11/03/2014 - 16:45:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic O43 - CFD: 19/03/2013 - 12:01:22 - [0] ----D C:\Documents and Settings\All Users\Application Data\s3graphics O43 - CFD: 13/10/2013 - 13:47:55 - [0] ----D C:\Documents and Settings\All Users\Application Data\xml_param O43 - CFD: 29/11/2010 - 18:47:33 - [0,001] ----D C:\Documents and Settings\XH\Application Data\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1 O43 - CFD: 19/11/2011 - 18:30:54 - [0] ----D C:\Documents and Settings\XH\Application Data\FUJI FILM O43 - CFD: 11/03/2014 - 16:19:41 - [0,110] ----D C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic O43 - CFD: 20/03/2013 - 06:01:37 - [0,319] ----D C:\Documents and Settings\XH\Application Data\Voxeet O43 - CFD: 13/10/2013 - 13:43:48 - [0] ----D C:\Documents and Settings\XH\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} O43 - CFD: 08/03/2013 - 13:56:26 - [0,101] ----D C:\Documents and Settings\XH\Local Settings\Application Data\Voxeet O43 - CFD: 15/03/2012 - 17:08:38 - [8,025] ----D C:\Documents and Settings\XH\Local Settings\Application Data\{06F8A00D-727E-483E-B2EC-21C7EE145549} O43 - CFD: 31/01/2009 - 19:17:37 - [0,002] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Lire avec FURI O43 - CFD: 29/01/2009 - 00:49:06 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Sailmath O43 - CFD: 14/11/2011 - 04:36:58 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Z-Anaglyph ~ Program Folder: 269 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.9AF03EB4FBD5D7FCD7750EC60727CA8E] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiadebug.log [275] O44 - LFC:[MD5.70E1454FAEE97E09370015083EA50AFA] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.B073E39AC258E2AF10D7105DA2125CBC] - 10/03/2014 - 18:07:12 R--A- . (.Pas de propriétaire - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [73728] O44 - LFC:[MD5.D5242645DAC827E91FC300772FD0E2AD] - 10/03/2014 - 19:20:25 R--A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [662785] O44 - LFC:[MD5.5169798301516305B07409B86C8BF1C0] - 10/03/2014 - 19:20:28 R--A- . (...) -- C:\WINDOWS\system32\atiapfxx.blb [284304] O44 - LFC:[MD5.701E8F87F905722C6879EFC5EEFF6C08] - 10/03/2014 - 19:20:43 R--A- . (...) -- C:\WINDOWS\atiogl.xml [38445] O44 - LFC:[MD5.B9134C24D34AD8711E24348E2F69ED81] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\Thumbs.db [9728] O44 - LFC:[MD5.A14A45CC49006188B7B347CF62FA51DC] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.F6C887B00DD2FC82AEC04D2DA54F1AE7] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\win.ini [1012] O44 - LFC:[MD5.11131A38C01B696741E36C65D624006E] - 11/03/2014 - 13:51:59 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [5968] O44 - LFC:[MD5.396A7513A266B3FB1DDA9F9FB2AB309C] - 11/03/2014 - 19:13:43 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1917] O44 - LFC:[MD5.332C6F3BC25527103A5CEAE67671ACA7] - 11/03/2014 - 19:15:00 ---A- . (...) -- C:\WINDOWS\msmqinst.log [778362] O44 - LFC:[MD5.183E59AB4EF432B5173CEF502FF3A0D5] - 11/03/2014 - 19:15:01 ---A- . (...) -- C:\WINDOWS\netfxocm.log [416996] O44 - LFC:[MD5.79E8C6EFF6C7F0249E6765ED11DFADB4] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [2343597] O44 - LFC:[MD5.5657221FD7DF968ED12D066839A7FF2C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\comsetup.log [850650] O44 - LFC:[MD5.DBB1DA44E3126AC08E3CC58DF4C1306A] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\iis6.log [856876] O44 - LFC:[MD5.80ACB45D240D32D8CC337A0855D2BFC6] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\imsins.log [4566] O44 - LFC:[MD5.B12A9DCCABC07796C4E094BED1EF4CF3] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\medctroc.Log [166754] O44 - LFC:[MD5.5A30D7170277A0AC9511F1A07710D198] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\msgsocm.log [121210] O44 - LFC:[MD5.5CCD19A20080AA72F18047614E179CB7] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [513461] O44 - LFC:[MD5.8F6D4AF583F600D47DA2605490F7223C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocgen.log [1239308] O44 - LFC:[MD5.8FC48BE83F6372BEDC8DF26E304C228B] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocmsn.log [134065] O44 - LFC:[MD5.19817B5EDCB4113190DD36993E318C31] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tabletoc.log [120111] O44 - LFC:[MD5.1FD6CC42BA895BEE2226C2D5F056D281] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tsoc.log [1121853] O44 - LFC:[MD5.7F6F6D9041960BBB82A062A42B658B13] - 11/03/2014 - 20:29:10 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [7429018] ~ Files: 67 Legitimates Filtered in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe ~ Keys Export: 11 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Aimersoft Helper Compact.exe [Key] . (.AimerSoft - AimerSoft Studio.) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (...) -- C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Chrome3 [Key] . (...) -- ;;; C:\Program Files\s3graphics\chrome3\Chrome3.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Coloreal Hint [Key] . (.WayTech Development, Inc. - Coloreal Hint Application.) -- C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe O53 - SMSR:HKLM\...\startupreg\Voxeet [Key] . (.Voxeet - Voxeet.) -- C:\Program Files\Voxeet\voxeet.exe ~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.548CCBD8B48FDF7E2435AD6017920A7F] - 08/10/2012 - 19:53:56 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys [26080] O58 - SDL:[MD5.5D7BE7B19E827125E016325334E58FF1] - 09/08/2011 - 17:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\BANTExt.sys [3840] O58 - SDL:[MD5.BE5D50529799B9BAB6BE879EC768B6CF] - 15/03/2005 - 20:23:54 R--A- . (.BIOSTAR Group - I/O Interface driver file.) -- C:\WINDOWS\system32\Drivers\BIOS.sys [13696] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9339335CFAF1EBD80734098FF938B32A] - 28/03/2013 - 14:35:04 ---A- . (.FNet Co., Ltd. - FNetTHJM.sys.) -- C:\WINDOWS\system32\Drivers\fnetthjm.sys [24448] O58 - SDL:[MD5.773C1893FAE9D405110C98A00040ABD4] - 04/06/2009 - 10:34:06 ---A- . (.Guillemot Corp S.A. - Guillemot USB Audio Processing Filter.) -- C:\WINDOWS\system32\Drivers\guillflt.sys [54784] O58 - SDL:[MD5.3504C8284DC8F04A522455DE81C9D1B8] - 12/06/2009 - 13:24:58 ---A- . (.NTK - 96610 PC Camera mini Driver.) -- C:\WINDOWS\system32\Drivers\nvtcam.sys [2697728] O58 - SDL:[MD5.AF11848A34BF87116B721A3AF1EC3A5E] - 12/06/2009 - 13:24:36 ---A- . (.Windows (R) Codename Longhorn DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\nvtcamd2.sys [29440] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 02:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.C7C361A04742AB187E10583BBF4FA975] - 27/09/2013 - 17:28:11 ---A- . (.LoteSoft Co. - Video Capture Stream Splitter.) -- C:\WINDOWS\system32\Drivers\splitcam.sys [13824] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.C9B342631F4FA5F7F3D9B503CB9C615F] - 05/09/2003 - 09:57:50 ---A- . (.Leadtek Research Inc. - WinFox I/O Device (Windows 2000/XP).) -- C:\WINDOWS\system32\Drivers\WINFOXIO.sys [9469] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 09:23:06 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 22:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 01/01/1601 - C:\DOCUME~1\XH\LOCALS~1\Temp\mbr.sys (mbr) .(...) - LEGACY_MBR ~ Legacy: 178 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\XH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.D751B24F5123A5C012BB071A0E40ED8A] [SPRF][30/05/2012] (...) -- C:\Documents and Settings\XH\Bureau\adwcleaner.exe [591235] [MD5.EC996A0C57736736A865C5A0DE2262BE] [SPRF][05/03/2009] (...) -- C:\Documents and Settings\XH\Bureau\Google Updater.exe [1046648] [MD5.25BA3E44CC66B1549EA050688B222C66] [SPRF][31/05/2012] (.IS Decisions - SkypeCleaner.) -- C:\Documents and Settings\XH\Bureau\SkypeCleaner.exe [90112] [MD5.54ACBA9CFD7154C02CEACF6310CF3CFA] [SPRF][31/05/2012] (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Documents and Settings\XH\Bureau\spybotsd162.exe [16409960] [MD5.F0212D2C6869C817E6AD7E65B8531FEF] [SPRF][03/06/2012] (.Krzysztof Kowalczyk - SumatraPDF Installer.) -- C:\Documents and Settings\XH\Bureau\SumatraPDF-2.1.1-install.exe [4419192] ~ Files: 15 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.D4AF80DCB54F659726E47128301F43B8] [WIS][25/12/2013] (.Coby - Coby Media Manager.) -- C:\Windows\Installer\39fd68.msi [1251328] [MD5.71F9333616F531E95B3F25FCD0BF056D] [WIS][09/12/2011] (.UNKNOWN - TPE.) -- C:\Windows\Installer\74ed6.msi [23552] [MD5.FCB9C65C271E06FE10603DC803603E49] [WIS][03/04/2012] (.Daniel Oddou - Questionnaire pour les brevets parapente.) -- C:\Windows\Installer\cad7fd.msi [211968] ~ WIS: 64 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 29/11/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe SS - | Auto 05/03/2009 133104 | (gupdate1c99e22bd159b1a) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 05/03/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Auto 04/10/2011 194104 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe SS - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SS - | Auto 17/02/2011 88688 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe SS - | Auto 09/10/2001 300544 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe SS - | Demand 25/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 14/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe SS - | Auto 10/01/2005 139331 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Auto 27/08/2010 536576 | (S3funkey) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3funkey.svc SS - | Auto 27/08/2010 499712 | (S3loadsv) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3loadsv.svc SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe ~ Services: Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : 13031 - (10/03/2014) Clés trouvées (Keys found) : 16 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ParetoLogic] =>PUP.Paretologic [HKLM\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults [HKLM\Software\Classes\CLSID\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo [HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector [HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic^ C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic^ ~ Additionnel Scan: 228202 Items scanned in 00mn 24s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare ~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults =>PUP.SearchResults ~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector ~ MSI: 6 link(s) detected in 00mn 24s ~ 1235 Legitimates filtered by white list End of the scan (568 lines in 00mn 55s)(0)