~ Rapport de ZHPDiag v2014.4.26.45 - Nicolas Coolman (26/04/2014) ~ Lancé par Administrateur (26/04/2014 22:54:27) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 GCIE: Google Chrome v23.0.1271.97 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système avast! Ad Blocker v1.0.0.0 Malwarebytes Anti-Malware version 2.0.1.1004 Spybot - Search & Destroy v2.2.25 ---\\ Logiciels d'optimisation du système CCleaner v3.20 =>.Piriform Ltd ---\\ Logiciels de partage PeerToPeer eMule ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 4 Stepping 3, GenuineIntel ~ Operating System: 32 Bits Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot) Total RAM: 2038 MB (83% free) System Restore: Activé (Enable) System drive C: has 36 GB (23%) free of 149 GB ---\\ Mode de connexion au système ~ Computer Name: PC_PRINCIPAL ~ User Name: Administrateur ~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Profiles\Administrateur\Application Data\ZHP\ ~ %AppData% : C:\Profiles\Administrateur\Application Data\ ~ %Desktop% : C:\Profiles\Administrateur\Bureau\ ~ %Favorites% : C:\Profiles\Administrateur\Favoris\ ~ %LocalAppData% : C:\Profiles\Administrateur\Local Settings\Application Data\ ~ %StartMenu% : C:\Profiles\Administrateur\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 36 Go of 149 Go) D: CD-ROM drive (Not Inserted) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 45 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.1643EF58F167E8EDA0566EA4402ECB8D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/02/2014 - 12:45:24.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 20:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/851 ~ Mes musiques (My Musics) : 1/112 ~ Mes Videos (My Videos) : 2/27 ~ Mes Favoris (My Favorites) : 1/450 ~ Mes Documents (My Documents) : 1/1732 ~ Mon Bureau (My Desktop) : 0/8152 ~ Menu demarrer (Programs) : 1/47 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.914BAF92497923A6AAE1700798ED917C] - (.Conexant Systems, Inc. - PRISM Profiles Server Module.) -- C:\WINDOWS\system32\PRISMSVR.exe [381014] [PID.1896] [MD5.7EA50DC775B557AD1E06ABF3C7A2A24D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.1864] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Profiles\Administrateur\Application Data\Mozilla\Firefox\Profiles\a8vktdtp.default\prefs.js P2 - FPN: [HKCU] [@tightropeinteractive.com/Plugin] - (...) -- C:\Profiles\Administrateur\Local Settings\Application Data\TNT2\2.0.0.1599\npTNT2.dll (.not file.) ~ Firefox Browser: 33 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 22 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe IE plugin.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{618413C5-0C8D-4D0F-9600-7CED876FA3DF} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Adobe Version Cue CS2] . (.Adobe Sytems Incorporated - Adobe Version Cue CS2.) -- c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [UIUCU] . (.Conexant Systems, Inc. - Conexant Universal Device Install/Uninstall.) -- C:\Profiles\Administrateur\Local Settings\Temp\UIUCU.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (.not file.) O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (.not file.) O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-606747145-115176313-725345543-500\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-606747145-115176313-725345543-500\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=about:blank ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} ((no name)) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ((no name)) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139167323500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342346948984 =>Adware.Boxore O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{6005E303-9140-450E-B9C9-2DB328E3ECB3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS3\Services\Tcpip\..\{6005E303-9140-450E-B9C9-2DB328E3ECB3}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: PRISMAPI.DLL . (.Conexant Systems, Inc. - PRISM COM API Interface Library.) -- C:\WINDOWS\system32\PRISMAPI.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Kaspersky Lab - Kaspersky OE plugin loader.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) . (...) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (.not file.) O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) . (...) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (.not file.) O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe ~ Services: 13 Legitimates Filtered in 00mn 04s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Profiles\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Profiles\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [ParetoLogic Update Version3 Startup Task] (...) -- C:\Program Files\Fichiers communs\ParetoLogic\UUS3\Pareto_Update3.exe (.not file.) [0] =>PUP.Paretologic O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [240] O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [234] O39 - APT: ParetoLogic Update Version3 Startup Task - (...) -- C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job [504] =>PUP.Paretologic ~ Scheduled Task: 23 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (avipbb) . (. - .) - C:\WINDOWS\system32\DRIVERS\avipbb.sys (.not file.) O41 - Driver: (ssmdrv) . (. - .) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (.not file.) O41 - Driver: (tStLib) . (.StdLib - StdLib.) - C:\WINDOWS\system32\drivers\tStLib.sys =>PUP.LinkiDoo ~ Drivers: 108 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Bazooka Scanner - (.Kephyr.) [HKLM] -- {CB0888EE-96D8-4713-84DC-36462C33AEB4} O42 - Logiciel: FRANCE PROSPECT Email 120 - (.FRANCEPROSPECT.) [HKLM] -- {CBB4ED66-9C21-4DDF-A6D0-162081570A73} O42 - Logiciel: HomeSite 4.5 - (...) [HKCU] -- HomeSite 4.5 O42 - Logiciel: MAXIPROSPECT II - (.Quite Simply.) [HKLM] -- {8B422AB9-4DD8-4612-A3A2-25F4F7245FBB}_is1 O42 - Logiciel: Minuterie 2.6 - (.Jean-Paul Doeraene.) [HKLM] -- Minuterie_is1 O42 - Logiciel: New Sign 04142 install - (...) [HKLM] -- New Sign 04142 install O42 - Logiciel: NewSign AM03127or03128 - (...) [HKLM] -- NewSign AM03127or03128 O42 - Logiciel: VisualLightBox - (...) [HKLM] -- VisualLightBox O42 - Logiciel: burnatonce - (...) [HKLM] -- burnatonce_is1 O42 - Logiciel: gmax - (.Discreet.) [HKLM] -- {3FA7A919-87DA-42B1-814B-86DE8DCA17C2} ~ Logic: 37 Legitimates Filtered in 00mn 02s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Allaire] [HKCU\Software\CCT] [HKCU\Software\Conduit_Search_Protect] [HKCU\Software\Definitive Solutions] [HKCU\Software\Minuterie] [HKCU\Software\OB] [HKCU\Software\Quite Simply] [HKCU\Software\Summa] [HKCU\Software\TNT] [HKCU\Software\VisualLightBox] [HKCU\Software\brief] [HKCU\Software\czysoft] [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0] [HKLM\Software\Allaire] [HKLM\Software\CCT] [HKLM\Software\PCTools] [HKLM\Software\TNT] [HKLM\Software\Webemail] [HKLM\Software\wEmeX] ~ Key Software: 370 Legitimates Filtered in 00mn 02s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 05/11/2009 - 19:01:46 - [] ---AD C:\Program Files\11.5 Demo Installer WIN O43 - CFD: 28/09/2007 - 17:27:39 - [] ----D C:\Program Files\acrobat distiller O43 - CFD: 16/02/2012 - 16:18:40 - [] ---AD C:\Program Files\administrator O43 - CFD: 19/02/2006 - 22:37:32 - [] ----D C:\Program Files\Allaire O43 - CFD: 19/11/2007 - 16:01:00 - [] ----D C:\Program Files\Atomic Mail Sender O43 - CFD: 21/03/2014 - 10:36:08 - [] ----D C:\Program Files\Bazooka Scanner O43 - CFD: 03/04/2013 - 09:55:32 - [] ----D C:\Program Files\Brief O43 - CFD: 10/06/2006 - 19:21:48 - [] ----D C:\Program Files\Browser Mouse O43 - CFD: 26/04/2014 - 10:31:59 - [] ----D C:\Program Files\burnatonce O43 - CFD: 19/11/2011 - 11:56:48 - [] ----D C:\Program Files\code ean13 O43 - CFD: 18/10/2006 - 17:22:21 - [0] ----D C:\Program Files\ColiPoste O43 - CFD: 08/01/2007 - 20:21:16 - [] ----D C:\Program Files\DATEXIA DIRECT O43 - CFD: 15/07/2006 - 09:10:45 - [] ----D C:\Program Files\decccheck O43 - CFD: 15/07/2006 - 11:17:09 - [] ----D C:\Program Files\dvd2avi O43 - CFD: 13/09/2007 - 20:06:46 - [] ----D C:\Program Files\E-mail eXtractor O43 - CFD: 30/04/2008 - 10:20:19 - [0] ----D C:\Program Files\email catcher O43 - CFD: 14/09/2007 - 19:41:25 - [] ----D C:\Program Files\Email catcher&sender O43 - CFD: 13/09/2007 - 20:03:36 - [] ----D C:\Program Files\email extractor O43 - CFD: 12/09/2007 - 11:53:54 - [] ----D C:\Program Files\Email Extractor Files 2.1 O43 - CFD: 12/09/2007 - 11:20:40 - [] ----D C:\Program Files\emailextractor O43 - CFD: 17/08/2007 - 13:38:32 - [] ----D C:\Program Files\explorer7 O43 - CFD: 02/04/2014 - 16:57:23 - [] ----D C:\Program Files\fichier d'install compactés O43 - CFD: 26/03/2014 - 10:37:51 - [] ----D C:\Program Files\fichiersd'install compactés O43 - CFD: 02/01/2008 - 20:46:12 - [0] ----D C:\Program Files\flashMX O43 - CFD: 04/12/2008 - 21:33:37 - [] ----D C:\Program Files\fomula1_2007 O43 - CFD: 28/12/2009 - 08:52:12 - [] ----D C:\Program Files\formmail O43 - CFD: 04/12/2008 - 20:05:58 - [] ----D C:\Program Files\formula 1 O43 - CFD: 22/12/2009 - 18:05:27 - [] ----D C:\Program Files\france prospect O43 - CFD: 15/03/2011 - 18:35:21 - [] ----D C:\Program Files\franceinter O43 - CFD: 22/12/2009 - 19:16:49 - [] ----D C:\Program Files\FRANCEPROSPECT O43 - CFD: 18/01/2012 - 12:17:53 - [] ----D C:\Program Files\FTPExpert2 O43 - CFD: 28/01/2014 - 17:01:27 - [] ----D C:\Program Files\Gmax O43 - CFD: 13/03/2006 - 20:30:16 - [] ----D C:\Program Files\Hemera O43 - CFD: 04/12/2008 - 19:12:47 - [] ----D C:\Program Files\illustrator cs2 O43 - CFD: 19/07/2011 - 11:29:28 - [] ----D C:\Program Files\indesign O43 - CFD: 03/09/2011 - 10:15:39 - [] ----D C:\Program Files\InDesign Pro.CS5.v5.0.x64.2011 O43 - CFD: 30/12/2007 - 23:31:12 - [] ----D C:\Program Files\InterActive Vision O43 - CFD: 15/03/2011 - 18:42:55 - [] ----D C:\Program Files\itune O43 - CFD: 08/05/2007 - 12:58:13 - [] ----D C:\Program Files\japonais O43 - CFD: 15/02/2012 - 18:57:01 - [] ----D C:\Program Files\joomla O43 - CFD: 23/03/2007 - 19:45:06 - [] ----D C:\Program Files\kaperski O43 - CFD: 01/02/2011 - 16:30:06 - [] ----D C:\Program Files\Maxiprospect O43 - CFD: 22/04/2011 - 16:16:23 - [] ----D C:\Program Files\MAXIPROSPECT II O43 - CFD: 04/01/2008 - 12:43:16 - [] ----D C:\Program Files\membersarea O43 - CFD: 22/09/2011 - 17:47:25 - [] ----D C:\Program Files\Minuterie O43 - CFD: 03/09/2006 - 18:46:40 - [] ----D C:\Program Files\mod_meteoconsult_1.03 O43 - CFD: 25/11/2013 - 15:42:29 - [] ----D C:\Program Files\New Sign O43 - CFD: 14/03/2006 - 09:47:33 - [0] ----D C:\Program Files\Nouveau dossier O43 - CFD: 15/03/2011 - 18:42:43 - [0] ----D C:\Program Files\Nouveau dossier (2) O43 - CFD: 04/08/2012 - 11:35:35 - [0] ----D C:\Program Files\Nouveau dossier (3) O43 - CFD: 22/01/2008 - 19:54:57 - [] ----D C:\Program Files\olifax O43 - CFD: 23/10/2007 - 15:28:11 - [] ----D C:\Program Files\omniformat O43 - CFD: 03/09/2011 - 08:33:18 - [] ----D C:\Program Files\pdf2swf O43 - CFD: 24/03/2006 - 21:16:56 - [] ----D C:\Program Files\PI_11 O43 - CFD: 13/01/2011 - 13:55:27 - [] ----D C:\Program Files\qmailremove O43 - CFD: 09/11/2009 - 19:19:55 - [] ----D C:\Program Files\rsit O43 - CFD: 12/03/2008 - 12:42:10 - [] ----D C:\Program Files\smart_serial_mail O43 - CFD: 10/04/2007 - 19:54:24 - [] ----D C:\Program Files\Squirelmail O43 - CFD: 14/02/2006 - 21:34:29 - [] ----D C:\Program Files\Summa O43 - CFD: 09/04/2014 - 10:45:29 - [] ----D C:\Program Files\SummaWinPlot O43 - CFD: 19/01/2011 - 19:44:21 - [] ----D C:\Program Files\supermacro O43 - CFD: 03/09/2011 - 08:42:08 - [] ----D C:\Program Files\SWFTools O43 - CFD: 15/10/2008 - 16:17:07 - [] ----D C:\Program Files\TNT O43 - CFD: 31/03/2011 - 18:03:02 - [0] ----D C:\Program Files\toto O43 - CFD: 06/02/2008 - 12:59:18 - [] ----D C:\Program Files\Versailles O43 - CFD: 27/01/2010 - 16:37:11 - [] ----D C:\Program Files\VisualLightBox O43 - CFD: 16/09/2007 - 20:29:48 - [] ----D C:\Program Files\Webemail miner O43 - CFD: 13/06/2009 - 09:27:57 - [] ----D C:\Program Files\webemailminer O43 - CFD: 26/04/2014 - 10:32:32 - [] ----D C:\Program Files\windows7 O43 - CFD: 19/02/2006 - 10:39:51 - [] ----D C:\Program Files\winplotpluginsetupfiles O43 - CFD: 19/02/2006 - 10:23:13 - [] ----D C:\Program Files\winplotsetupfiles O43 - CFD: 04/03/2011 - 11:00:12 - [] ----D C:\Program Files\YouTUBE (TM) movie downloader O43 - CFD: 27/09/2006 - 14:08:15 - [] ----D C:\Program Files\ztreewin O43 - CFD: 21/03/2014 - 12:10:46 - [] ----D C:\Profiles\All Users\Application Data\Ad-Aware Browsing Protection O43 - CFD: 23/02/2010 - 18:25:33 - [] -SH-D C:\Profiles\All Users\Application Data\e560373 O43 - CFD: 23/02/2010 - 12:58:10 - [] -SH-D C:\Profiles\All Users\Application Data\MSEBHWRKDAW O43 - CFD: 26/04/2014 - 10:31:31 - [] -SH-D C:\Profiles\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} O43 - CFD: 17/06/2013 - 17:43:33 - [] ----D C:\Profiles\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F} O43 - CFD: 17/06/2013 - 17:43:50 - [] ----D C:\Profiles\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690} O43 - CFD: 13/03/2006 - 20:30:16 - [] ----D C:\Profiles\Administrateur\Application Data\Hemera O43 - CFD: 13/05/2008 - 19:21:26 - [] ----D C:\Profiles\Administrateur\Application Data\LimeWire O43 - CFD: 21/03/2014 - 10:36:08 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\Bazooka Scanner O43 - CFD: 25/11/2013 - 15:42:30 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\New Sign O43 - CFD: 09/07/2012 - 09:27:24 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\VisualLightBox ~ Program Folder: 375 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.616ECD26F6F0D1370CE955A6412248EC] - 15/04/2014 - 16:50:38 ---A- . (...) -- C:\WINDOWS\CSTBox.INI [50451] O44 - LFC:[MD5.0065E911F966A71A115D9A52FF3DFC99] - 22/04/2014 - 14:18:27 ---A- . (...) -- C:\WINDOWS\system32\sasnative32.exe [17136] O44 - LFC:[MD5.38C887B0EACAD10846265AE9531DCDED] - 22/04/2014 - 21:03:30 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [522544] O44 - LFC:[MD5.9152E69766779128B879974401F663FF] - 23/04/2014 - 13:11:50 -SHA- . (...) -- C:\Thumbs.db [26624] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 26/04/2014 - 08:45:38 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.E526FF40EE197D0BC1E9A015D2C9B066] - 26/04/2014 - 08:45:38 ---A- . (...) -- C:\WINDOWS\win.ini [1210] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/04/2014 - 09:16:12 ---A- . (...) -- C:\WINDOWS\Explorer.EXE.Z-missing.txt [0] O44 - LFC:[MD5.0D7860A60366B758DFD3C167C67F6D1F] - 26/04/2014 - 09:36:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.36DCB8E0A778BFFE442850732F2FBFC5] - 26/04/2014 - 09:36:10 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/04/2014 - 18:51:56 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576] O44 - LFC:[MD5.CB231E9589AACE10709B99722B7EA09F] - 26/04/2014 - 21:38:10 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664] O44 - LFC:[MD5.58129646D04E3F2F4D13F34D115996FB] - 26/04/2014 - 21:44:11 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [1052794] ~ Files: 28 Legitimates Filtered in 00mn 03s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\fxsclnt.exe" [Enabled] .(...) -- C:\WINDOWS\system32\fxsclnt.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\FTPExpert2\FTPxpert.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Program Files\FTPExpert2\FTPxpert.exe O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe" [Enabled] .(...) -- C:\Program Files\Real\RealPlayer\realplay.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Profiles\All Users\Application Data\e560373\MSe560.exe" [Enabled] .(...) -- C:\Profiles\All Users\Application Data\e560373\MSe560.exe (.not file.) O47 - AAKE:Key Export SP - "C:\OLIFAXVX\OLIFAX.EXE" [Enabled] .(.Pas de propriétaire.) -- C:\OLIFAXVX\OLIFAX.exe O47 - AAKE:Key Export SP - "E:\Program Files\wamp\wampmanager.exe" [Enabled] .(...) -- E:\Program Files\wamp\wampmanager.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Profiles\Administrateur\Local Settings\Application Data\Akamai\netsession_win.exe" [Enabled] .(...) -- C:\Profiles\Administrateur\Local Settings\Application Data\Akamai\netsession_win.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe ~ Keys Export: 37 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{166aa216-ca4e-11e3-82bb-00123fb8f58e}\AutoRun\command. (...) -- E:\setup.exe (.not file.) O51 - MPSK:{6c3c48b5-c421-11dc-ab2b-000000000000}\AutoRun\command - Clé orpheline O51 - MPSK:{974c1c0a-5243-11dc-bdfd-000000000000}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Akamai NetSession Interface [Key] . (...) -- C:\Profiles\Administrateur\Local Settings\Application Data\Akamai\netsession_win.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Search Protection [Key] . (...) -- C:\Profiles\All Users\Application Data\Search Protection\SearchProtection.exe (.not file.) =>Toolbar.Conduit O53 - SMSR:HKLM\...\startupreg\SJelite3Launch [Key] . (...) -- C:\Profiles\Administrateur\Application Data\Transcend\SJelite3\SJelite3Launch.exe ~ SMSR Keys: 35 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49248] O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [164736] O58 - SDL:24/03/2004 - 10:12:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272] O58 - SDL:24/09/2002 - 09:22:42 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:13/04/2008 - 17:36:05 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:07/01/2005 - 16:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920] O58 - SDL:11/07/2005 - 11:14:42 ---A- . (.Windows (R) 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\jl2008pc.sys [125370] O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:03/08/2004 - 21:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:03/08/2004 - 21:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:24/09/2002 - 09:23:23 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:14/01/2005 - 17:14:07 ---A- . (.Protection Technology - StarForce Protection Environment Driver.) -- C:\WINDOWS\system32\Drivers\sfdrv01.sys [47616] O58 - SDL:28/10/2004 - 11:47:59 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\Drivers\sfhlp02.sys [6656] O58 - SDL:03/08/2004 - 21:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:03/08/2004 - 21:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:18/03/2014 - 06:42:28 ---A- . (.StdLib - StdLib.) -- C:\WINDOWS\system32\Drivers\tStLib.sys [55224] =>PUP.LinkiDoo O58 - SDL:24/09/2002 - 09:22:42 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:24/09/2002 - 09:22:20 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:24/09/2002 - 09:22:27 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:24/09/2002 - 09:22:48 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:24/09/2002 - 09:22:54 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 124 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7} O63 - Logiciel: RSIT - (.random/random.) ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 06/03/2013 - C:\WINDOWS\system32\Drivers\aswRvrt.sys (aswRvrt) .(...) - LEGACY_ASWRVRT O64 - Services: CurCS - 28/10/2004 - C:\WINDOWS\system32\drivers\sfhlp02.sys (sfhlp02) .(.Protection Technology - StarForce Protection Helper Driver.) - LEGACY_SFHLP02 O64 - Services: CurCS - 18/03/2014 - C:\WINDOWS\system32\drivers\tStLib.sys (tStLib) .(.StdLib - StdLib.) - LEGACY_TSTLIB =>PUP.LinkiDoo ~ Legacy: 186 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://findgala.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://findgala.com O69 - SBI: SearchScopes [HKUS\S-1-5-19] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar O69 - SBI: SearchScopes [HKUS\S-1-5-20] {006ee092-9658-4fd6-bd8e-a21a348e59f5} - (Web Search) - http://feed.snapdo.com =>Hijacker.SmartBar ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.EFD26226121BF4382F93D0ED8E9D7858] [SPRF][06/06/2007] (...) -- C:\Profiles\All Users\Application Data\pdfdoc2.dll [1024] [MD5.BF9D93903B9D01EE3153147B5C08F928] [SPRF][25/05/2007] (...) -- C:\Profiles\All Users\Application Data\pdfxls2.dll [1024] [MD5.4F029701879F1CEB02EB7907DC565248] [SPRF][26/04/2014] (...) -- C:\Profiles\Administrateur\Bureau\adwcleaner (1) (1).exe [1330861] [MD5.A8B1D3AEE48FD33067C808960E68C0BC] [SPRF][06/10/2012] (.Romain Bourdon (Roms) - WampServer 2 Setup.) -- C:\Profiles\Administrateur\Bureau\WAMP Server.exe [2072063] [MD5.6C378170CBEC45E5DBBE6B5A17BB3C90] [SPRF][15/06/2006] (.eBay, Inc. - EPUWALControl Module.) -- C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll [1132192] =>Toolbar.eBay [MD5.18B54B53CEE0E7204495BAB864EBBF03] [SPRF][14/04/2006] (.Yahoo! Inc. - YInstHelper Module.) -- C:\WINDOWS\Downloaded Program Files\yinsthelper.dll [188968] ~ Files: 18 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "A608ECA5C01900D438745A248657AB7F" . (.IObit Toolbar v7.3.) -- C:\WINDOWS\Installer\{5ACE806A-910C-4D00-8347-A5426875BAF7}\ARPPRODUCTICON.exe =>PUP.Dealio ~ Update Products: 1 Legitimates Filtered in 00mn 00s ---\\ Export de clés de registre aléatoires (O91) [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:167b88b4="%89wNC%81%25%29n%c3%c6h%95%db%2c%a2%7c%8e%c1%d6%b5%d2%c4%60n%80k%fbi=%be%0b%eb_%93%12d%3a%e0mH%7fI%d3%5b%9b%b6%bd%b1" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:2819d2ba="%fc%249%b8%16%1d%16%d8" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:2f5dc75="6%a3A%a8W%dej%24" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:3854b8a6="%bdB%eeht%d4%a1%e9" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:4bcea63d="A%ea%03%23%ec0%fe%e4%c7%87%a1%b0%d4%fd%25%84%e9%b0u%ac%7c%ae%60%ab%bd%d6%eb%da%bf%d0B%b9J%d0%f4%cdTV%ab%ea%94%baN%fdR [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:568d2252="%8b%820%0f0y%1e%83%e2h%22%3bK%c2t%29%f3%01%e7%f3z%f69%de%3a%24%2c%25%08%cb%7c%93%a7%26%b8%8c%19%d7%16G%a7%21%c1%10%fb [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:56ce4d0d="%fc%249%b8%16%1d%16%d8" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:5ee5f46="%fc%249%b8%16%1d%16%d8" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:87960ac2="A%ea%03%23%ec0%fe%e4%c7%87%a1%b0%d4%fd%25%84%7c%05%e6%82%03%3b%2c%05g%04%ebh%a7%ac%ad%16c%eaY%03%023%a7%3c%ef%aeB%ean [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:89aedc31="%3a%bd%ae%ce%14%caN%5e%5d%96%c7%c9%5e%3e%b1R" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:97b5fa41="%bdB%eeht%d4%a1%e9" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:="" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a76ed395="%2b%0e%8d%d1%0f%88%9a%c7" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a7966986="%81%92%5b%d7%0bh%b3%3e%0d%254%d9%8b%05%a2%15" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a7c499ab="%fc%249%b8%16%1d%16%d8" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:aa9e377a="%f2%5ca%aa%cd%0c%ed%c6%a0%e7%18l%b5T%f4%97" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:b308e13d="%2c%b6%c0%7e%de%d0%aa%5e%7f%f2u%04%8e%bb%b0%e3" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:bf1cd3c3="%fe%11%1fR%27%0d%0f%97" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ccf3978b="%7d%f0%7dZq%bc%2bC" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:cdbdeaa8="%7d%f0%7dZq%bc%2bC" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ee6e5e89="_%f4%96%c8J%7b%1dL%5b%85%12%e8%25%e8%bb%06%0d%d4%3a%d3%0e%d0v%e7%92%f0%a7%01%10%bcH%cab%a6%87X1%01%89%a9O%b0%11T%f3%a [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ef4e1b6="%2c%b6%c0%7e%de%d0%aa%5e%7f%f2u%04%8e%bb%b0%e3" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:f75641ea="%7d%f0%7dZq%bc%2bC" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:f92f3e70="%0dtX%aa%dd%0c%c1%b3" [HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ffd56eff="y%e9%9e%c6%d5%8fJ%ea" ~ Export Key Software: Scanned in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Allaire FTP & RDS - {0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} O92 - MNS: Nikon View - {C56C4E21-706D-11d0-AFC5-444553540003} ~ MNS: 3 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.C724403F0387B2E9A785CA49A25F99EC] [WIS][24/07/2013] (.Spigot, Inc. - Widgi Toolbar.) -- C:\Windows\Installer\1c302201.msi [1468928] =>PUP.Dealio ~ WIS: 1 Legitimates Filtered in 00mn 07s ---\\ Scan Additionnel (O88) Database Version : 13045 - (26/04/2014) Clés trouvées (Keys found) : 9 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 3 [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection] =>Toolbar.Conduit^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] =>Adware.AdRotator [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] =>Adware.AdRotator [HKLM\Software\Classes\CLSID\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}] =>Adware.AdRotator [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e015787-b1e3-404a-95de-3e71e1fa0305}] =>Adware.AdRotator [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8e015787-b1e3-404a-95de-3e71e1fa0305}] =>Adware.AdRotator [HKLM\Software\Classes\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305}] =>Adware.AdRotator [HKLM\Software\Classes\rotator.gizmo3] =>Adware.BHO [HKLM\Software\Classes\rotator.gizmo3.1] =>Adware.BHO C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job =>PUP.Paretologic^ C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll =>Toolbar.eBay^ C:\Windows\Installer\1c302201.msi =>PUP.Dealio^ ~ Additionnel Scan: 470930 Items scanned in 04mn 02s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic http://nicolascoolman.webs.com/apps/blog/show/42132229-pup-linkidoo =>PUP.LinkiDoo http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio http://nicolascoolman.webs.com/apps/blog/show/26601630-adware-adrotator =>Adware.AdRotator ~ MSI: 7 link(s) detected in 00mn 00s ~ 1361 Legitimates filtered by white list End of the scan (656 lines in 05mn 14s)(0)