~ Rapport de ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014) ~ Lancé par SYLVIANE (08/02/2014 17:19:53) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 27.0 (Defaut) GCIE: Google Chrome ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2013 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ Logiciels d'optimisation du système CCleaner v4.10 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer eMule ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 51 ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 95 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1791 MB (69% free) System Restore: Activé (Enable) System drive C: has 31 GB (44%) free of 71 GB ---\\ Mode de connexion au système ~ Computer Name: PECHONSYLVIANE ~ User Name: SYLVIANE ~ All Users Names: SYLVIANE, SUPPORT_388945a0, HelpAssistant, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\SYLVIANE\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\SYLVIANE\Application Data\ ~ %Desktop% : C:\Documents and Settings\SYLVIANE\Bureau\ ~ %Favorites% : C:\Documents and Settings\SYLVIANE\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\SYLVIANE\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\SYLVIANE\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 31 Go of 71 Go) D: Floppy drive, Flash card reader, USB Key (Not Inserted) E: Floppy drive, Flash card reader, USB Key (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Hard drive, Flash drive, Thumb drive (Free 71 Go of 71 Go) I: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 42 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.897CA9DA6F568E24549719D5676385A1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 08:57:02.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 18:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 16:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 02:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 18:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 02:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 18:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 01:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/3360 ~ Mes musiques (My Musics) : 4/2031 ~ Mes Videos (My Videos) : 2/51 ~ Mes Favoris (My Favorites) : 1/42 ~ Mes Documents (My Documents) : 2/5541 ~ Mon Bureau (My Desktop) : 0/46 ~ Menu demarrer (Programs) : 1/24 ~ Hidden Files: Scanned in 00mn 17s ---\\ Processus lancés [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1824] [MD5.44B3B997E25C5D9A81D6C501451A96D7] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [99888] [PID.2000] [MD5.DA1485749B785ADCEB421874F5F3405B] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.1764] [MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.1948] [MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.624] [MD5.37F339B64F19E2775284ED7161B96683] - (.Microsoft Corporation - Zune Bus Enumerator Service.) -- C:\Program Files\Zune\ZuneBusEnum.exe [57056] [PID.1148] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1344] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2336] [MD5.5ADA30D570F877E4F01C8DF67F781E0E] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16208384] [PID.3468] [MD5.03E0CDD5CCF362593EA52B0151750D0A] - (.Logitech Inc. - Logitech Communications Manager.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [497200] [PID.3788] [MD5.6C645D7DF2462697BC7A086E328607D5] - (...) -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [614960] [PID.3864] [MD5.F63465BBCE7059EA281ECAFF7590E1E8] - (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [243248] [PID.3884] [MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208] [PID.3896] [MD5.12902A626CAE9F362AAE39EF1FC79E87] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\Systray\SystrayApp.exe [94208] [PID.464] [MD5.E9257AE2500A3C8272B6C32A1329DAA3] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe [90112] [PID.2220] [MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe [295072] [PID.2272] [MD5.5BD2DA256A68E99622D6968330DCC461] - (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe [159456] [PID.1448] [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3767096] [PID.2288] [MD5.F9A1CF5B5B2E9E17A2DDEB198337F97C] - (.Logitech Inc. - Logitech Camera Control Interface.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe [166448] [PID.2376] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254336] [PID.2588] [MD5.4543367E50BD35E7D1269D42841B156E] - (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [288472] [PID.2664] [MD5.AAAC76A931480ADD2C9B251621EB524E] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\Launcher\Launcher.exe [598016] [PID.1448] [MD5.279EEEBB1221F297886B8560163D3AE8] - (...) -- C:\Program Files\Orange\Deskboard\deskboard.exe [1044480] [PID.3152] [MD5.54ABBCF1C68FAEFF10BCCD254740AE16] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\connectivity\connectivitymanager.exe [716800] [PID.3168] [MD5.032F85FBFE612ECC455ABA7474E5914F] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe [360448] [PID.3252] [MD5.88029974B1C9995CFA3BD9560BBA2EEF] - (.Hewlett-Packard Development Company, L.P. - HP CUE Status.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [239320] [PID.3236] [MD5.987B72E406C172F9F5184F1B4F0CE1BB] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe [28672] [PID.3500] [MD5.167A81D7A06119ABF84042F88EE6F6DF] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe [65536] [PID.3480] [MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8333824] [PID.172] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\SYLVIANE\Application Data\Mozilla\Firefox\Profiles\2vjymc0e.default\prefs.js ~ Firefox Browser: 27 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: MSN Toolbar - [HKLM]{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} . (.Microsoft Corp. - MSN® Shell Extender.) -- C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: &Windows Live Toolbar - [HKLM]{21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: (no name) - [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [AllUsers]: Installation du Contrôle Parental.lnk . (.InstallShield Software Corporation - InstallShield (R) Setup Launcher.) -- C:\Program Files\Securitoo\Contrôle Parental\Controle_parental.exe O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Program [AllUsers]: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Program [SYLVIANE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 17 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Program [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Development Company, L.P. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] . (.Logitech Inc. - Logitech Communications Manager.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe O4 - HKLM\..\Run: [LVCOMSX] . (.Logitech Inc. - LVCom Server.) -- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co O4 - HKLM\..\Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SystrayORAHSS] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\Systray\SystrayApp.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (.not file.) O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (.not file.) O4 - HKCU\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-21-823518204-2000478354-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-823518204-2000478354-725345543-1003\..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (.not file.) O4 - HKUS\S-1-5-21-823518204-2000478354-725345543-1003\..\RunOnce: [Shockwave Updater] . (.Adobe Systems, Inc. - Shockwave Helper.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains\www] http.orange.fr ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{F62332AD-FDED-4D6F-A8FE-58F60B951CA8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{F62332AD-FDED-4D6F-A8FE-58F60B951CA8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{F62332AD-FDED-4D6F-A8FE-58F60B951CA8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop Component 1: PC-Aquarium Deluxe - file:7db39a0d-580f-4be9-9195-8bfcd226f6c2 O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\SYLVIANE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\SYLVIANE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: IncrediMail Xe - (.IncrediMail Ltd..) [HKLM] -- IncrediMail O42 - Logiciel: PC Aquarium Deluxe 3.0 - (...) [HKLM] -- {08830FBE-81C6-4286-8A62-27D0018B1F7D} ~ Logic: 43 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AdTools, Inc.] [HKCU\Software\IncrediMail] [HKCU\Software\Soukoban] [HKCU\Software\TorrentAid] [HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램] [HKLM\Software\13fe] ~ Key Software: 307 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 12/03/2009 - 11:21:25 - [16,979] ----D C:\Program Files\IncrediMail O43 - CFD: 25/08/2008 - 10:02:05 - [0] ----D C:\Documents and Settings\All Users\Application Data\IM O43 - CFD: 25/08/2008 - 10:01:23 - [0,717] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail O43 - CFD: 12/09/2008 - 14:48:39 - [78,146] ----D C:\Documents and Settings\SYLVIANE\Local Settings\Application Data\IM ~ Program Folder: 156 Legitimates Filtered in 00mn 23s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 08/02/2014 - 17:02:50 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.B651B4A04FB680E115B0B029AE26F050] - 08/02/2014 - 17:02:50 ---A- . (...) -- C:\WINDOWS\win.ini [684] O44 - LFC:[MD5.912F543578AA792857AF894DAFAFD126] - 08/02/2014 - 17:17:56 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.97BE956B30DEE2DE376E4EBD826FECA2] - 08/02/2014 - 17:17:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] ~ Files: 29 Legitimates Filtered in 00mn 31s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\ImApp.exe O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\IncMail.exe O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(.IncrediMail, Ltd..) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe O47 - AAKE:Key Export SP - "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" [Enabled] .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe (.not file.) ~ Keys Export: 29 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{1b0f6338-7508-11de-bced-0019215108f8}\AutoRun\command. (...) -- J:\InstallTomTomHOME.exe (.not file.) O51 - MPSK:{55364ad8-38b7-11dd-baa6-a2a3e1e7be37}\AutoRun\command. (...) -- J:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 08/02/2014 - 14:55:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944] O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 08/02/2014 - 14:55:30 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248] O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 16:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:[MD5.2A013E7530BEAB6E569FAA83F517E836] - 07/01/2005 - 16:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920] O58 - SDL:[MD5.39C767BD6D99C23D28E71B6E0CBA3129] - 26/06/2006 - 09:33:40 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [23472] O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 04/08/2004 - 06:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 04/08/2004 - 06:41:37 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 04/08/2004 - 06:29:36 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 04/08/2004 - 06:41:39 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/09/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 04/08/2004 - 06:41:39 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 04/08/2004 - 06:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 04/08/2004 - 06:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 04/08/2004 - 06:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 04/08/2004 - 06:41:45 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 24/07/2006 - 16:05:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [5632] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 04/08/2004 - 06:46:54 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 04/08/2004 - 06:45:25 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 04/08/2004 - 06:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 04/08/2004 - 06:45:10 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 04/08/2004 - 06:45:15 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 04/08/2004 - 06:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 5 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\Launcher\Launcher.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN3946[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.http___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhc[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.http___youtube_conduitapps_com_v3_3_0.APP_WIN_FEATURES.enc", "c2F2ZXJlc2l6ZWRzaXplPTAsaHNjcm9sbD0wLHZzY3JvbGw[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.installType", "conduitnsisintegration"); O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3285358&octid=CT3[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("CT3285358.originalSearchAddressUrl", "http://search.babylon.com/?babsrc=SP_ss&mntrId=a46f65030000000000000019215108f8&t[...] =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3285358&octid=CT3285358&SearchSource=61&CUI=UN394695[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("Smartbar.ConduitSearchEngineList", "01NET.com Main Customized Web Search"); =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN39469526[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.babylon.com/?babsrc=SP_ss&mntrId=a46f65030000000000000019215108f[...] =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("browser.newtab.url", "http://search.babylon.com/?affID=111796&tt=010812_906_cln_3112_6&babsrc=NT_ss&mntrId=a46f65030000[...] =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("browser.search.defaultthis.engineName", "01NET.com Main Customized Web Search"); O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&CUI=UN39469526401293730&UM=2&Sear[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("browser.search.order.1", "Search the web (Babylon)"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.admin", false); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.aflt", "babsst"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.autoRvrt", "false"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.babTrack", "affID=111796&tt=010812_906_cln_3112_6"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.babext", "babExt"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.babtrack", "babTrack"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.bbdpng", 5); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.cntry", "FR"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.dfltLng", "en"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.dfltsrch", "false"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.envrmnt", "production"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.excTlbr", false); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.firstrun", false); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.hdrMd5", "117498853E36B59E770B02E2F9E50C7B"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.hmpg", true); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.hrdid", "a46f65030000000000000019215108f8"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.id", "a46f65030000000000000019215108f8"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.instlDay", "15556"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.instlRef", "sst"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.keywordurl", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.18:46:01"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.lastdp", 5); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.newTab", false); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.newtab", "false"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.newtaburl", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.savedVrsnTs", "1"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.sg", "none"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.smplGrp", "none"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.srch", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.srchprvdr", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.tlbrId", "base"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://www.google.com/search?babsrc=TB_ggl&q="); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.18:46:01"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.babExt", ""); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111796&tt=010812_906_cln_3112_6"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.newTab", false); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.18:46:01"); =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1456,ffxtlbr@babylon.com:1.5.0,bbrs_002@blabbers.com:1.0.5,{20a82645-c095-[...] =>PUP.Babylon O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN39469526401293730&UM=2&q="[...] O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("plugin.state.npconduitfirefoxplugin", 2); O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3285358&CUI=UN39469526401293730&UM=2&SearchSource=13,[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3285358&SearchSource=2&CUI=UN3[...] =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("smartbar.originalHomepage", "http://search.conduit.com/?ctid=CT3285358&CUI=UN39469526401293730&UM=2&SearchSource=13"); =>Hijacker.SmartBar O69 - SBI: prefs.js [SYLVIANE - 2vjymc0e.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {9B71D8E9-DDB3-4B06-B437-75FBC1CBB0E3} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {A97F003A-A4ED-4E41-B2FA-232FECF7244D} - (Yahoo! Search) - http://search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][08/02/2014] (...) -- C:\Documents and Settings\SYLVIANE\Bureau\adwcleaner.exe [1166132] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "3EC1B56843FC5BD41B9C83E43B3095C2" . (.MSN Toolbar.) -- C:\WINDOWS\Installer\{865B1CE3-CF34-4DB5-B1C9-384EB303592C}\_APP_ICON ~ Update Products: 101 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.6966C57AFD7DB31C6839B989CD6D8431] [WIS][13/06/2008] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\27f62f.msi [121344] [MD5.4472CDDD62BD239EE7FF1641A6357856] [WIS][13/06/2008] (.HP Image Transfer - HP Image Transfer.) -- C:\Windows\Installer\27f658.msi [3155456] [MD5.3A0611AAAA851875AE518562A7CE2193] [WIS][13/06/2008] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\27f695.msi [121344] [MD5.5F36A90D26A132FFC3D4F0974D762073] [WIS][13/06/2008] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\27f6a5.msi [121344] [MD5.81AAF831C66ADCC8D7451B713BCA66DB] [WIS][13/06/2008] (.RE Technologies - Photo Utility.) -- C:\Windows\Installer\27f6b6.msi [1332224] [MD5.46C42126C64DF8269F5924F9931B7F3C] [WIS][12/07/2008] (.Vendio Services, Inc. - Search Settings.) -- C:\Windows\Installer\438544.msi [1263616] =>Adware.SearchSettings ~ WIS: 106 Legitimates Filtered in 00mn 04s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 06/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 11/06/2010 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 26/06/2006 91696 | (LVSrvLauncher) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe SS - | Demand 06/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 14/06/2008 155715 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 08/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 25/09/2007 65536 | C:\Program Files\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SR - | Auto 08/02/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 26/06/2006 99888 | (LVPrcSrv) . (.Logitech Inc..) - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe SR - | Auto 03/03/2006 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe ~ Services: Scanned in 00mn 05s ---\\ Scan Additionnel (O88) Database Version : 13030 - (06/02/2014) Clés trouvées (Keys found) : 8 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 1 [HKLM\Software\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88] =>PUP.Dealio [HKLM\Software\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88] =>PUP.Dealio [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88] =>PUP.Dealio [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\dealio] =>Adware.BHO [HKLM\Software\Classes\Installer\Features\3EC1B56843FC5BD41B9C83E43B3095C2] =>Toolbar.MSN [HKLM\Software\Classes\Installer\Products\3EC1B56843FC5BD41B9C83E43B3095C2] =>Toolbar.MSN [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3EC1B56843FC5BD41B9C83E43B3095C2] =>Toolbar.MSN [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{865B1CE3-CF34-4DB5-B1C9-384EB303592C}] =>Toolbar.MSN C:\Program Files\01NET.com_Main =>Adware.SimilarSites C:\Documents and Settings\SYLVIANE\Local Settings\Application Data\01NET.com_Main =>Adware.SimilarSites C:\Windows\Installer\438544.msi =>Adware.SearchSettings^ ~ Additionnel Scan: 228659 Items scanned in 00mn 20s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar ~ http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings ~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio ~ http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites =>Adware.SimilarSites ~ MSI: 5 link(s) detected in 00mn 20s ~ 982 Legitimates filtered by white list End of the scan (577 lines in 01mn 56s)(0)