Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.3.10.11 - Nicolas Coolman (10/03/2014)
~ Lancé par XH (11/03/2014 20:47:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1 (Defaut)
GCIE: Google Chrome v33.0.1750.146
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
Pack sécurité GarminHeaven 27.1.2012
Pack sécurité GarminHeaven 27.1.2012
Microsoft Security Client v4.4.0304.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 21 Model 16 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2261 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (7%) free of 39 GB
---\\ Mode de connexion au système
~ Computer Name: XHD
~ User Name: XH
~ All Users Names: XH, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\XH\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\XH\Application Data\
~ %Desktop% : C:\Documents and Settings\XH\Bureau\
~ %Favorites% : C:\Documents and Settings\XH\Favoris\
~ %LocalAppData% : C:\Documents and Settings\XH\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\XH\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 39 Go)
E: Hard drive, Flash drive, Thumb drive (Free 5 Go of 71 Go)
F: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.2988BFF8257A55EA8AFD038F49F81A34] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2014 - 13:20:01.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 03:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 03:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1477
~ Mes musiques (My Musics) : 14/2165
~ Mes Videos (My Videos) : 2/50
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 4/7260
~ Mon Bureau (My Desktop) : 1/810
~ Menu demarrer (Programs) : 0/52
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1128]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.312]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.964]
[MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8352256] [PID.684]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\XH\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.bearshare.net =>PUP.BearShare
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15313
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor Computer Inventory.) -- C:\Program Files\Belarc\Advisor\BelarcAdvisor.exe
O4 - GS\Program [AllUsers]: EasyGPS.lnk . (.TopoGrafix - EasyGPS.) -- C:\Program Files\EasyGPS\EasyGPS.exe
O4 - GS\Program [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe
O4 - GS\Program [XH]: ApprendreLesTables.lnk . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Documents and Settings\XH\ApprendreLesTables\1.2\bin\1.2\bin\javaw.exe
O4 - GS\Program [XH]: QCM Parapente 2012.lnk . (...) -- C:\Documents and Settings\XH\Local Settings\Application Data\QCM FFVL PARA2012\QCMParapente-2012.accdr
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 22 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] . (.NVIDIA Corporation - NVIDIA nView Wizard, Version 100.28.) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\System32\NvMcTray.dll
O4 - HKLM\..\Run: [LXSUPMON] . (.Lexmark - Supplies Monitor.) -- C:\WINDOWS\system32\LXSUPMON.exe
O4 - HKLM\..\Run: [VTTimer] Clé orpheline
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (.not file.)
O4 - HKLM\..\Run: [WebCam Go Sti Service Application] Clé orpheline
O4 - HKLM\..\Run: [NVMixerTray] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: DirectAnimation Java Classes - (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\CleanTemps.job [258]
[MD5.D2431DB18D664CCEC617718E8D407497] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd [198]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
O41 - Driver: (BIOS) . (.BIOSTAR Group - I/O Interface driver file.) - C:\WINDOWS\system32\drivers\BIOS.sys
~ Drivers: 47 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: 3D Exploration - (...) [HKLM] -- 3D Exploration
O42 - Logiciel: Coloreal Bright - (...) [HKLM] -- {4BFF2645-303A-4C2D-B5C5-FD8F398E07A9}
O42 - Logiciel: EasyGPS 4.45 - (.TopoGrafix.) [HKLM] -- EasyGPS_is1
O42 - Logiciel: GEONExT 1.74 - (.GEONExT Group.) [HKLM] -- GEONExT_is1
O42 - Logiciel: Les Chemins de la Lecture - (...) [HKLM] -- {352B2D26-26A3-468C-8295-AE2830EE0536}
O42 - Logiciel: M3Gate - (...) [HKLM] -- {A128E661-349A-4E33-97D2-95C824BF4D90}
O42 - Logiciel: SplitCam - (.LoteSoft Co..) [HKLM] -- {00718491-55BF-46C6-83EF-4B3B95AC807A}
O42 - Logiciel: SuperTux 0.1.3 - (.SuperTux Development Team.) [HKLM] -- SuperTux_is1
O42 - Logiciel: Voxeet - (.Voxeet.) [HKLM] -- Voxeet
O42 - Logiciel: Z-Anaglyph - (...) [HKLM] -- Z-Anaglyph
~ Logic: 49 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\GraphWeather]
[HKCU\Software\LoteSoft]
[HKCU\Software\NumericLabs]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Senvid]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\X Dimension]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\FURI-CNED]
[HKLM\Software\FXCD]
[HKLM\Software\GEONExT Group]
[HKLM\Software\LoteSoft Co.]
[HKLM\Software\LoteSoft]
[HKLM\Software\Neuratron]
[HKLM\Software\NumericLabs]
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Senvid]
~ Key Software: 430 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/02/2011 - 16:21:09 - [0,384] ----D C:\Program Files\Cumulus
O43 - CFD: 02/08/2012 - 17:29:30 - [8,476] ----D C:\Program Files\EasyGPS
O43 - CFD: 31/01/2009 - 19:17:36 - [0,059] ----D C:\Program Files\FURI-CNED
O43 - CFD: 01/12/2012 - 17:16:02 - [10,672] ----D C:\Program Files\GEONExT
O43 - CFD: 31/05/2012 - 19:29:08 - [0,365] ----D C:\Program Files\Neuratron PhotoScore Demo
O43 - CFD: 02/03/2012 - 19:06:37 - [2,301] ----D C:\Program Files\NumericLabs
O43 - CFD: 19/03/2013 - 11:38:05 - [17,093] ----D C:\Program Files\s3graphics
O43 - CFD: 29/01/2009 - 00:49:09 - [23,319] ----D C:\Program Files\Sailmath
O43 - CFD: 15/12/2013 - 11:08:40 - [4,897] ----D C:\Program Files\SplitCam
O43 - CFD: 04/03/2010 - 17:49:36 - [15,494] ----D C:\Program Files\SuperTux
O43 - CFD: 09/12/2011 - 05:13:03 - [9,386] ----D C:\Program Files\TPE
O43 - CFD: 08/03/2013 - 13:39:11 - [20,507] ----D C:\Program Files\Voxeet
O43 - CFD: 14/11/2011 - 04:44:23 - [2,071] ----D C:\Program Files\Zanag
O43 - CFD: 07/04/2008 - 15:37:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\MailFrontier
O43 - CFD: 11/03/2014 - 16:45:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic
O43 - CFD: 19/03/2013 - 12:01:22 - [0] ----D C:\Documents and Settings\All Users\Application Data\s3graphics
O43 - CFD: 13/10/2013 - 13:47:55 - [0] ----D C:\Documents and Settings\All Users\Application Data\xml_param
O43 - CFD: 29/11/2010 - 18:47:33 - [0,001] ----D C:\Documents and Settings\XH\Application Data\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
O43 - CFD: 19/11/2011 - 18:30:54 - [0] ----D C:\Documents and Settings\XH\Application Data\FUJI FILM
O43 - CFD: 11/03/2014 - 16:19:41 - [0,110] ----D C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic
O43 - CFD: 20/03/2013 - 06:01:37 - [0,319] ----D C:\Documents and Settings\XH\Application Data\Voxeet
O43 - CFD: 13/10/2013 - 13:43:48 - [0] ----D C:\Documents and Settings\XH\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 08/03/2013 - 13:56:26 - [0,101] ----D C:\Documents and Settings\XH\Local Settings\Application Data\Voxeet
O43 - CFD: 15/03/2012 - 17:08:38 - [8,025] ----D C:\Documents and Settings\XH\Local Settings\Application Data\{06F8A00D-727E-483E-B2EC-21C7EE145549}
O43 - CFD: 31/01/2009 - 19:17:37 - [0,002] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Lire avec FURI
O43 - CFD: 29/01/2009 - 00:49:06 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Sailmath
O43 - CFD: 14/11/2011 - 04:36:58 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Z-Anaglyph
~ Program Folder: 269 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9AF03EB4FBD5D7FCD7750EC60727CA8E] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiadebug.log [275]
O44 - LFC:[MD5.70E1454FAEE97E09370015083EA50AFA] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.B073E39AC258E2AF10D7105DA2125CBC] - 10/03/2014 - 18:07:12 R--A- . (.Pas de propriétaire - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [73728]
O44 - LFC:[MD5.D5242645DAC827E91FC300772FD0E2AD] - 10/03/2014 - 19:20:25 R--A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [662785]
O44 - LFC:[MD5.5169798301516305B07409B86C8BF1C0] - 10/03/2014 - 19:20:28 R--A- . (...) -- C:\WINDOWS\system32\atiapfxx.blb [284304]
O44 - LFC:[MD5.701E8F87F905722C6879EFC5EEFF6C08] - 10/03/2014 - 19:20:43 R--A- . (...) -- C:\WINDOWS\atiogl.xml [38445]
O44 - LFC:[MD5.B9134C24D34AD8711E24348E2F69ED81] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\Thumbs.db [9728]
O44 - LFC:[MD5.A14A45CC49006188B7B347CF62FA51DC] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.F6C887B00DD2FC82AEC04D2DA54F1AE7] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\win.ini [1012]
O44 - LFC:[MD5.11131A38C01B696741E36C65D624006E] - 11/03/2014 - 13:51:59 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [5968]
O44 - LFC:[MD5.396A7513A266B3FB1DDA9F9FB2AB309C] - 11/03/2014 - 19:13:43 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1917]
O44 - LFC:[MD5.332C6F3BC25527103A5CEAE67671ACA7] - 11/03/2014 - 19:15:00 ---A- . (...) -- C:\WINDOWS\msmqinst.log [778362]
O44 - LFC:[MD5.183E59AB4EF432B5173CEF502FF3A0D5] - 11/03/2014 - 19:15:01 ---A- . (...) -- C:\WINDOWS\netfxocm.log [416996]
O44 - LFC:[MD5.79E8C6EFF6C7F0249E6765ED11DFADB4] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [2343597]
O44 - LFC:[MD5.5657221FD7DF968ED12D066839A7FF2C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\comsetup.log [850650]
O44 - LFC:[MD5.DBB1DA44E3126AC08E3CC58DF4C1306A] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\iis6.log [856876]
O44 - LFC:[MD5.80ACB45D240D32D8CC337A0855D2BFC6] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\imsins.log [4566]
O44 - LFC:[MD5.B12A9DCCABC07796C4E094BED1EF4CF3] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\medctroc.Log [166754]
O44 - LFC:[MD5.5A30D7170277A0AC9511F1A07710D198] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\msgsocm.log [121210]
O44 - LFC:[MD5.5CCD19A20080AA72F18047614E179CB7] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [513461]
O44 - LFC:[MD5.8F6D4AF583F600D47DA2605490F7223C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocgen.log [1239308]
O44 - LFC:[MD5.8FC48BE83F6372BEDC8DF26E304C228B] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocmsn.log [134065]
O44 - LFC:[MD5.19817B5EDCB4113190DD36993E318C31] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tabletoc.log [120111]
O44 - LFC:[MD5.1FD6CC42BA895BEE2226C2D5F056D281] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tsoc.log [1121853]
O44 - LFC:[MD5.7F6F6D9041960BBB82A062A42B658B13] - 11/03/2014 - 20:29:10 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [7429018]
~ Files: 67 Legitimates Filtered in 00mn 01s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
~ Keys Export: 11 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Aimersoft Helper Compact.exe [Key] . (.AimerSoft - AimerSoft Studio.) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (...) -- C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Chrome3 [Key] . (...) -- ;;; C:\Program Files\s3graphics\chrome3\Chrome3.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Coloreal Hint [Key] . (.WayTech Development, Inc. - Coloreal Hint Application.) -- C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O53 - SMSR:HKLM\...\startupreg\Voxeet [Key] . (.Voxeet - Voxeet.) -- C:\Program Files\Voxeet\voxeet.exe
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.548CCBD8B48FDF7E2435AD6017920A7F] - 08/10/2012 - 19:53:56 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys [26080]
O58 - SDL:[MD5.5D7BE7B19E827125E016325334E58FF1] - 09/08/2011 - 17:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\BANTExt.sys [3840]
O58 - SDL:[MD5.BE5D50529799B9BAB6BE879EC768B6CF] - 15/03/2005 - 20:23:54 R--A- . (.BIOSTAR Group - I/O Interface driver file.) -- C:\WINDOWS\system32\Drivers\BIOS.sys [13696]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9339335CFAF1EBD80734098FF938B32A] - 28/03/2013 - 14:35:04 ---A- . (.FNet Co., Ltd. - FNetTHJM.sys.) -- C:\WINDOWS\system32\Drivers\fnetthjm.sys [24448]
O58 - SDL:[MD5.773C1893FAE9D405110C98A00040ABD4] - 04/06/2009 - 10:34:06 ---A- . (.Guillemot Corp S.A. - Guillemot USB Audio Processing Filter.) -- C:\WINDOWS\system32\Drivers\guillflt.sys [54784]
O58 - SDL:[MD5.3504C8284DC8F04A522455DE81C9D1B8] - 12/06/2009 - 13:24:58 ---A- . (.NTK - 96610 PC Camera mini Driver.) -- C:\WINDOWS\system32\Drivers\nvtcam.sys [2697728]
O58 - SDL:[MD5.AF11848A34BF87116B721A3AF1EC3A5E] - 12/06/2009 - 13:24:36 ---A- . (.Windows (R) Codename Longhorn DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\nvtcamd2.sys [29440]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 02:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.C7C361A04742AB187E10583BBF4FA975] - 27/09/2013 - 17:28:11 ---A- . (.LoteSoft Co. - Video Capture Stream Splitter.) -- C:\WINDOWS\system32\Drivers\splitcam.sys [13824]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C9B342631F4FA5F7F3D9B503CB9C615F] - 05/09/2003 - 09:57:50 ---A- . (.Leadtek Research Inc. - WinFox I/O Device (Windows 2000/XP).) -- C:\WINDOWS\system32\Drivers\WINFOXIO.sys [9469]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 09:23:06 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 22:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/01/1601 - C:\DOCUME~1\XH\LOCALS~1\Temp\mbr.sys (mbr) .(...) - LEGACY_MBR
~ Legacy: 178 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\XH\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D751B24F5123A5C012BB071A0E40ED8A] [SPRF][30/05/2012] (...) -- C:\Documents and Settings\XH\Bureau\adwcleaner.exe [591235]
[MD5.EC996A0C57736736A865C5A0DE2262BE] [SPRF][05/03/2009] (...) -- C:\Documents and Settings\XH\Bureau\Google Updater.exe [1046648]
[MD5.25BA3E44CC66B1549EA050688B222C66] [SPRF][31/05/2012] (.IS Decisions - SkypeCleaner.) -- C:\Documents and Settings\XH\Bureau\SkypeCleaner.exe [90112]
[MD5.54ACBA9CFD7154C02CEACF6310CF3CFA] [SPRF][31/05/2012] (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Documents and Settings\XH\Bureau\spybotsd162.exe [16409960]
[MD5.F0212D2C6869C817E6AD7E65B8531FEF] [SPRF][03/06/2012] (.Krzysztof Kowalczyk - SumatraPDF Installer.) -- C:\Documents and Settings\XH\Bureau\SumatraPDF-2.1.1-install.exe [4419192]
~ Files: 15 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D4AF80DCB54F659726E47128301F43B8] [WIS][25/12/2013] (.Coby - Coby Media Manager.) -- C:\Windows\Installer\39fd68.msi [1251328]
[MD5.71F9333616F531E95B3F25FCD0BF056D] [WIS][09/12/2011] (.UNKNOWN - TPE.) -- C:\Windows\Installer\74ed6.msi [23552]
[MD5.FCB9C65C271E06FE10603DC803603E49] [WIS][03/04/2012] (.Daniel Oddou - Questionnaire pour les brevets parapente.) -- C:\Windows\Installer\cad7fd.msi [211968]
~ WIS: 64 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 29/11/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 05/03/2009 133104 | (gupdate1c99e22bd159b1a) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/03/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 04/10/2011 194104 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Auto 17/02/2011 88688 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe
SS - | Auto 09/10/2001 300544 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Demand 25/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 14/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 10/01/2005 139331 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 27/08/2010 536576 | (S3funkey) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3funkey.svc
SS - | Auto 27/08/2010 499712 | (S3loadsv) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3loadsv.svc
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
~ Services: Scanned in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (10/03/2014)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKLM\Software\Classes\CLSID\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic^
C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic^
~ Additionnel Scan: 228202 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ MSI: 6 link(s) detected in 00mn 24s
~ 1235 Legitimates filtered by white list
End of the scan (568 lines in 00mn 55s)(0)
~ Lancé par XH (11/03/2014 20:47:06)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1 (Defaut)
GCIE: Google Chrome v33.0.1750.146
---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
Pack sécurité GarminHeaven 27.1.2012
Pack sécurité GarminHeaven 27.1.2012
Microsoft Security Client v4.4.0304.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informations sur le système
~ Processor: x86 Family 21 Model 16 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2261 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (7%) free of 39 GB
---\\ Mode de connexion au système
~ Computer Name: XHD
~ User Name: XH
~ All Users Names: XH, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\XH\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\XH\Application Data\
~ %Desktop% : C:\Documents and Settings\XH\Bureau\
~ %Favorites% : C:\Documents and Settings\XH\Favoris\
~ %LocalAppData% : C:\Documents and Settings\XH\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\XH\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 39 Go)
E: Hard drive, Flash drive, Thumb drive (Free 5 Go of 71 Go)
F: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.2988BFF8257A55EA8AFD038F49F81A34] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2014 - 13:20:01.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 03:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 03:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1477
~ Mes musiques (My Musics) : 14/2165
~ Mes Videos (My Videos) : 2/50
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 4/7260
~ Mon Bureau (My Desktop) : 1/810
~ Menu demarrer (Programs) : 0/52
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.B0F49DA36F30922F5DDC3B623B778FCE] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1128]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.312]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.964]
[MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8352256] [PID.684]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\XH\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://search.bearshare.net =>PUP.BearShare
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15313
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor Computer Inventory.) -- C:\Program Files\Belarc\Advisor\BelarcAdvisor.exe
O4 - GS\Program [AllUsers]: EasyGPS.lnk . (.TopoGrafix - EasyGPS.) -- C:\Program Files\EasyGPS\EasyGPS.exe
O4 - GS\Program [AllUsers]: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [AllUsers]: SumatraPDF.lnk . (.Krzysztof Kowalczyk - SumatraPDF.) -- C:\Program Files\SumatraPDF\SumatraPDF.exe
O4 - GS\Program [XH]: ApprendreLesTables.lnk . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Documents and Settings\XH\ApprendreLesTables\1.2\bin\1.2\bin\javaw.exe
O4 - GS\Program [XH]: QCM Parapente 2012.lnk . (...) -- C:\Documents and Settings\XH\Local Settings\Application Data\QCM FFVL PARA2012\QCMParapente-2012.accdr
O4 - GS\Program [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 22 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office 2000 component.) -- C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nwiz] . (.NVIDIA Corporation - NVIDIA nView Wizard, Version 100.28.) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\System32\NvMcTray.dll
O4 - HKLM\..\Run: [LXSUPMON] . (.Lexmark - Supplies Monitor.) -- C:\WINDOWS\system32\LXSUPMON.exe
O4 - HKLM\..\Run: [VTTimer] Clé orpheline
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SkyTel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (.not file.)
O4 - HKLM\..\Run: [WebCam Go Sti Service Application] Clé orpheline
O4 - HKLM\..\Run: [NVMixerTray] . (.NVIDIA Corporation - NVIDIA nForce Mixer Tray Application.) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
O4 - HKLM\..\Run: [MSConfig] . (.Microsoft Corporation - Utilitaire de configuration système.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2000478354-920026266-725345543-1003\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: DirectAnimation Java Classes - (DirectAnimation Java Classes) - (.not file.) - file:\\C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: Microsoft XML Parser for Java - (Microsoft XML Parser for Java) - (.not file.) - file:\\C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{68183B28-A15F-48A1-A26F-5B6714729152}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{90709A30-3D42-4681-9816-A5A4089871BF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A5D72521-3AB5-4BA1-A523-36FDDCB375BD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CC5F99FE-09A2-447B-94E7-45E5C5357A65}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C6DAC2F-9255-47C2-AA64-290EC7E5092E}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\System32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\CleanTemps.job [258]
[MD5.D2431DB18D664CCEC617718E8D407497] [APT] [CleanTemps] (...) -- C:\MaConfig\Process\CleanTemps.cmd [198]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
O41 - Driver: (BIOS) . (.BIOSTAR Group - I/O Interface driver file.) - C:\WINDOWS\system32\drivers\BIOS.sys
~ Drivers: 47 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: 3D Exploration - (...) [HKLM] -- 3D Exploration
O42 - Logiciel: Coloreal Bright - (...) [HKLM] -- {4BFF2645-303A-4C2D-B5C5-FD8F398E07A9}
O42 - Logiciel: EasyGPS 4.45 - (.TopoGrafix.) [HKLM] -- EasyGPS_is1
O42 - Logiciel: GEONExT 1.74 - (.GEONExT Group.) [HKLM] -- GEONExT_is1
O42 - Logiciel: Les Chemins de la Lecture - (...) [HKLM] -- {352B2D26-26A3-468C-8295-AE2830EE0536}
O42 - Logiciel: M3Gate - (...) [HKLM] -- {A128E661-349A-4E33-97D2-95C824BF4D90}
O42 - Logiciel: SplitCam - (.LoteSoft Co..) [HKLM] -- {00718491-55BF-46C6-83EF-4B3B95AC807A}
O42 - Logiciel: SuperTux 0.1.3 - (.SuperTux Development Team.) [HKLM] -- SuperTux_is1
O42 - Logiciel: Voxeet - (.Voxeet.) [HKLM] -- Voxeet
O42 - Logiciel: Z-Anaglyph - (...) [HKLM] -- Z-Anaglyph
~ Logic: 49 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\GraphWeather]
[HKCU\Software\LoteSoft]
[HKCU\Software\NumericLabs]
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Senvid]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\X Dimension]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\FURI-CNED]
[HKLM\Software\FXCD]
[HKLM\Software\GEONExT Group]
[HKLM\Software\LoteSoft Co.]
[HKLM\Software\LoteSoft]
[HKLM\Software\Neuratron]
[HKLM\Software\NumericLabs]
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Senvid]
~ Key Software: 430 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/02/2011 - 16:21:09 - [0,384] ----D C:\Program Files\Cumulus
O43 - CFD: 02/08/2012 - 17:29:30 - [8,476] ----D C:\Program Files\EasyGPS
O43 - CFD: 31/01/2009 - 19:17:36 - [0,059] ----D C:\Program Files\FURI-CNED
O43 - CFD: 01/12/2012 - 17:16:02 - [10,672] ----D C:\Program Files\GEONExT
O43 - CFD: 31/05/2012 - 19:29:08 - [0,365] ----D C:\Program Files\Neuratron PhotoScore Demo
O43 - CFD: 02/03/2012 - 19:06:37 - [2,301] ----D C:\Program Files\NumericLabs
O43 - CFD: 19/03/2013 - 11:38:05 - [17,093] ----D C:\Program Files\s3graphics
O43 - CFD: 29/01/2009 - 00:49:09 - [23,319] ----D C:\Program Files\Sailmath
O43 - CFD: 15/12/2013 - 11:08:40 - [4,897] ----D C:\Program Files\SplitCam
O43 - CFD: 04/03/2010 - 17:49:36 - [15,494] ----D C:\Program Files\SuperTux
O43 - CFD: 09/12/2011 - 05:13:03 - [9,386] ----D C:\Program Files\TPE
O43 - CFD: 08/03/2013 - 13:39:11 - [20,507] ----D C:\Program Files\Voxeet
O43 - CFD: 14/11/2011 - 04:44:23 - [2,071] ----D C:\Program Files\Zanag
O43 - CFD: 07/04/2008 - 15:37:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\MailFrontier
O43 - CFD: 11/03/2014 - 16:45:23 - [0] ----D C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic
O43 - CFD: 19/03/2013 - 12:01:22 - [0] ----D C:\Documents and Settings\All Users\Application Data\s3graphics
O43 - CFD: 13/10/2013 - 13:47:55 - [0] ----D C:\Documents and Settings\All Users\Application Data\xml_param
O43 - CFD: 29/11/2010 - 18:47:33 - [0,001] ----D C:\Documents and Settings\XH\Application Data\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1
O43 - CFD: 19/11/2011 - 18:30:54 - [0] ----D C:\Documents and Settings\XH\Application Data\FUJI FILM
O43 - CFD: 11/03/2014 - 16:19:41 - [0,110] ----D C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic
O43 - CFD: 20/03/2013 - 06:01:37 - [0,319] ----D C:\Documents and Settings\XH\Application Data\Voxeet
O43 - CFD: 13/10/2013 - 13:43:48 - [0] ----D C:\Documents and Settings\XH\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 08/03/2013 - 13:56:26 - [0,101] ----D C:\Documents and Settings\XH\Local Settings\Application Data\Voxeet
O43 - CFD: 15/03/2012 - 17:08:38 - [8,025] ----D C:\Documents and Settings\XH\Local Settings\Application Data\{06F8A00D-727E-483E-B2EC-21C7EE145549}
O43 - CFD: 31/01/2009 - 19:17:37 - [0,002] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Lire avec FURI
O43 - CFD: 29/01/2009 - 00:49:06 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Sailmath
O43 - CFD: 14/11/2011 - 04:36:58 - [0,001] ----D C:\Documents and Settings\XH\Menu Démarrer\Programmes\Z-Anaglyph
~ Program Folder: 269 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9AF03EB4FBD5D7FCD7750EC60727CA8E] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiadebug.log [275]
O44 - LFC:[MD5.70E1454FAEE97E09370015083EA50AFA] - 10/03/2014 - 07:22:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.B073E39AC258E2AF10D7105DA2125CBC] - 10/03/2014 - 18:07:12 R--A- . (.Pas de propriétaire - About Page.) -- C:\WINDOWS\system32\RtNicProp32.dll [73728]
O44 - LFC:[MD5.D5242645DAC827E91FC300772FD0E2AD] - 10/03/2014 - 19:20:25 R--A- . (...) -- C:\WINDOWS\system32\atiicdxx.dat [662785]
O44 - LFC:[MD5.5169798301516305B07409B86C8BF1C0] - 10/03/2014 - 19:20:28 R--A- . (...) -- C:\WINDOWS\system32\atiapfxx.blb [284304]
O44 - LFC:[MD5.701E8F87F905722C6879EFC5EEFF6C08] - 10/03/2014 - 19:20:43 R--A- . (...) -- C:\WINDOWS\atiogl.xml [38445]
O44 - LFC:[MD5.B9134C24D34AD8711E24348E2F69ED81] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\Thumbs.db [9728]
O44 - LFC:[MD5.A14A45CC49006188B7B347CF62FA51DC] - 10/03/2014 - 21:22:50 -SHA- . (...) -- C:\WINDOWS\Thumbs.db [8192]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.F6C887B00DD2FC82AEC04D2DA54F1AE7] - 10/03/2014 - 21:51:41 ---A- . (...) -- C:\WINDOWS\win.ini [1012]
O44 - LFC:[MD5.11131A38C01B696741E36C65D624006E] - 11/03/2014 - 13:51:59 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [5968]
O44 - LFC:[MD5.396A7513A266B3FB1DDA9F9FB2AB309C] - 11/03/2014 - 19:13:43 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1917]
O44 - LFC:[MD5.332C6F3BC25527103A5CEAE67671ACA7] - 11/03/2014 - 19:15:00 ---A- . (...) -- C:\WINDOWS\msmqinst.log [778362]
O44 - LFC:[MD5.183E59AB4EF432B5173CEF502FF3A0D5] - 11/03/2014 - 19:15:01 ---A- . (...) -- C:\WINDOWS\netfxocm.log [416996]
O44 - LFC:[MD5.79E8C6EFF6C7F0249E6765ED11DFADB4] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [2343597]
O44 - LFC:[MD5.5657221FD7DF968ED12D066839A7FF2C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\comsetup.log [850650]
O44 - LFC:[MD5.DBB1DA44E3126AC08E3CC58DF4C1306A] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\iis6.log [856876]
O44 - LFC:[MD5.80ACB45D240D32D8CC337A0855D2BFC6] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\imsins.log [4566]
O44 - LFC:[MD5.B12A9DCCABC07796C4E094BED1EF4CF3] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\medctroc.Log [166754]
O44 - LFC:[MD5.5A30D7170277A0AC9511F1A07710D198] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\msgsocm.log [121210]
O44 - LFC:[MD5.5CCD19A20080AA72F18047614E179CB7] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [513461]
O44 - LFC:[MD5.8F6D4AF583F600D47DA2605490F7223C] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocgen.log [1239308]
O44 - LFC:[MD5.8FC48BE83F6372BEDC8DF26E304C228B] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\ocmsn.log [134065]
O44 - LFC:[MD5.19817B5EDCB4113190DD36993E318C31] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tabletoc.log [120111]
O44 - LFC:[MD5.1FD6CC42BA895BEE2226C2D5F056D281] - 11/03/2014 - 19:15:06 ---A- . (...) -- C:\WINDOWS\tsoc.log [1121853]
O44 - LFC:[MD5.7F6F6D9041960BBB82A062A42B658B13] - 11/03/2014 - 20:29:10 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [7429018]
~ Files: 67 Legitimates Filtered in 00mn 01s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" [Enabled] .(.Google.) -- C:\Documents and Settings\XH\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
~ Keys Export: 11 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Aimersoft Helper Compact.exe [Key] . (.AimerSoft - AimerSoft Studio.) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O53 - SMSR:HKLM\...\startupreg\BrowserPlugInHelper [Key] . (...) -- C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Chrome3 [Key] . (...) -- ;;; C:\Program Files\s3graphics\chrome3\Chrome3.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Coloreal Hint [Key] . (.WayTech Development, Inc. - Coloreal Hint Application.) -- C:\Program Files\WayTech\Coloreal\Coloreal Bright\Coloreal Hint.exe
O53 - SMSR:HKLM\...\startupreg\Voxeet [Key] . (.Voxeet - Voxeet.) -- C:\Program Files\Voxeet\voxeet.exe
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.548CCBD8B48FDF7E2435AD6017920A7F] - 08/10/2012 - 19:53:56 ---A- . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\WINDOWS\system32\Drivers\Apowersoft_AudioDevice.sys [26080]
O58 - SDL:[MD5.5D7BE7B19E827125E016325334E58FF1] - 09/08/2011 - 17:33:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\BANTExt.sys [3840]
O58 - SDL:[MD5.BE5D50529799B9BAB6BE879EC768B6CF] - 15/03/2005 - 20:23:54 R--A- . (.BIOSTAR Group - I/O Interface driver file.) -- C:\WINDOWS\system32\Drivers\BIOS.sys [13696]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.9339335CFAF1EBD80734098FF938B32A] - 28/03/2013 - 14:35:04 ---A- . (.FNet Co., Ltd. - FNetTHJM.sys.) -- C:\WINDOWS\system32\Drivers\fnetthjm.sys [24448]
O58 - SDL:[MD5.773C1893FAE9D405110C98A00040ABD4] - 04/06/2009 - 10:34:06 ---A- . (.Guillemot Corp S.A. - Guillemot USB Audio Processing Filter.) -- C:\WINDOWS\system32\Drivers\guillflt.sys [54784]
O58 - SDL:[MD5.3504C8284DC8F04A522455DE81C9D1B8] - 12/06/2009 - 13:24:58 ---A- . (.NTK - 96610 PC Camera mini Driver.) -- C:\WINDOWS\system32\Drivers\nvtcam.sys [2697728]
O58 - SDL:[MD5.AF11848A34BF87116B721A3AF1EC3A5E] - 12/06/2009 - 13:24:36 ---A- . (.Windows (R) Codename Longhorn DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\nvtcamd2.sys [29440]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 02:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.C7C361A04742AB187E10583BBF4FA975] - 27/09/2013 - 17:28:11 ---A- . (.LoteSoft Co. - Video Capture Stream Splitter.) -- C:\WINDOWS\system32\Drivers\splitcam.sys [13824]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 02:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C9B342631F4FA5F7F3D9B503CB9C615F] - 05/09/2003 - 09:57:50 ---A- . (.Leadtek Research Inc. - WinFox I/O Device (Windows 2000/XP).) -- C:\WINDOWS\system32\Drivers\WINFOXIO.sys [9469]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 28/08/2002 - 09:23:06 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 02:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 03/08/2004 - 22:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 03/08/2004 - 22:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 03/08/2004 - 22:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 03/08/2004 - 22:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 01/01/1601 - C:\DOCUME~1\XH\LOCALS~1\Temp\mbr.sys (mbr) .(...) - LEGACY_MBR
~ Legacy: 178 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - () - http://search.live.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D751B24F5123A5C012BB071A0E40ED8A] [SPRF][30/05/2012] (...) -- C:\Documents and Settings\XH\Bureau\adwcleaner.exe [591235]
[MD5.EC996A0C57736736A865C5A0DE2262BE] [SPRF][05/03/2009] (...) -- C:\Documents and Settings\XH\Bureau\Google Updater.exe [1046648]
[MD5.25BA3E44CC66B1549EA050688B222C66] [SPRF][31/05/2012] (.IS Decisions - SkypeCleaner.) -- C:\Documents and Settings\XH\Bureau\SkypeCleaner.exe [90112]
[MD5.54ACBA9CFD7154C02CEACF6310CF3CFA] [SPRF][31/05/2012] (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Documents and Settings\XH\Bureau\spybotsd162.exe [16409960]
[MD5.F0212D2C6869C817E6AD7E65B8531FEF] [SPRF][03/06/2012] (.Krzysztof Kowalczyk - SumatraPDF Installer.) -- C:\Documents and Settings\XH\Bureau\SumatraPDF-2.1.1-install.exe [4419192]
~ Files: 15 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D4AF80DCB54F659726E47128301F43B8] [WIS][25/12/2013] (.Coby - Coby Media Manager.) -- C:\Windows\Installer\39fd68.msi [1251328]
[MD5.71F9333616F531E95B3F25FCD0BF056D] [WIS][09/12/2011] (.UNKNOWN - TPE.) -- C:\Windows\Installer\74ed6.msi [23552]
[MD5.FCB9C65C271E06FE10603DC803603E49] [WIS][03/04/2012] (.Daniel Oddou - Questionnaire pour les brevets parapente.) -- C:\Windows\Installer\cad7fd.msi [211968]
~ WIS: 64 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 29/11/2012 643072 | (Ati HotKey Poller) . (.ATI Technologies Inc..) - C:\WINDOWS\system32\Ati2evxx.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 05/03/2009 133104 | (gupdate1c99e22bd159b1a) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/03/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 04/10/2011 194104 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 18/12/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Auto 17/02/2011 88688 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe
SS - | Auto 09/10/2001 300544 | (LexBceS) . (.Lexmark International, Inc..) - C:\WINDOWS\system32\LEXBCES.exe
SS - | Demand 25/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 14/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 10/01/2005 139331 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 27/08/2010 536576 | (S3funkey) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3funkey.svc
SS - | Auto 27/08/2010 499712 | (S3loadsv) . (.S3 Graphics Co., Ltd..) - C:\Program Files\s3graphics\chrome3\s3loadsv.svc
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 23/10/2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
~ Services: Scanned in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (10/03/2014)
Clés trouvées (Keys found) : 16
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKLM\Software\Classes\CLSID\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E47D688-85EC-465A-9946-EC58220F14FC}] =>PUP.SearchResults
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:\Documents and Settings\All Users\Application Data\ParetoLogic =>PUP.Paretologic^
C:\Documents and Settings\XH\Application Data\ParetoLogic =>PUP.Paretologic^
~ Additionnel Scan: 228202 Items scanned in 00mn 24s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic =>PUP.Paretologic
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ MSI: 6 link(s) detected in 00mn 24s
~ 1235 Legitimates filtered by white list
End of the scan (568 lines in 00mn 55s)(0)