[Résolu] Virus Plus-HD-4.9

[Apollo]

Re,

 

Comment se comporte le pc?

 

Fais ces vérifications de sécurité stp:

http://theknitter-apollo.xooit.com/p17644.htm

Ou ici: http://www.vista-xp.fr/forum/topic13109.html#p108827

Le PSI de Secunia est pratique pour connaître les failles dans diverses applications. (non-obligatoire)

En français depuis la version 3.0. Très simple d'utilisation.

 

Fais un nouveau scan ZHPDiag après les éventuelles mises à jour effectuées.

 

@++

[cmoimas]

bonjour , hd plus 4.9 a disparut , c'est super , je te remercie , je met le dernier rapport zhpd.

 

 

~ Rapport de ZHPDiag v2013.12.14.22 - Nicolas Coolman (14/12/2013)
~ Lancé par manolito (28/12/2013 00:58:14)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6002.18005
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2V7GR
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira AntiVir Personal - Free Antivirus v10.2.0.167
Malwarebytes Anti-Malware version 1.75.0.1300
Secunia PSI
McAfee Security Scan Plus v3.0.285.6

---\\ Logiciels d'optimisation du système
CCleaner v3.01 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.3.5.2

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3032 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 99 GB (66%) free of 149 GB

---\\ Mode de connexion au système
~ Computer Name: SYLVIE
~ User Name: manolito
~ All Users Names: manolito, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\manolito\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\manolito\AppData\Roaming\
~ %Desktop% : C:\Users\manolito\Desktop\
~ %Favorites% : C:\Users\manolito\Favorites\
~ %LocalAppData% : C:\Users\manolito\AppData\Local\
~ %StartMenu% : C:\Users\manolito\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 99 Go of 149 Go)
D: Hard drive, Flash drive, Thumb drive (Free 73 Go of 75 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.B13B730D34BE8999E0B213EAA5F7172C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/10/2013 - 03:17:49.) -- C:\Windows\System32\wininet.dll [834048]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/755
~ Mes musiques (My Musics) : 1/326
~ Mes Videos (My Videos) : 1/6
~ Mes Documents (My Documents) : 1/1449
~ Mon Bureau (My Desktop) : 3/909
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [266776] [PID.2428]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.2452]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2568]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.1508]
[MD5.FBB33D6550559030FE42615572FE9FC3] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\PSI_TRAY.exe [565464] [PID.3420]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.3716]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1224]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1640]
[MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1448]
[MD5.5AA788D5A2C6737BB9C45933985BC1B8] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.1896]
[MD5.EC6A73CD8413F68655E5E0B99C415A21] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe [143872] [PID.2108]
[MD5.8FE6AB59CAB8F2C038FEA9522A5EEBA7] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe [113664] [PID.2204]
[MD5.96633419F4A1E37ACB89B45EBCCFE001] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe [238952] [PID.2224]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\system32\PnkBstrA.exe [76888] [PID.2296]
[MD5.5608ED3957105BC14E3C426BB27AC5A1] - (.Intel® Corporation - Intel® PROSet/Wireless Registry Service.) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [477456] [PID.2348]
[MD5.1560C2889A4D508ADA0FF594D9EB66AC] - (...) -- C:\Program Files\Serviio\bin\ServiioService.exe [276480] [PID.2464]
[MD5.250B9120C7C103AFDC0C6643F9691055] - (.Fujitsu Siemens Computers - Testhandler Service.) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104] [PID.2736]
[MD5.DDEBCC0AA7BD3EB02ABCE6B3D8536DEA] - (.Intel® Corporation - Intel® PROSet/Wireless Event Log Service.) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe [866576] [PID.2852]
[MD5.C559672F31ABE6BA7277DD73C4502238] - (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\system32\msiexec.exe [73216] [PID.3856]
[MD5.398A81D590424441B2F5C5C08073CADB] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files\Secunia\PSI\PSIA.exe [1229528] [PID.3464]
[MD5.97D9D6A04E3AD9B6C626B9931DB78DBA] - (.Microsoft Corporation - Programme d’installation de modules Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [39424] [PID.2520]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\2id8v8zw.default-1369406508233\prefs.js (.not file.)
C:\Users\manolito\AppData\Roaming\Mozilla\Firefox\Profiles\o4ulk5q6.default\prefs.js
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (...) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll (.not file.)
~ Firefox Browser: 50 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.) -- C:\Program Files\McAfee Security Scan\3.0.285\mcuicnt.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [manolito]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [manolito]: SquareClock_Castorama_Internet.exe - Raccourci.lnk . (.SquareClock SAS - SquareClock Setup.) -- C:\Users\manolito\Desktop\SquareClock_Castorama_Internet.exe
O4 - GS\Program [manolito]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.3.12.904\Badoo.desktop.exe
O4 - GS\Program [manolito]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [manolito]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [manolito]: Casto 3D Cuisine.lnk . (...) -- C:\Users\manolito\AppData\Local\SquareClock.Production_Castorama_Internet\SQ.3D.Modeller.exe
O4 - GS\Desktop [manolito]: Corbeille - Raccourci.lnk - Clé orpheline
~ Global Startup: 64 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-2674704853-1526591263-719234467-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.line6.net
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{65FE168F-32DA-46BC-9CC2-199765EDA187}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Serviio (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) . (.Fujitsu Siemens Computers - Testhandler Service.) - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
~ Services: 14 Legitimates Filtered in 00mn 03s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe (.not file.)
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{02A45A13-0DF3-421E-92C6-ACB95ABE052C}] (...) -- C:\Program Files\NCSoft\Launcher\NCLauncher.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{07CB9BCC-6F09-4E81-9E81-94247B518B6A}] (...) -- C:\Users\manolito\Desktop\Nouveau dossier\pbsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{158C71DF-4F7D-4C0F-B677-3518842636C9}] (...) -- C:\Users\manolito\InstallWoW.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7208A496-E12C-4548-8924-9097FB9BBA43}] (...) -- D:\InstallWoW.exe (.not file.) [0]
[MD5.C0567761FDFAAF3099E071D32D4F336E] [APT] [{93AA0288-122C-4C8D-B578-240FE9050ABA}] (...) -- C:\Program Files\VLC\vlc-0.9.9-win32.exe [16742799]
[MD5.00000000000000000000000000000000] [APT] [{9B4FDE0B-C100-4E2F-A765-71560E7967EF}] (...) -- C:\Users\manolito\Downloads\InstallWoW.exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (WINIO) . (.http://www.internals.com - WinIo.) - C:\Windows\system32\WinIo.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Power Manager 2.8.3 - (.FIC, Inc..) [HKLM] -- Power Manager_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\Pando Networks]
[HKCU\Software\mif2000]
[HKCU\Software\로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLM\Software\FIC HotKey]
[HKLM\Software\Pando Networks]
[HKLM\Software\Power Manager]
[HKLM\Software\UrbanTerror]
[HKLM\Software\WinIo]
[HKLM\Software\ioUrbanTerror]
~ Key Software: 318 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/02/2011 - 21:12:15 - [7,130] ----D C:\Program Files\Pando Networks
O43 - CFD: 15/08/2008 - 02:58:01 - [2,269] ----D C:\Program Files\Power Manager
O43 - CFD: 20/08/2010 - 02:15:26 - [0,218] --H-D C:\Program Files\SCNvFiles
O43 - CFD: 14/11/2010 - 22:00:17 - [0] ----D C:\Users\manolito\AppData\Roaming\mif2000's Hamlet
O43 - CFD: 11/01/2010 - 00:33:53 - [0] ----D C:\Users\manolito\AppData\Local\._Revolution_
O43 - CFD: 20/12/2013 - 19:25:35 - [0] ----D C:\Users\manolito\AppData\Local\LXiMediaCenter
~ Program Folder: 257 Legitimates Filtered in 00mn 02s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7A3D910CF8F6053DC3F5EB7012F6F049] - 20/12/2013 - 19:34:31 ---A- . (...) -- C:\Windows\MezzmoMediaServer.INI [43]
~ Files: 44 Legitimates Filtered in 00mn 02s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{07f54265-18e0-11e1-a73a-00140b4f9d22}\AutoRun\command. (...) -- F:\Startme.exe (.not file.)
O51 - MPSK:{13551614-0464-11df-b727-00140b4f9d22}\AutoRun\command. (...) -- G:\SolS.exe (.not file.)
O51 - MPSK:{4e5ca27b-2ce5-11de-b184-00140b4f9d22}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
O51 - MPSK:{7a836092-d256-11de-b66e-00140b4f9d22}\AutoRun\command. (...) -- F:\WD SmartWare.exe (.not file.)
O51 - MPSK:{b115218b-3622-11df-bdbe-00140b4f9d22}\AutoRun\command. (...) -- I:\WD SmartWare.exe (.not file.)
O51 - MPSK:{d2528d38-1c52-11e3-9d63-95a8eee8d206}\AutoRun\command. (...) -- G:\iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\BDAgent [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BitDefender Antiphishing Helper [Key] . (...) -- C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Exetender [Key] . (...) -- C:\Program Files\Free Ride Games\GPlayer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\FIC HotKey [Key] . (.Pas de propriétaire - Tray MFC.) -- C:\Program Files\Hotkey Utility\tray.exe
O53 - SMSR:HKLM\...\startupreg\LaunchPad [Key] . (.FIC - LaunchPad Application.) -- C:\Program Files\Launch Pad\LaunchPad.exe
O53 - SMSR:HKLM\...\startupreg\NPCTray [Key] . (...) -- C:\Program Files\Norman\npc\bin\npc_tray.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Pando Media Booster [Key] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O53 - SMSR:HKLM\...\startupreg\PowerManager [Key] . (.Pas de propriétaire - PowerManager Application.) -- C:\Program Files\Power Manager\PM.exe
O53 - SMSR:HKLM\...\startupreg\TrialReset [Key] . (...) -- C:\Windows\regx32.exe (.not file.)
~ SMSR Keys: 33 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [66616]
O58 - SDL:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 12/09/2011 - 11:54:16 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\Drivers\avipbb.sys [138192]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.475048300F9919381C60A3701430CFD7] - 06/10/2013 - 11:49:40 ---A- . (...) -- C:\Windows\System32\Drivers\PnkBstrK.sys [138904]
O58 - SDL:[MD5.68B57D7C11277EA89F78255480376B4D] - 06/12/2013 - 15:47:12 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_x86.sys [16024]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 17/06/2010 - 14:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\System32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.54D0B8343CE8C22412A5F29D32EFD211] - 04/06/2013 - 09:15:02 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 11/04/2009 - 00:46:49 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [5632]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.5C2BDC152BBAB34F36473DEAF7713F22] - 14/12/2010 - 18:51:20 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.CBE5F69A5E5B918225F420BA748F3742] - 14/06/2010 - 09:32:54 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36608]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.819C68FF6C4C63886D636FFB2DABF5EF] - 04/01/2007 - 10:15:08 ---A- . (.http://www.internals.com - WinIo.) -- C:\Windows\System32\WinIo.sys [9336]
~ Drivers: 17 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 04/01/2007 - C:\Windows\system32\WinIo.sys (WINIO) .(.http://www.internals.com - WinIo.) - LEGACY_WINIO
~ Legacy: 129 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {B72EB5A7-A1EE-45BB-A649-BC7F6B4106AB} - (Yahoo! Search) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.DDC00A87285C106B41FA92098A67AB5B] [sPRF][16/05/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.A71DDE2C29FDA26B1199F5507B0AF2DA] [sPRF][21/12/2010] (...) -- C:\Users\manolito\AppData\Local\d3d9caps.dat [7728]
[MD5.6B2B1DC38804916F9535AA655CD7B4B7] [sPRF][22/02/2011] (...) -- C:\Users\manolito\AppData\Local\fusioncache.dat [96]
[MD5.475048300F9919381C60A3701430CFD7] [sPRF][06/10/2013] (...) -- C:\Users\manolito\AppData\Roaming\PnkBstrK.sys [138904]
[MD5.6510FAD6C442F3FF65BA1E3792031F2C] [sPRF][31/07/2009] (...) -- C:\Users\manolito\AppData\Roaming\wklnhst.dat [102]
[MD5.CA1BBBBAF9A7F8F02B49C9B488C82179] [sPRF][30/11/2013] (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\manolito\Desktop\incredimail_install.exe [491784]
[MD5.D8B9844FDFD05CD495F110FFF11C1EE5] [sPRF][28/12/2013] (.Secunia - Secunia PSI Installer.) -- C:\Users\manolito\Desktop\PSISetup.exe [5329480]
~ Files: 10 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SS - | Auto 12/09/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SS - | Demand 30/04/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 10/07/1658 0 | (iPod Service) . (...) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 12/09/2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe
SS - | Demand 05/09/2012 234776 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/01/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/12/2007 143872 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.exe
SR - | Auto 11/01/2007 113664 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe
SR - | Auto 19/07/2010 866576 | (EvtEng) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 04/07/2010 238952 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SR - | Auto 06/10/2013 76888 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 19/07/2010 477456 | (RegSrvc) . (.Intel® Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 06/12/2013 1229528 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files\Secunia\PSI\PSIA.exe
SR - | Auto 31/01/2012 276480 | (Serviio) . (...) - C:\Program Files\Serviio\bin\ServiioService.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 05s



---\\ Scan Additionnel (O88)
Database Version : 13013 - (14/12/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 267683 Items scanned in 00mn 24s



~ 1320 Legitimates filtered by white list
End of the scan (476 lines in 01mn 15s)(0)

[Apollo]

-Ok,

 

Il est important de mettre IE à jour ainsi que d'autres applications délicates.

 

Fais ces vérifications de sécurité stp:

http://theknitter-apollo.xooit.com/p17644.htm

Ou ici: http://www.vista-xp.fr/forum/topic13109.html#p108827

Le PSI de Secunia est pratique pour connaître les failles dans diverses applications. (non-obligatoire)

En français depuis la version 3.0. Très simple d'utilisation.

 

*************

Désinstaller les outils spéciaux.

Télécharge DelFix sur ton bureau. http://general-changelog-team.fr/telechargements/logiciels/viewdownload/75-outils-de-xplode/3-delfix
Lance-le et appuie sur le bouton "Supprimer les outils de désinfection". >> Exécuter.

NB, tu peux également cocher la case "Purger la restauration système", un nouveau point sera automatiquement créé. Conseillé quand le pc est désinfecté.

Delfix s'autodétruira ensuite.

 

Si tout va bien,

• Pense à éditer ton premier post pour ajouter "Résolu" devant le titre. Pour cela clique sur "Modifier" dans ton premier post. Tu pourras alors changer le titre.

Utilise pour ça, l'éditeur complet

@++

[cmoimas]

bonjoue et merci pour tout.

bonjour , j'ai toujours un paneau publicitaire qui m'empoisonne , au nom de "plus hd 4.9"

avez- vous une solution? merci.

 

resolu