cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.26.45 - Nicolas Coolman (26/04/2014)
~ Lancé par Administrateur (27/04/2014 18:34:50)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v23.0.1271.97 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
avast! Ad Blocker v1.0.0.0
Malwarebytes Anti-Malware version 2.0.1.1004
Spybot - Search & Destroy v2.2.25

---\\ Logiciels d'optimisation du système
CCleaner v3.20 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 3, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 2038 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 36 GB (23%) free of 149 GB

---\\ Mode de connexion au système
~ Computer Name: PC_PRINCIPAL
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Profiles\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Profiles\Administrateur\Application Data\
~ %Desktop% : C:\Profiles\Administrateur\Bureau\
~ %Favorites% : C:\Profiles\Administrateur\Favoris\
~ %LocalAppData% : C:\Profiles\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Profiles\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 36 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.1643EF58F167E8EDA0566EA4402ECB8D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.24/02/2014 - 12:45:24.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 20:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/851
~ Mes musiques (My Musics) : 1/112
~ Mes Videos (My Videos) : 2/27
~ Mes Favoris (My Favorites) : 1/450
~ Mes Documents (My Documents) : 1/1732
~ Mon Bureau (My Desktop) : 0/8159
~ Menu demarrer (Programs) : 1/47
~ Hidden Files: Scanned in 00mn 27s



---\\ Processus lancés
[MD5.914BAF92497923A6AAE1700798ED917C] - (.Conexant Systems, Inc. - PRISM Profiles Server Module.) -- C:\WINDOWS\system32\PRISMSVR.exe [381014] [PID.1876]
[MD5.00189555BCBB9AE0D03DF849075EE3EC] - (.Corel Corporation - CorelDRAW(R).) -- C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe [155648] [PID.1480]
[MD5.2D08AC1443FFA7FBED9A5EA5FD49AEB3] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1242728] [PID.1228]
[MD5.7EA50DC775B557AD1E06ABF3C7A2A24D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.160]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Profiles\Administrateur\Application Data\Mozilla\Firefox\Profiles\a8vktdtp.default\prefs.js
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe IE plugin.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [Adobe Version Cue CS2] . (.Adobe Sytems Incorporated - Adobe Version Cue CS2.) -- c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [UIUCU] C:\Profiles\ADMINI~1\LOCALS~1\Temp\UIUCU.exe (.not file.)
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] . (.Google Inc. - Picasa.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-606747145-115176313-725345543-500\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-606747145-115176313-725345543-500\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=about:blank
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} ((no name)) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ((no name)) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139167323500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6005E303-9140-450E-B9C9-2DB328E3ECB3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{6005E303-9140-450E-B9C9-2DB328E3ECB3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: PRISMAPI.DLL . (.Conexant Systems, Inc. - PRISM COM API Interface Library.) -- C:\WINDOWS\system32\PRISMAPI.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Kaspersky Lab - Kaspersky OE plugin loader.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 13 Legitimates Filtered in 00mn 04s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Profiles\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Profiles\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job [240]
O39 - APT: - (..) -- C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job [234]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (avipbb) . (. - .) - C:\WINDOWS\system32\DRIVERS\avipbb.sys (.not file.)
O41 - Driver: (ssmdrv) . (. - .) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (.not file.)
O41 - Driver: (tStLib) . (. - .) - C:\WINDOWS\system32\drivers\tStLib.sys (.not file.)
~ Drivers: 102 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Bazooka Scanner - (.Kephyr.) [HKLM] -- {CB0888EE-96D8-4713-84DC-36462C33AEB4}
O42 - Logiciel: FRANCE PROSPECT Email 120 - (.FRANCEPROSPECT.) [HKLM] -- {CBB4ED66-9C21-4DDF-A6D0-162081570A73}
O42 - Logiciel: HomeSite 4.5 - (...) [HKCU] -- HomeSite 4.5
O42 - Logiciel: MAXIPROSPECT II - (.Quite Simply.) [HKLM] -- {8B422AB9-4DD8-4612-A3A2-25F4F7245FBB}_is1
O42 - Logiciel: Minuterie 2.6 - (.Jean-Paul Doeraene.) [HKLM] -- Minuterie_is1
O42 - Logiciel: New Sign 04142 install - (...) [HKLM] -- New Sign 04142 install
O42 - Logiciel: NewSign AM03127or03128 - (...) [HKLM] -- NewSign AM03127or03128
O42 - Logiciel: VisualLightBox - (...) [HKLM] -- VisualLightBox
O42 - Logiciel: burnatonce - (...) [HKLM] -- burnatonce_is1
O42 - Logiciel: gmax - (.Discreet.) [HKLM] -- {3FA7A919-87DA-42B1-814B-86DE8DCA17C2}
~ Logic: 37 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Allaire]
[HKCU\Software\CCT]
[HKCU\Software\Definitive Solutions]
[HKCU\Software\Minuterie]
[HKCU\Software\OB]
[HKCU\Software\Quite Simply]
[HKCU\Software\Summa]
[HKCU\Software\TNT]
[HKCU\Software\VisualLightBox]
[HKCU\Software\brief]
[HKCU\Software\czysoft]
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]
[HKLM\Software\Allaire]
[HKLM\Software\CCT]
[HKLM\Software\PCTools]
[HKLM\Software\TNT]
[HKLM\Software\Webemail]
[HKLM\Software\wEmeX]
~ Key Software: 369 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/11/2009 - 19:01:46 - [] ---AD C:\Program Files\11.5 Demo Installer WIN
O43 - CFD: 28/09/2007 - 17:27:39 - [] ----D C:\Program Files\acrobat distiller
O43 - CFD: 16/02/2012 - 16:18:40 - [] ---AD C:\Program Files\administrator
O43 - CFD: 19/02/2006 - 22:37:32 - [] ----D C:\Program Files\Allaire
O43 - CFD: 19/11/2007 - 16:01:00 - [] ----D C:\Program Files\Atomic Mail Sender
O43 - CFD: 21/03/2014 - 10:36:08 - [] ----D C:\Program Files\Bazooka Scanner
O43 - CFD: 03/04/2013 - 09:55:32 - [] ----D C:\Program Files\Brief
O43 - CFD: 10/06/2006 - 19:21:48 - [] ----D C:\Program Files\Browser Mouse
O43 - CFD: 26/04/2014 - 10:31:59 - [] ----D C:\Program Files\burnatonce
O43 - CFD: 19/11/2011 - 11:56:48 - [] ----D C:\Program Files\code ean13
O43 - CFD: 18/10/2006 - 17:22:21 - [0] ----D C:\Program Files\ColiPoste
O43 - CFD: 08/01/2007 - 20:21:16 - [] ----D C:\Program Files\DATEXIA DIRECT
O43 - CFD: 15/07/2006 - 09:10:45 - [] ----D C:\Program Files\decccheck
O43 - CFD: 15/07/2006 - 11:17:09 - [] ----D C:\Program Files\dvd2avi
O43 - CFD: 13/09/2007 - 20:06:46 - [] ----D C:\Program Files\E-mail eXtractor
O43 - CFD: 30/04/2008 - 10:20:19 - [0] ----D C:\Program Files\email catcher
O43 - CFD: 14/09/2007 - 19:41:25 - [] ----D C:\Program Files\Email catcher&sender
O43 - CFD: 13/09/2007 - 20:03:36 - [] ----D C:\Program Files\email extractor
O43 - CFD: 12/09/2007 - 11:53:54 - [] ----D C:\Program Files\Email Extractor Files 2.1
O43 - CFD: 12/09/2007 - 11:20:40 - [] ----D C:\Program Files\emailextractor
O43 - CFD: 17/08/2007 - 13:38:32 - [] ----D C:\Program Files\explorer7
O43 - CFD: 02/04/2014 - 16:57:23 - [] ----D C:\Program Files\fichier d'install compactés
O43 - CFD: 26/03/2014 - 10:37:51 - [] ----D C:\Program Files\fichiersd'install compactés
O43 - CFD: 02/01/2008 - 20:46:12 - [0] ----D C:\Program Files\flashMX
O43 - CFD: 04/12/2008 - 21:33:37 - [] ----D C:\Program Files\fomula1_2007
O43 - CFD: 28/12/2009 - 08:52:12 - [] ----D C:\Program Files\formmail
O43 - CFD: 04/12/2008 - 20:05:58 - [] ----D C:\Program Files\formula 1
O43 - CFD: 22/12/2009 - 18:05:27 - [] ----D C:\Program Files\france prospect
O43 - CFD: 15/03/2011 - 18:35:21 - [] ----D C:\Program Files\franceinter
O43 - CFD: 22/12/2009 - 19:16:49 - [] ----D C:\Program Files\FRANCEPROSPECT
O43 - CFD: 18/01/2012 - 12:17:53 - [] ----D C:\Program Files\FTPExpert2
O43 - CFD: 28/01/2014 - 17:01:27 - [] ----D C:\Program Files\Gmax
O43 - CFD: 13/03/2006 - 20:30:16 - [] ----D C:\Program Files\Hemera
O43 - CFD: 04/12/2008 - 19:12:47 - [] ----D C:\Program Files\illustrator cs2
O43 - CFD: 19/07/2011 - 11:29:28 - [] ----D C:\Program Files\indesign
O43 - CFD: 03/09/2011 - 10:15:39 - [] ----D C:\Program Files\InDesign Pro.CS5.v5.0.x64.2011
O43 - CFD: 30/12/2007 - 23:31:12 - [] ----D C:\Program Files\InterActive Vision
O43 - CFD: 15/03/2011 - 18:42:55 - [] ----D C:\Program Files\itune
O43 - CFD: 08/05/2007 - 12:58:13 - [] ----D C:\Program Files\japonais
O43 - CFD: 15/02/2012 - 18:57:01 - [] ----D C:\Program Files\joomla
O43 - CFD: 23/03/2007 - 19:45:06 - [] ----D C:\Program Files\kaperski
O43 - CFD: 01/02/2011 - 16:30:06 - [] ----D C:\Program Files\Maxiprospect
O43 - CFD: 22/04/2011 - 16:16:23 - [] ----D C:\Program Files\MAXIPROSPECT II
O43 - CFD: 04/01/2008 - 12:43:16 - [] ----D C:\Program Files\membersarea
O43 - CFD: 22/09/2011 - 17:47:25 - [] ----D C:\Program Files\Minuterie
O43 - CFD: 03/09/2006 - 18:46:40 - [] ----D C:\Program Files\mod_meteoconsult_1.03
O43 - CFD: 25/11/2013 - 15:42:29 - [] ----D C:\Program Files\New Sign
O43 - CFD: 14/03/2006 - 09:47:33 - [0] ----D C:\Program Files\Nouveau dossier
O43 - CFD: 15/03/2011 - 18:42:43 - [0] ----D C:\Program Files\Nouveau dossier (2)
O43 - CFD: 04/08/2012 - 11:35:35 - [0] ----D C:\Program Files\Nouveau dossier (3)
O43 - CFD: 22/01/2008 - 19:54:57 - [] ----D C:\Program Files\olifax
O43 - CFD: 23/10/2007 - 15:28:11 - [] ----D C:\Program Files\omniformat
O43 - CFD: 03/09/2011 - 08:33:18 - [] ----D C:\Program Files\pdf2swf
O43 - CFD: 24/03/2006 - 21:16:56 - [] ----D C:\Program Files\PI_11
O43 - CFD: 13/01/2011 - 13:55:27 - [] ----D C:\Program Files\qmailremove
O43 - CFD: 09/11/2009 - 19:19:55 - [] ----D C:\Program Files\rsit
O43 - CFD: 12/03/2008 - 12:42:10 - [] ----D C:\Program Files\smart_serial_mail
O43 - CFD: 10/04/2007 - 19:54:24 - [] ----D C:\Program Files\Squirelmail
O43 - CFD: 14/02/2006 - 21:34:29 - [] ----D C:\Program Files\Summa
O43 - CFD: 09/04/2014 - 10:45:29 - [] ----D C:\Program Files\SummaWinPlot
O43 - CFD: 19/01/2011 - 19:44:21 - [] ----D C:\Program Files\supermacro
O43 - CFD: 03/09/2011 - 08:42:08 - [] ----D C:\Program Files\SWFTools
O43 - CFD: 15/10/2008 - 16:17:07 - [] ----D C:\Program Files\TNT
O43 - CFD: 31/03/2011 - 18:03:02 - [0] ----D C:\Program Files\toto
O43 - CFD: 06/02/2008 - 12:59:18 - [] ----D C:\Program Files\Versailles
O43 - CFD: 27/01/2010 - 16:37:11 - [] ----D C:\Program Files\VisualLightBox
O43 - CFD: 16/09/2007 - 20:29:48 - [] ----D C:\Program Files\Webemail miner
O43 - CFD: 13/06/2009 - 09:27:57 - [] ----D C:\Program Files\webemailminer
O43 - CFD: 26/04/2014 - 10:32:32 - [] ----D C:\Program Files\windows7
O43 - CFD: 19/02/2006 - 10:39:51 - [] ----D C:\Program Files\winplotpluginsetupfiles
O43 - CFD: 19/02/2006 - 10:23:13 - [] ----D C:\Program Files\winplotsetupfiles
O43 - CFD: 04/03/2011 - 11:00:12 - [] ----D C:\Program Files\YouTUBE (TM) movie downloader
O43 - CFD: 27/09/2006 - 14:08:15 - [] ----D C:\Program Files\ztreewin
O43 - CFD: 21/03/2014 - 12:10:46 - [] ----D C:\Profiles\All Users\Application Data\Ad-Aware Browsing Protection
O43 - CFD: 23/02/2010 - 18:25:33 - [] -SH-D C:\Profiles\All Users\Application Data\e560373
O43 - CFD: 23/02/2010 - 12:58:10 - [] -SH-D C:\Profiles\All Users\Application Data\MSEBHWRKDAW
O43 - CFD: 26/04/2014 - 10:31:31 - [] -SH-D C:\Profiles\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 17/06/2013 - 17:43:33 - [] ----D C:\Profiles\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
O43 - CFD: 17/06/2013 - 17:43:50 - [] ----D C:\Profiles\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 13/03/2006 - 20:30:16 - [] ----D C:\Profiles\Administrateur\Application Data\Hemera
O43 - CFD: 13/05/2008 - 19:21:26 - [] ----D C:\Profiles\Administrateur\Application Data\LimeWire
O43 - CFD: 21/03/2014 - 10:36:08 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\Bazooka Scanner
O43 - CFD: 25/11/2013 - 15:42:30 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\New Sign
O43 - CFD: 09/07/2012 - 09:27:24 - [] ----D C:\Profiles\Administrateur\Menu Démarrer\Programmes\VisualLightBox
~ Program Folder: 375 Legitimates Filtered in 00mn 07s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.616ECD26F6F0D1370CE955A6412248EC] - 15/04/2014 - 16:50:38 ---A- . (...) -- C:\WINDOWS\CSTBox.INI [50451]
O44 - LFC:[MD5.0065E911F966A71A115D9A52FF3DFC99] - 22/04/2014 - 14:18:27 ---A- . (...) -- C:\WINDOWS\system32\sasnative32.exe [17136]
O44 - LFC:[MD5.38C887B0EACAD10846265AE9531DCDED] - 22/04/2014 - 21:03:30 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [522544]
O44 - LFC:[MD5.9152E69766779128B879974401F663FF] - 23/04/2014 - 13:11:50 -SHA- . (...) -- C:\Thumbs.db [26624]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 26/04/2014 - 08:45:38 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.E526FF40EE197D0BC1E9A015D2C9B066] - 26/04/2014 - 08:45:38 ---A- . (...) -- C:\WINDOWS\win.ini [1210]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/04/2014 - 09:16:12 ---A- . (...) -- C:\WINDOWS\Explorer.EXE.Z-missing.txt [0]
O44 - LFC:[MD5.0D7860A60366B758DFD3C167C67F6D1F] - 26/04/2014 - 09:36:09 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.36DCB8E0A778BFFE442850732F2FBFC5] - 26/04/2014 - 09:36:10 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/04/2014 - 18:51:56 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll [536576]
O44 - LFC:[MD5.416B2D3F86F829DCB0B138FA890789F7] - 26/04/2014 - 22:26:35 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [1111146]
O44 - LFC:[MD5.5683D52C26DA652F3A340E0681FE7295] - 27/04/2014 - 17:29:19 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
~ Files: 28 Legitimates Filtered in 00mn 10s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe" [Enabled] .(...) -- C:\Program Files\Fichiers communs\XpressUpdate\XPressUpdate.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\fxsclnt.exe" [Enabled] .(...) -- C:\WINDOWS\system32\fxsclnt.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\FTPExpert2\FTPxpert.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Program Files\FTPExpert2\FTPxpert.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Real\RealPlayer\realplay.exe" [Enabled] .(...) -- C:\Program Files\Real\RealPlayer\realplay.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\OLIFAXVX\OLIFAX.EXE" [Enabled] .(.Pas de propriétaire.) -- C:\OLIFAXVX\OLIFAX.exe
O47 - AAKE:Key Export SP - "E:\Program Files\wamp\wampmanager.exe" [Enabled] .(...) -- E:\Program Files\wamp\wampmanager.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe" [Enabled] .(.Visicom Media Inc..) -- C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
~ Keys Export: 35 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{974c1c0a-5243-11dc-bdfd-000000000000}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\SJelite3Launch [Key] . (...) -- C:\Profiles\Administrateur\Application Data\Transcend\SJelite3\SJelite3Launch.exe
O53 - SMSR:HKLM\...\startupreg\UIUCU [Key] . (...) -- C:\Profiles\ADMINI~1\LOCALS~1\Temp\UIUCU.exe (.not file.)
~ SMSR Keys: 33 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49248]
O58 - SDL:06/03/2013 - 23:33:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [164736]
O58 - SDL:24/03/2004 - 10:12:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272]
O58 - SDL:24/09/2002 - 09:22:42 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/04/2008 - 17:36:05 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:07/01/2005 - 16:07:16 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920]
O58 - SDL:11/07/2005 - 11:14:42 ---A- . (.Windows (R) 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\jl2008pc.sys [125370]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:03/08/2004 - 21:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:03/08/2004 - 21:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:24/09/2002 - 09:23:23 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:14/01/2005 - 17:14:07 ---A- . (.Protection Technology - StarForce Protection Environment Driver.) -- C:\WINDOWS\system32\Drivers\sfdrv01.sys [47616]
O58 - SDL:28/10/2004 - 11:47:59 ---A- . (.Protection Technology - StarForce Protection Helper Driver.) -- C:\WINDOWS\system32\Drivers\sfhlp02.sys [6656]
O58 - SDL:03/08/2004 - 21:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:03/08/2004 - 21:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:24/09/2002 - 09:22:42 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:24/09/2002 - 09:22:20 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:24/09/2002 - 09:22:27 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:24/09/2002 - 09:22:48 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:24/09/2002 - 09:22:54 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:24/09/2002 - 09:23:14 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 123 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2013 - C:\WINDOWS\system32\Drivers\aswRvrt.sys (aswRvrt) .(...) - LEGACY_ASWRVRT
~ Legacy: 186 Legitimates Filtered in 00mn 01s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EFD26226121BF4382F93D0ED8E9D7858] [SPRF][06/06/2007] (...) -- C:\Profiles\All Users\Application Data\pdfdoc2.dll [1024]
[MD5.BF9D93903B9D01EE3153147B5C08F928] [SPRF][25/05/2007] (...) -- C:\Profiles\All Users\Application Data\pdfxls2.dll [1024]
[MD5.4F029701879F1CEB02EB7907DC565248] [SPRF][26/04/2014] (...) -- C:\Profiles\Administrateur\Bureau\adwcleaner (1) (1).exe [1330861]
[MD5.DC5D65997AD92E0C668F240D305718C8] [SPRF][26/04/2014] (...) -- C:\Profiles\Administrateur\Bureau\reset_connexion.bat [351]
[MD5.A8B1D3AEE48FD33067C808960E68C0BC] [SPRF][06/10/2012] (.Romain Bourdon (Roms) - WampServer 2 Setup.) -- C:\Profiles\Administrateur\Bureau\WAMP Server.exe [2072063]
[MD5.18B54B53CEE0E7204495BAB864EBBF03] [SPRF][14/04/2006] (.Yahoo! Inc. - YInstHelper Module.) -- C:\WINDOWS\Downloaded Program Files\yinsthelper.dll [188968]
~ Files: 18 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "A608ECA5C01900D438745A248657AB7F" . (.IObit Toolbar v7.3.) -- C:\WINDOWS\Installer\{5ACE806A-910C-4D00-8347-A5426875BAF7}\ARPPRODUCTICON.exe =>PUP.Dealio
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:167b88b4="%89wNC%81%25%29n%c3%c6h%95%db%2c%a2%7c%8e%c1%d6%b5%d2%c4%60n%80k%fbi=%be%0b%eb_%93%12d%3a%e0mH%7fI%d3%5b%9b%b6%bd%b1"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:2819d2ba="%fc%249%b8%16%1d%16%d8"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:2f5dc75="6%a3A%a8W%dej%24"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:3854b8a6="%bdB%eeht%d4%a1%e9"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:4bcea63d="A%ea%03%23%ec0%fe%e4%c7%87%a1%b0%d4%fd%25%84%e9%b0u%ac%7c%ae%60%ab%bd%d6%eb%da%bf%d0B%b9J%d0%f4%cdTV%ab%ea%94%baN%fdR
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:568d2252="%8b%820%0f0y%1e%83%e2h%22%3bK%c2t%29%f3%01%e7%f3z%f69%de%3a%24%2c%25%08%cb%7c%93%a7%26%b8%8c%19%d7%16G%a7%21%c1%10%fb
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:56ce4d0d="%fc%249%b8%16%1d%16%d8"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:5ee5f46="%fc%249%b8%16%1d%16%d8"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:87960ac2="A%ea%03%23%ec0%fe%e4%c7%87%a1%b0%d4%fd%25%84%7c%05%e6%82%03%3b%2c%05g%04%ebh%a7%ac%ad%16c%eaY%03%023%a7%3c%ef%aeB%ean
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:89aedc31="%3a%bd%ae%ce%14%caN%5e%5d%96%c7%c9%5e%3e%b1R"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:97b5fa41="%bdB%eeht%d4%a1%e9"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:=""
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a76ed395="%2b%0e%8d%d1%0f%88%9a%c7"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a7966986="%81%92%5b%d7%0bh%b3%3e%0d%254%d9%8b%05%a2%15"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:a7c499ab="%fc%249%b8%16%1d%16%d8"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:aa9e377a="%f2%5ca%aa%cd%0c%ed%c6%a0%e7%18l%b5T%f4%97"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:b308e13d="%2c%b6%c0%7e%de%d0%aa%5e%7f%f2u%04%8e%bb%b0%e3"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:bf1cd3c3="%fe%11%1fR%27%0d%0f%97"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ccf3978b="%7d%f0%7dZq%bc%2bC"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:cdbdeaa8="%7d%f0%7dZq%bc%2bC"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ee6e5e89="_%f4%96%c8J%7b%1dL%5b%85%12%e8%25%e8%bb%06%0d%d4%3a%d3%0e%d0v%e7%92%f0%a7%01%10%bcH%cab%a6%87X1%01%89%a9O%b0%11T%f3%a
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ef4e1b6="%2c%b6%c0%7e%de%d0%aa%5e%7f%f2u%04%8e%bb%b0%e3"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:f75641ea="%7d%f0%7dZq%bc%2bC"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:f92f3e70="%0dtX%aa%dd%0c%c1%b3"
[HKCU\Software\e3efa583-836a-eb59-b5e5-33fa2a901be0]:ffd56eff="y%e9%9e%c6%d5%8fJ%ea"
~ Export Key Software: Scanned in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS: Allaire FTP & RDS - {0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}
O92 - MNS: Nikon View - {C56C4E21-706D-11d0-AFC5-444553540003}
~ MNS: 3 Legitimates Filtered in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (26/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 470916 Items scanned in 04mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ MSI: 1 link(s) detected in 00mn 00s



~ 1346 Legitimates filtered by white list
End of the scan (604 lines in 05mn 54s)(0)

Publicité


Signaler le contenu de ce document

Publicité