cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.13.25 - Nicolas Coolman (13/04/2014)
~ Lancé par seb (14/04/2014 13:19:55)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : RPFFV
Windows License : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004

---\\ Logiciels d'optimisation du système
CCleaner v2.28 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (44% free)
System Restore: Désactivé (Disabled)
System drive C: has 22 GB (15%) free of 149 GB

---\\ Mode de connexion au système
~ Computer Name: PC-DE-SEB
~ User Name: seb
~ All Users Names: seb, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\seb\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\seb\AppData\Roaming\
~ %Desktop% : C:\Users\seb\Desktop\
~ %Favorites% : C:\Users\seb\Favorites\
~ %LocalAppData% : C:\Users\seb\AppData\Local\
~ %StartMenu% : C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 149 Go)
D: Hard drive, Flash drive, Thumb drive (Free 117 Go of 139 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:23:42.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/03/2014 - 00:02:07.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:23:51.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:23:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:24:25.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:24:55.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:23:01.) -- C:\Windows\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3448
~ Mes musiques (My Musics) : 2/930
~ Mes Videos (My Videos) : 1/45
~ Mes Favoris (My Favorites) : 1/73
~ Mes Documents (My Documents) : 0/6204
~ Mon Bureau (My Desktop) : 0/1949
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 16s



---\\ Processus lancés
[MD5.38595C19227D211B5A0932F6609A6C32] - (.ASUS - SmartLogon Application.) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [297528] [PID.1368]
[MD5.B359E8976725CC3F045984851EB90284] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.1532]
[MD5.05C5CBE5C0C26EFF48AF60639F30F4F5] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712] [PID.596]
[MD5.F979E2139F2DD221ECB8506EEAC9931F] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368] [PID.3284]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3854640] [PID.2800]
[MD5.A0DB47CA97B27273C8DC472FBFAD8FF7] - (.Bose Corporation - SoundTouch Music Server.) -- C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe [1323008] [PID.4008]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.4184]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.4856]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.2820]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.5360]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5652]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.3260]
[MD5.08FECDE82830FA31E186E071D87CE86A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8212992] [PID.4228]
[MD5.2784C071EC57DCDBA6D4A2A017F56CD4] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 320.4.) -- C:\Windows\system32\nvvsvc.exe [640288] [PID.1000]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1372]
[MD5.C5FE9DDA1A982FC3CBA26BB80EDDAE8A] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [875296] [PID.1536]
[MD5.609A6F49B6AF0F25837F8A0EDDDB0745] - (.Pas de propriétaire - ADSMSrv.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [73728] [PID.1828]
[MD5.5A055A4777CBBC8845DD598CB2EEBF69] - (.Pas de propriétaire - ASLDR Service.) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208] [PID.1848]
[MD5.7C157574A181B19B9DCF5F339E25337E] - (.Pas de propriétaire - GFNEXSrv.) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208] [PID.1860]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1884]
[MD5.23C3A0680042C0D1DE1F360F8B62BC57] - (.Microsoft Corporation - Infrastructure d'extensibilité pour les ser.) -- C:\Windows\system32\WLANExt.exe [74240] [PID.1908]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2044]
[MD5.A6B41F3044B2C099BBB5531CAA0551D5] - (.Canal+ Active - CanalPlus.VOD.Service.) -- C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [188416] [PID.576]
[MD5.1F7BACA7D1DD1B3D73B4C3934148FAD3] - (.Devguru Co., Ltd. - Device Error Recovery SDK(x86).) -- C:\Windows\system32\dgdersvc.exe [95568] [PID.2124]
[MD5.0796C1E47ADB9825269E64B9DAB4E741] - (.Teruten - FsUsbDevice.) -- C:\Windows\system32\FsUsbExService.exe [233472] [PID.2156]
[MD5.F08D9F81ED9A632A3E52BBDD0B8AECE3] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600] [PID.2204]
[MD5.1C7C6D7481CABD4EF38A81F5B68F02E8] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304] [PID.2528]
[MD5.43079EC16722CBE9CE26D99CFB58B55B] - (.Clarus, Inc. - SZDrvSvc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [19456] [PID.2640]
[MD5.83D3FB3D5649B92FAC8B73BCB32F82B5] - (.ATK0100 - HControl.) -- C:\Program Files\ATK Hotkey\Hcontrol.exe [233472] [PID.1356]
[MD5.8192CC6303ACA5BE84CBB7E7B323A0E9] - (.Pas de propriétaire - MsgTranAgt.) -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe [106496] [PID.1224]
[MD5.BADBC0E13D7BD5B5E09324587041D8C9] - (.Pas de propriétaire - Wireless Console 2.) -- C:\Program Files\Wireless Console 2\wcourier.exe [1040384] [PID.2968]
[MD5.D142CB37F10ACF08E68D9A4A21E29059] - (.ASUS - ASPG application.) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe [154168] [PID.1976]
[MD5.A8B7C92051FBF125D0907DE7CAABF342] - (.ATK - Power4Gear eXtreme.) -- C:\Program Files\P4G\BatteryLife.exe [191032] [PID.1792]
[MD5.8060AABB3722E360BDF17867A7BF7CEA] - (.ATK - ACMON.) -- C:\Program Files\ASUS\Splendid\ACMON.exe [851968] [PID.3480]
[MD5.A391896CD406E6377F5CEF31FDC12019] - (.ASUSTeK - ACEngSvr Module.) -- C:\Windows\System32\ACEngSvr.exe [155648] [PID.3712]
[MD5.CAF3BADEBBD50CAC421FB09AE80B6A56] - (.Pas de propriétaire - ATKOSD.) -- C:\Program Files\ATK Hotkey\ATKOSD.exe [2486272] [PID.1396]
[MD5.7BBC817DDC46A9D5413CB91764E889E8] - (.Pas de propriétaire - KBFiltr Application.) -- C:\Program Files\ATK Hotkey\KBFiltr.exe [106496] [PID.1588]
[MD5.D3917821614CF44F8658B74DAFC59520] - (.Pas de propriétaire - WDC Application.) -- C:\Program Files\ATK Hotkey\WDC.exe [151552] [PID.572]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.0]
~ Processes Running: Scanned in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\6c6t8mk5.default\prefs.js
C:\Users\seb\AppData\Roaming\Mozilla\Firefox\Profiles\t7og9jve.default-1381158163521\prefs.js
P2 - FPN:Firefox Plugin Navigator . (.Pas de propriétaire - npsnapfish.) -- C:\Program Files\Mozilla Firefox\Plugins\npsnapfish.dll
P2 - FPN: [HKLM] [@virtools.com/3DviaPlayer] - (...) -- C:\Program Files\Virtools\3D Life Player\npvirtools.dll (.not file.)
~ Firefox Browser: 33 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: eMule.lnk . (.http://www.emule-project.net - eMule.) -- C:\Program Files\eMule\emule.exe
O4 - GS\Desktop [Public]: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.) -- C:\Program Files\InfraRecorder\infrarecorder.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: MP Navigator EX 2.0.lnk . (.CANON INC. - MP Navigator EX.) -- C:\Program Files\Canon\MP Navigator EX 2.0\mpnex20.exe
O4 - GS\Desktop [Public]: My Printer.lnk . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: SoundTouch.lnk . (.Bose Corporation - SoundTouch Application.) -- C:\Program Files\SoundTouch\SoundTouch.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [seb]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [seb]: InfraRecorder.lnk . (.Christian Kindahl - InfraRecorder.) -- C:\Program Files\InfraRecorder\infrarecorder.exe
O4 - GS\QuickLaunch [seb]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [seb]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [seb]: MSN.lnk . (...) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - GS\QuickLaunch [seb]: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe
O4 - GS\Program [seb]: Crédit Mutuel.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files\Microsoft Silverlight\sllauncher.exe
O4 - GS\Program [seb]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [seb]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [seb]: BMW M3 Challenge.lnk . (...) -- C:\BMW M3 Challenge\BMW.exe (.not file.)
O4 - GS\Desktop [seb]: Casino 770.lnk . (.Global Interactive Marketing Online - Casino770Updater.) -- C:\Casino770\Casino770.exe
O4 - GS\Desktop [seb]: Crédit Mutuel.lnk . (.Microsoft Corporation - Microsoft Silverlight Out-of-Browser Launch.) -- C:\Program Files\Microsoft Silverlight\sllauncher.exe
O4 - GS\Desktop [seb]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) -- C:\Program Files\MPC-HC\mpc-hc.exe
O4 - GS\Desktop [seb]: XnView.lnk . (.XnView, http://www.xnview.com - XnView for Windows.) -- C:\Program Files\XnView\xnview.exe
~ Global Startup: 82 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [SoundTouch Music Server] . (.Bose Corporation - SoundTouch Music Server.) -- C:\Program Files\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-21-549229800-2313244492-1149451891-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-549229800-2313244492-1149451891-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9758D57-A313-4A87-B41A-0197B35B08C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B9758D57-A313-4A87-B41A-0197B35B08C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B9758D57-A313-4A87-B41A-0197B35B08C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{B9758D57-A313-4A87-B41A-0197B35B08C8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: ADSM Service (ADSMService) . (.Pas de propriétaire - ADSMSrv.) - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) . (.Pas de propriétaire - ASLDR Service.) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) . (.Clarus, Inc. - SZDrvSvc.) - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
~ Services: 13 Legitimates Filtered in 00mn 07s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\wallpaper\img24.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\wallpaper\img24.jpg
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PrivacyDR_Popup] (...) -- C:\Program Files\Privacy DR\Splash.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PrivacyDR_Start] (...) -- C:\Program Files\Privacy DR\PrivacyDR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1F767527-D899-4025-B62A-1B0A570C12FC}] (...) -- C:\Users\seb\Downloads\wmp11-windowsxp-x86-FR-FR.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{29572FD4-C06F-4E56-801F-35E5594905AF}] (...) -- c:\Users\seb\T?l?chargements\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{314B59D7-F193-46CA-8BA6-7006B6EA6540}] (...) -- C:\Users\seb\Downloads\mp10setup.exe (.not file.) [0]
[MD5.23A458E8EB269A71A29ADA0CB3E22E65] [APT] [{43E613C9-AA3D-44B0-A3EE-A9864B35186E}] (.MindVision.) -- C:\Windows\unvise32qt.exe [86016]
[MD5.00000000000000000000000000000000] [APT] [{C8ED11B7-9275-45BF-B06C-31ADCD8D9C6D}] (...) -- C:\Users\seb\Downloads\nzd_FroggySetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CBFC3B26-41E6-429E-8C56-D86134665565}] (...) -- C:\Users\seb\T‚l‚chargements\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D7F449D4-ED51-41B1-A15F-2A264EBB5AB9}] (...) -- C:\Users\seb\Downloads\eMule0.50a-Installer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F4498523-9F84-4B67-95C5-EC8D74D7CF9A}] (...) -- C:\Users\seb\Downloads\mp3gain_mp3gain_1.2.5_francais_10867.exe (.not file.) [0]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Casino 770 - (.Global Interactive Limited.) [HKCU] -- Casino 770
O42 - Logiciel: SoundTouch - (.BOSE.) [HKLM] -- {CD307C28-1559-4F72-89E0-23EF94C553E2}
~ Logic: 7 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ELIGCHK]
[HKCU\Software\Filseclab]
[HKCU\Software\IncrediMail]
[HKCU\Software\LC Technology]
[HKCU\Software\OB]
[HKCU\Software\PrivacyDRLanguage]
[HKCU\Software\SoundTouch]
[HKLM\Software\Filseclab]
[HKLM\Software\Shortcut_Module]
[HKLM\Software\SoundTouchMusic]
[HKLM\Software\Wellala]
[HKLM\Software\anset]
~ Key Software: 332 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/07/2012 - 07:19:42 - [4,507] ----D C:\Program Files\GUM6DA5.tmp
O43 - CFD: 29/08/2012 - 23:55:28 - [0,141] ----D C:\Program Files\Heimdall
O43 - CFD: 07/04/2014 - 12:02:31 - [0] ----D C:\Program Files\PlurPush
O43 - CFD: 07/04/2014 - 20:24:12 - [100,437] ----D C:\Program Files\SoundTouch
O43 - CFD: 16/03/2014 - 14:41:11 - [0] ----D C:\Program Files\Uninstaller
O43 - CFD: 01/10/2011 - 17:48:40 - [0] ----D C:\ProgramData\IM
O43 - CFD: 01/10/2011 - 17:46:45 - [0,009] ----D C:\ProgramData\IncrediMail
O43 - CFD: 06/01/2014 - 23:57:26 - [27,641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 26/07/2013 - 21:11:56 - [0] ----D C:\Users\seb\AppData\Roaming\main
O43 - CFD: 23/03/2014 - 23:14:13 - [0] ----D C:\Users\seb\AppData\Roaming\Mediatronic
O43 - CFD: 07/04/2014 - 20:24:56 - [4,943] ----D C:\Users\seb\AppData\Roaming\SoundTouch
O43 - CFD: 07/04/2014 - 21:14:08 - [0] ----D C:\Users\seb\AppData\Roaming\SoundTouchMusicServer
O43 - CFD: 14/04/2014 - 11:59:19 - [0,003] ----D C:\Users\seb\AppData\Local\41
O43 - CFD: 16/03/2014 - 11:22:28 - [0,003] ----D C:\Users\seb\AppData\Local\4540
O43 - CFD: 22/11/2013 - 12:44:13 - [0] ----D C:\Users\seb\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider
O43 - CFD: 04/04/2014 - 10:41:26 - [0,001] ----D C:\Users\seb\AppData\Local\EuroTrade_A.L._Ltd
O43 - CFD: 01/10/2011 - 17:51:38 - [204,185] ----D C:\Users\seb\AppData\Local\IM
O43 - CFD: 12/04/2014 - 08:41:19 - [0] ----D C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider
O43 - CFD: 19/01/2014 - 22:11:39 - [0] ----D C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casino770
~ Program Folder: 288 Legitimates Filtered in 00mn 51s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D6EEA0E4BA7CCC161FDACD2D4E659D1C] - 04/04/2014 - 13:30:39 ---A- . (...) -- C:\Windows\win.ini [230]
O44 - LFC:[MD5.6927607B980EAE71C9CC49C910CED785] - 07/04/2014 - 19:24:31 ---A- . (...) -- C:\Windows\DPINST.LOG [9678]
O44 - LFC:[MD5.F98EAE21D3BA33E737A45A513A978790] - 12/04/2014 - 07:42:20 ---A- . (...) -- C:\Shortcut_Module_12_04_2014_08_42_20.txt [132919]
O44 - LFC:[MD5.D3DE1048D27D3FF611C0CECE5F4B0544] - 12/04/2014 - 17:06:06 ---A- . (...) -- C:\Shortcut_Module_12_04_2014_18_06_06.txt [18505]
O44 - LFC:[MD5.6BCAF46E2B7FA9ACE92B4D39F3037C5C] - 14/04/2014 - 11:04:12 ---A- . (...) -- C:\Windows\System32\acovcnt.exe [45056]
O44 - LFC:[MD5.BF6497004F9AF5E8AF91BF19916E666A] - 14/04/2014 - 11:32:23 ---A- . (...) -- C:\rapport MBAM.txt [1763]
O44 - LFC:[MD5.1D818C180B2CB4D4A477C7CD217AC79D] - 14/04/2014 - 11:57:39 ---A- . (...) -- C:\rapport2 MBAM.txt [11376]
~ Files: 44 Legitimates Filtered in 00mn 47s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.BE993E216F3A95DC932A82396323A3F4] - 14/04/2014 - 11:04:14 ---A- - C:\Windows\Prefetch\INSTUP.EXE-52AC782A.pf
O45 - LFCP:[MD5.F36E5A905DBCD94468EA7691CBFA9275] - 14/04/2014 - 11:04:49 ---A- - C:\Windows\Prefetch\NVBACKEND.EXE-F877D819.pf
O45 - LFCP:[MD5.8918A67695808C247ED88C45A947CDF7] - 14/04/2014 - 11:18:06 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-B90B29AD.pf
O45 - LFCP:[MD5.3E89A4798D9C2698735FCD52F3222FE2] - 14/04/2014 - 11:46:13 ---A- - C:\Windows\Prefetch\AURORA.SCR-082F40F8.pf
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ATKOSD2 [Key] . (.Pas de propriétaire - ATKOSD2.) -- C:\Program Files\ATKOSD2\ATKOSD2.exe
O53 - SMSR:HKLM\...\startupreg\Clarus Drive Manager [Key] . (.Clarus, Inc. - Samsung Drive Manager.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
O53 - SMSR:HKLM\...\startupreg\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon [Key] . (...) -- C:\Users\seb\AppData\Roaming\ValueApps\CH\TBVerifier.dll (.not file.) =>Toolbar.Conduit
O53 - SMSR:HKLM\...\startupreg\FLV Player [Key] . (...) -- C:\Users\seb\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe (.not file.) =>Adware.SocialSkinz
O53 - SMSR:HKLM\...\startupreg\NextLive [Key] . (...) -- C:\Users\seb\AppData\Roaming\newnext.me\nengine.dll (.not file.) =>PUP.NextLive
O53 - SMSR:HKLM\...\startupreg\ZapWallPaper-Classic [Key] . (...) -- C:\Program Files\ZapWallPaper\ZapWallPaper-Classic.exe (.not file.)
~ SMSR Keys: 40 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.4385E371C25C94C804E9D3152BD9E1F7] - 11/08/2007 - 04:19:26 ---A- . (.Windows (R) Codename Longhorn DDK provider - Data Security Manager Driver.) -- C:\Windows\System32\Drivers\AsDsm.sys [29752]
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 27/03/2014 - 07:44:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 27/03/2014 - 07:44:45 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.97AFFA9D95FFE20EEE6229BC6BE166CF] - 15/12/2006 - 08:11:57 ---A- . (.ATK0100 - ATK0100 ACPI Utility.) -- C:\Windows\System32\Drivers\ATKACPI.sys [7680]
O58 - SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] - 18/04/2013 - 18:06:08 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\Windows\System32\Drivers\dgderdrv.sys [20032]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 03:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [342584]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.27BD4AC228EF6C0D490617C32E86A672] - 03/06/2008 - 22:41:51 ---A- . (.Pas de propriétaire - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15928]
O58 - SDL:[MD5.86F4C6BB7E50E178DF08E747EC5C18C3] - 06/11/2010 - 13:11:12 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\System32\Drivers\libusb0.sys [35008]
O58 - SDL:[MD5.8039F480C192DD99FED4EBC71FFBF795] - 29/05/2008 - 18:21:02 ---A- . (.Windows (R) Codename Longhorn DDK provider - ASUS CopyProtect driver.) -- C:\Windows\System32\Drivers\lullaby.sys [15416]
O58 - SDL:[MD5.C6D085C7045200143528136A43A65FDE] - 14/01/2008 - 11:06:32 ---A- . (.ManyCam LLC. - ManyCam Virtual Webcam, WDM Video Capture Driver.) -- C:\Windows\System32\Drivers\ManyCam.sys [21632]
O58 - SDL:[MD5.C35CA13D3627EBD9DD12A23CE781BC3D] - 09/08/2007 - 04:42:08 ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [45568]
O58 - SDL:[MD5.C398BCA91216755B098679A8DA8A2300] - 30/07/2007 - 18:42:58 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [43008]
O58 - SDL:[MD5.2A2554CB24506E0A0508FC395C4A1B42] - 30/07/2007 - 19:54:02 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.0057F29323C393A35903B4C5DAF9A144] - 09/05/2007 - 23:16:39 ---A- . (.Pas de propriétaire - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [28160]
O58 - SDL:[MD5.85DA7B2A2F248C8C69D7D0A526342683] - 01/04/2008 - 23:13:57 ---A- . (.Pas de propriétaire - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [1807744]
O58 - SDL:[MD5.D720E872772D004E304FCE0CE54E1F8A] - 21/08/2013 - 05:31:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:[MD5.A1CC726323FB41FFD29F436A77237E41] - 21/08/2013 - 05:31:38 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 28/09/2009 - 20:57:28 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 03:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 03:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] - 05/02/2013 - 09:54:40 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [37344]
O58 - SDL:[MD5.77EBF3E9386DAA51551AF429052D88D0] - 03/04/1996 - 20:33:26 ---A- . (...) -- C:\Windows\System32\giveio.sys [5248]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 19 Legitimates Filtered in 00mn 12s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 11/04/2014 - 13:23:20 ---A- . (...) -- C:\Users\seb\AppData\Roaming\MPC-HC\default.mpcpl [118]
O61 - LFC: 11/04/2014 - 13:24:34 ---A- . (...) -- C:\Users\seb\Downloads\Shortcut_Module(1).exe [2454016]
O61 - LFC: 11/04/2014 - 13:24:35 ---A- . (...) -- C:\Users\seb\Downloads\Shortcut_Module.exe [2454016]
O61 - LFC: 11/04/2014 - 13:24:35 ---A- . (...) -- C:\Users\seb\Downloads\Upside.Down.2012.MULTI.3D.1080p.Bluray.Half-SBS.x264(1).mkv [10026946771]
O61 - LFC: 11/04/2014 - 13:24:35 ---A- . (...) -- C:\Users\seb\Downloads\Upside.Down.2012.MULTI.3D.1080p.Bluray.Half-SBS.x264.mkv [569689626]
O61 - LFC: 11/04/2014 - 13:24:49 ---A- . (...) -- C:\Users\seb\Recent\AdwCleaner.lnk [442]
O61 - LFC: 11/04/2014 - 13:24:49 ---A- . (...) -- C:\Users\seb\Recent\AdwCleaner[S3].txt.lnk [633]
O61 - LFC: 11/04/2014 - 13:24:49 ---A- . (...) -- C:\Users\seb\Recent\Downloads.lnk [494]
O61 - LFC: 11/04/2014 - 13:24:49 ---A- . (...) -- C:\Users\seb\Recent\Monsters.University.3D.Top-Bottom.2013.FRENCH.1080p.BluRay.x264-CARPEDIEM.mkv.part.lnk [1023]
O61 - LFC: 11/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\Upside.Down.2012.MULTI.3D.1080p.Bluray.Half-SBS.x264(1).mkv.lnk [908]
O61 - LFC: 11/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\Upside.Down.2012.MULTI.3D.1080p.Bluray.Half-SBS.x264.mkv.lnk [893]
O61 - LFC: 11/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\ZHPDiag.txt.lnk [560] =>.Nicolas Coolman
O61 - LFC: 12/04/2014 - 13:24:34 ---A- . (...) -- C:\Users\seb\Downloads\Shortcut_Module(2).exe [2454016]
O61 - LFC: 12/04/2014 - 13:24:35 ---A- . (...) -- C:\Users\seb\Downloads\Shortcut_Module(3).exe [2454016]
O61 - LFC: 12/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\Shortcut_Module_12_04_2014_18_06_06.txt.lnk [650]
O61 - LFC: 14/04/2014 - 13:23:45 ---A- . (...) -- C:\Users\seb\AppData\Roaming\SoundTouch\SoundTouchMusicServer\SoundTouch Music Library.xml [641695]
O61 - LFC: 14/04/2014 - 13:24:49 ---A- . (...) -- C:\Users\seb\Recent\Logs.lnk [855]
O61 - LFC: 14/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\VistaOS (C).lnk [324]
O61 - LFC: 14/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\protection-log-2014-04-14.xml.lnk [1191]
O61 - LFC: 14/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\rapport MBAM.txt.lnk [488]
O61 - LFC: 14/04/2014 - 13:24:50 ---A- . (...) -- C:\Users\seb\Recent\rapport2 MBAM.txt.lnk [493]
~ 10 Fichiers cookies (Cookies files)
~ Files: 39 Legitimates Filtered in 02mn 02s



---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\SpoonUninstall.exe:Zone.Identifier
~ ADS: Scanned in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 21/06/2012 - C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys (mdf16) .(.Pas de propriétaire - Driver for SecretZone.) - LEGACY_MDF16
O64 - Services: CurCS - 21/06/2012 - C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys (mvd23) .(.Pas de propriétaire - Virtual Disk Driver for SecretZone.) - LEGACY_MVD23
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- c:\program files\mozilla firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] F131982BEDFE4C4D896EAC85264890EF - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.9E14FE0B8F09AC5D5BD9D05D37BC459C] [SPRF][03/09/2013] (...) -- C:\ProgramData\nvModes.dat [47889]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{C5F065FC-5AC0-4E20-BEBA-A6891B72C9C0}C:\windows\temp\emule0.50a\emule0.50a\emule.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\temp\emule0.50a\emule0.50a\emule.exe (.not file.)
O87 - FAEL: "UDP Query User{7BF35D96-B7B5-49A5-8DC9-DF71D4033F14}C:\windows\temp\emule0.50a\emule0.50a\emule.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\temp\emule0.50a\emule0.50a\emule.exe (.not file.)
~ Firewall: 259 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5EE4F6C4F24F88249B07B2F5DAD158DB" . (.Boxore Client.) -- C:\Windows\Installer\{4C6F4EE5-F42F-4288-B970-2B5FAD1D85BD}\boxore.ico =>Adware.Boxore
O90 - PUC: "82C703DC955127F4980E32FE495C352E" . (.SoundTouch.) -- C:\Windows\Installer\{CD307C28-1559-4F72-89E0-23EF94C553E2}\icon.ico
~ Update Products: 52 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.60B20E21BBFA2CDA032AFEAB449CD1A6] [WIS][12/04/2014] (.BOSE - SoundTouch.) -- C:\Windows\Installer\43b3a.msi [10731008]
~ WIS: 56 Legitimates Filtered in 00mn 06s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 02/08/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/08/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/07/1658 0 | (KiesAllShare) . (...) - C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
SS - | Demand 29/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/05/2007 73728 | (ADSMService) . (...) - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
SR - | Auto 03/10/2007 94208 | (ASLDRService) . (...) - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 08/08/2007 94208 | (ATKGFNEXSrv) . (...) - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 27/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 06/07/2010 188416 | (CanalPlus.VOD) . (.Canal+ Active.) - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
SR - | Auto 01/05/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\Windows\system32\dgdersvc.exe
SR - | Auto 05/02/2013 233472 | (FsUsbExService) . (.Teruten.) - C:\Windows\system32\FsUsbExService.exe
SR - | Auto 04/10/2013 1867600 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 10/12/2013 1494304 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 21/06/2013 640288 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 05/06/2013 19456 | (SZDrvSvc) . (.Clarus, Inc..) - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 09s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by seb at 14/04/2014 13:26:05

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x8367E916] >> \Device\Harddisk0\DR0[0x86B1D368]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by seb at 14/04/2014 13:26:07

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (13/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\FLV Player] =>Adware.SocialSkinz^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NextLive] =>PUP.NextLive^
[HKCR\VirtualStore\MACHINE\Software\CToolbar] =>Toolbar.Crawler
C:\Users\seb\AppData\Local\AppsHat Mobile Apps =>PUP.CrossRider^
C:\Users\seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppsHat =>PUP.CrossRider^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Casino770 =>Spyware.OnlineGames
C:\Users\seb\AppData\Local\Software =>Adware.Boxore
~ Additionnel Scan: 277150 Items scanned in 00mn 36s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive
http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 5 link(s) detected in 00mn 00s



~ 1429 Legitimates filtered by white list
End of the scan (613 lines in 06mn 49s)(0)

Publicité


Signaler le contenu de ce document

Publicité