zhpdiag.txt

Document joint : DIvts4ytdMp_zhpdiag.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.9.20.136 - Nicolas Coolman (20/09/2014)
~ Lancé par dridi (21/09/2014 18:11:27)
~ Adresse du Site Web http://nicolascoolman.fr
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

---\\ Navigateurs Internet
MSIE: Internet Explorer v6.0.2900.2180
MFIE: Mozilla Firefox 31.0
GCIE: Google Chrome v37.0.2062.120 (Defaut)
OPIE: Opera v12.11

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
avast! Antivirus v4.8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 15 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (45%) free of 59 GB

---\\ Mode de connexion au système
~ Computer Name: MOAD-B9A0CC44B3
~ User Name: dridi
~ All Users Names: SUPPORT_388945a0, HelpAssistant, dridi, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\dridi\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\dridi\Application Data\
~ %Desktop% : C:\Documents and Settings\dridi\Bureau\
~ %Favorites% : C:\Documents and Settings\dridi\Favoris\
~ %LocalAppData% : C:\Documents and Settings\dridi\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\dridi\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 59 Go)
D: Hard drive, Flash drive, Thumb drive (Free 46 Go of 68 Go)
E: Hard drive, Flash drive, Thumb drive (Free 55 Go of 78 Go)
F: Hard drive, Flash drive, Thumb drive (Free 80 Go of 93 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: CD-ROM drive (Not Inserted)

---\\ Etat du Centre de Sécurité Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s

---\\ Recherche particulière de fichiers génériques
[MD5.4C33E5B9A6197B6ED215F6CFBA0A2DAA] - (.Microsoft Corporation - Explorateur Windows.) (.04/08/2004 - 05:54:50.) -- C:\WINDOWS\Explorer.exe [1036288]
[MD5.58FE94EF42E074F4CAD8BF02E70E6478] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/08/2004 - 05:54:46.) -- C:\WINDOWS\system32\wininet.dll [660480]
[MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.04/08/2004 - 05:55:02.) -- C:\WINDOWS\system32\Winlogon.exe [506368]
[MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/08/2004 - 04:14:16.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/08/2004 - 03:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360]
[MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04/08/2004 - 04:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04/08/2004 - 03:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536]
[MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.07/09/2002 - 01:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.04/08/2004 - 05:41:24.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400]
[MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04/08/2004 - 04:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856]
[MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.04/08/2004 - 04:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912]
[MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.04/08/2004 - 04:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752]
[MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/08/2004 - 04:15:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [451456]
[MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.04/08/2004 - 04:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.04/08/2004 - 04:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592]
[MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.04/08/2004 - 06:05:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04/08/2004 - 04:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864]
[MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.04/08/2004 - 00:39:44.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496]
[MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/08/2004 - 05:44:16.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/73
~ Mes musiques (My Musics) : 0/0
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 4/1822
~ Mon Bureau (My Desktop) : 9/12415
~ Menu demarrer (Programs) : 1/88
~ Hidden Files: Scanned in 00mn 00s

---\\ Processus lancés
[MD5.E2323AD197689D607EBC52137B4DFB2E] - (.ALWIL Software - avast! Antivirus updating service.) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [16056] [PID.1604]
[MD5.58E57D723BD437049F74408016E1735D] - (.ALWIL Software - avast! antivirus service.) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [147640] [PID.1652]
[MD5.66893067C2FB0505F151D3FCB8EA92B5] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [78008] [PID.584]
[MD5.DB28088CDADA0BE4A2896024393EFA93] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [162584] [PID.632]
[MD5.C591E7DB162689C9A73A3BC9E5050F8E] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [138008] [PID.640]
[MD5.44F5561C38F33CB1BC99D34573067CBD] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [252696] [PID.728]
[MD5.CD4D502F0F7897B432DC3FFF82111410] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3858000] [PID.1144]
[MD5.683DAC2785D061484B403676ACADECFD] - (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [929870] [PID.1840]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3428]
[MD5.AC08A03D7E579E2903925736E7AB48F2] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [852808] [PID.2312]
[MD5.7C5AF154B07BB57AF0EF26F156D5A022] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8106496] [PID.508]
~ Processes Running: Scanned in 00mn 00s

---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)
B1 - OSP: search.ini [dridi] URL=http://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb&fr2=driverpack
B1 - OSP: search.ini [dridi] URL=http://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb&fr2=driverpack
~ Opera Browser: 2 Legitimates Filtered in 00mn 00s

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 04s

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\dridi\Application Data\Mozilla\Firefox\Profiles\pr7m8nf1.default\prefs.js
M2 - MFEP: prefs.js [dridi - pr7m8nf1.default\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}] [] Ð¡Ð¿ÑƒÑ‚Ð½Ð¸Ðº @Mail.Ru v2.4.0.60 (..)
~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru
~ IE Browser: 9 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (18)
~ Hosts File: Scanned in 00mn 00s

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{09900DE8-1DCA-443F-9243-26FF581438AF} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Documents and Settings\dridi\Application Data\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Documents and Settings\dridi\Application Data\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
~ Services: 2 Legitimates Filtered in 00mn 01s

---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dridi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (BAPIDRV) . (. - .) - C:\WINDOWS\system32\DRIVERS\BAPIDRV.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 00s

---\\ Logiciels installés (O42)
O42 - Logiciel: Composant Hmk - (...) [HKLM] -- Composant Hmk
O42 - Logiciel: DoWnLLowAppp - (.DooWnLoWApp.) [HKLM] -- {15BFA1EF-4B89-F075-6B00-0B4EAD6EFA43}
O42 - Logiciel: FaceOnBody - (...) [HKLM] -- FaceOnBody
O42 - Logiciel: Smash Up Derby - (...) [HKLM] -- Smash_up_Derby_usa_v2
O42 - Logiciel: Total Overdose - (.Deadline Games.) [HKLM] -- {051E7B99-6D35-4905-BAF3-740893EF657A}
~ Logic: 51 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Cinefoot_Server]
[HKCU\Software\Ease-Soft]
[HKCU\Software\Nology]
[HKLM\Software\Core]
[HKLM\Software\DMZ]
[HKLM\Software\Tatanka]
~ Key Software: 334 Legitimates Filtered in 00mn 00s

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/09/2014 - 13:09:27 - [0] ----D C:\Program Files\360
O43 - CFD: 30/05/2011 - 12:07:49 - [] ----D C:\Program Files\ABArena
O43 - CFD: 30/05/2011 - 12:07:58 - [] ----D C:\Program Files\Air Strike II Gulf Thunder
O43 - CFD: 30/05/2011 - 12:07:23 - [] ----D C:\Program Files\Avernum 3
O43 - CFD: 21/09/2014 - 07:46:48 - [0] ----D C:\Program Files\DownLow
O43 - CFD: 01/12/2013 - 00:29:39 - [] ----D C:\Program Files\FaceOnBody
O43 - CFD: 25/05/2011 - 12:09:34 - [0] ----D C:\Program Files\Hardwood Solitaire III
O43 - CFD: 29/04/2011 - 16:55:14 - [] ----D C:\Program Files\iFoxSoft
O43 - CFD: 05/09/2012 - 13:21:53 - [] ----D C:\Program Files\RY's GAMES
O43 - CFD: 18/04/2013 - 14:47:22 - [] ----D C:\Program Files\Smash Up Derby
O43 - CFD: 04/09/2012 - 21:24:20 - [] ----D C:\Program Files\Titus
O43 - CFD: 01/08/2012 - 15:56:59 - [] ----D C:\Program Files\VID_16A2&PID_0012
O43 - CFD: 14/12/2013 - 16:08:24 - [] ----D C:\Documents and Settings\All Users\Application Data\DoWnLLowAppp
O43 - CFD: 01/12/2013 - 00:29:40 - [] ----D C:\Documents and Settings\All Users\Application Data\FaceOnBody
O43 - CFD: 19/06/2011 - 21:41:50 - [] ----D C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
O43 - CFD: 25/10/2012 - 21:15:42 - [] --H-D C:\Documents and Settings\All Users\Application Data\{AD634F50-8ABF-463E-B2B1-75C31697CFE7}
O43 - CFD: 17/08/2014 - 23:18:11 - [0] ----D C:\Documents and Settings\dridi\Application Data\EncryptStick
O43 - CFD: 29/04/2011 - 16:47:33 - [] ----D C:\Documents and Settings\dridi\Local Settings\Application Data\ReaJPEG
O43 - CFD: 15/04/2013 - 16:27:52 - [] ----D C:\Documents and Settings\dridi\Menu Démarrer\Programmes\Smash Up Derby
O43 - CFD: 01/04/2013 - 11:12:15 - [] ----D C:\Documents and Settings\dridi\Menu Démarrer\Programmes\VIRTUA_TENNIS
~ Program Folder: 209 Legitimates Filtered in 00mn 00s

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.577BC18D2B7812C7F2D5B222DAEB005D] - 17/09/2014 - 23:30:44 ---A- . (...) -- C:\WINDOWS\setupapi.old [137311]
O44 - LFC:[MD5.446118FFFF5576434393AE4551A5CA74] - 19/09/2014 - 20:33:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [33512]
O44 - LFC:[MD5.AC2D08E241BA946F0A95BDF5BC3E1345] - 19/09/2014 - 23:00:32 ---A- . (...) -- C:\RstAssociations.txt [3343]
O44 - LFC:[MD5.38FE831D9C5BA480D5AFB8DE93AE6F4A] - 20/09/2014 - 10:50:04 R--A- . (...) -- C:\WINDOWS\SET8E.tmp [1014836]
O44 - LFC:[MD5.5051529BF3627996CFE4A3B14AD67E78] - 20/09/2014 - 10:50:05 R--A- . (...) -- C:\WINDOWS\SET91.tmp [1086058]
O44 - LFC:[MD5.3E6967FEB3E18473D8C2627AA0C49AD3] - 20/09/2014 - 10:50:07 R--A- . (...) -- C:\WINDOWS\SET9D.tmp [14043]
O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 20/09/2014 - 10:50:22 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.F208431256726146C19E83564CD2F52C] - 20/09/2014 - 10:58:30 ---A- . (...) -- C:\WINDOWS\pnplog.txt [125]
O44 - LFC:[MD5.D8E50555DB2BE716BFF46CE5A56D90EE] - 20/09/2014 - 11:02:35 ---A- . (...) -- C:\WINDOWS\regopt.log [4684]
O44 - LFC:[MD5.645E41BF355C2470DC0F6957BEE81967] - 20/09/2014 - 11:10:16 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.7B6DA03D42A2B5B1ECA59B6903F4B18A] - 20/09/2014 - 11:10:49 ---A- . (...) -- C:\WINDOWS\msmqinst.log [10248]
O44 - LFC:[MD5.7BD503027C7F748797A370FBBC6E0E13] - 20/09/2014 - 11:10:52 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [120]
O44 - LFC:[MD5.4D5795DFF06FC684DE965CE1FE611C05] - 20/09/2014 - 11:11:06 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [23016]
O44 - LFC:[MD5.9A348D469A9CD47C886717E40D8F355C] - 20/09/2014 - 11:11:30 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2790]
O44 - LFC:[MD5.907228E7D566A0DF2EFE8EDEA671DA36] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [11538]
O44 - LFC:[MD5.07495639191FF6B58C01EC8737143E5A] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [1635]
O44 - LFC:[MD5.4C3BCF087576BD5C707BFD9CCB8D3B08] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\msgsocm.log [927]
O44 - LFC:[MD5.830D2FF3715E767B024DFDDE2F12AE9D] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\ocgen.log [14732]
O44 - LFC:[MD5.5DE18F1F50C385AFDEB0ED1E97F6182E] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1041]
O44 - LFC:[MD5.D2A6C8D222BB27B7E3C8F2E93A0DF4C5] - 20/09/2014 - 11:12:09 ---A- . (...) -- C:\WINDOWS\win.ini [765]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 20/09/2014 - 11:12:22 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 20/09/2014 - 11:12:22 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 20/09/2014 - 11:12:59 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.EF02ECEEFD9CA17BF8CC1B33937DC3CC] - 20/09/2014 - 11:13:03 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [410]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 20/09/2014 - 11:13:07 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 20/09/2014 - 11:13:07 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 20/09/2014 - 11:13:08 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.0EF38B12815FDA9BB86C1063316E0361] - 20/09/2014 - 11:13:09 ---A- . (...) -- C:\WINDOWS\wmsetup.log [7307]
O44 - LFC:[MD5.3A3D74CD5CD3BE9B8A63855ECB0C9F63] - 20/09/2014 - 11:15:33 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [288]
O44 - LFC:[MD5.126602456FE28522A0F7A6C2CB69D42E] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\iis6.log [63693]
O44 - LFC:[MD5.C08BE115F69CB90491D4A0B592DC1FE0] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\imsins.log [4382]
O44 - LFC:[MD5.DF12169D0D55BEE557E95A90EF1BC98E] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [11636]
O44 - LFC:[MD5.01785A0DE1CBF690CC783DD75D770C54] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\ocmsn.log [885]
O44 - LFC:[MD5.1C6E5AA4173D2F620C045B5259BF9932] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1252]
O44 - LFC:[MD5.1652F37E797F4040124D193824BBA8E1] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\tsoc.log [10978]
O44 - LFC:[MD5.68DA9B4968551F24AC0670D34891E06D] - 20/09/2014 - 11:18:48 ---A- . (...) -- C:\WINDOWS\setuplog.txt [838115]
O44 - LFC:[MD5.AD1D7B5829FFCED38C3289F4B2B4138E] - 20/09/2014 - 11:19:03 ---A- . (...) -- C:\WINDOWS\comsetup.log [22121]
O44 - LFC:[MD5.E11ED6BB36B3443C2A29C00431FFA8AC] - 20/09/2014 - 11:23:53 ---A- . (...) -- C:\WINDOWS\COM+.log [1548]
O44 - LFC:[MD5.E7CB978BE6AD7079CF4117AA763DB7DF] - 20/09/2014 - 11:40:10 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [65858]
O44 - LFC:[MD5.7658F33DFF63F4CCE8A6F101017A565D] - 21/09/2014 - 16:36:34 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.4A6D86BF126E113B009EEFD091657A43] - 21/09/2014 - 16:36:35 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
~ Files: 69 Legitimates Filtered in 00mn 00s

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "F:\Program Files\Messenger\YahooMessenger.exe" [Enabled] .(...) -- F:\Program Files\Messenger\YahooMessenger.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Valve\hl.exe" [Enabled] .(...) -- C:\Program Files\Valve\hl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Valve\hlds.exe" [Enabled] .(...) -- C:\Program Files\Valve\hlds.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Mes documents\sharing\Wsp_0.9.8\wsp.dll" [Enabled] .(.luki222.) -- C:\Documents and Settings\dridi\Mes documents\sharing\Wsp_0.9.8\wsp.dll
O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Local Settings\Temp\RarSFX1\hl.exe" [Enabled] .(...) -- C:\Documents and Settings\dridi\Local Settings\Temp\RarSFX1\hl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Local Settings\Temp\ibtmp4191432\component_560.decrpt" [Enabled] .(...) -- C:\Documents and Settings\dridi\Local Settings\Temp\ibtmp4191432\component_560.decrpt (.not file.)
O47 - AAKE:Key Export SP - "D:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" [Enabled] .(.Pas de propriétaire.) -- D:\Program Files\Return to Castle Wolfenstein\WolfMP.exe
O47 - AAKE:Key Export SP - "C:\Program Files\360\Total Security\safemon\QHSafeTray.exe" [Enabled] .(...) -- C:\Program Files\360\Total Security\safemon\QHSafeTray.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\360\Total Security\LiveUpdate360.exe" [Enabled] .(...) -- C:\Program Files\360\Total Security\LiveUpdate360.exe (.not file.)
~ Keys Export: 22 Legitimates Filtered in 00mn 00s

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s

---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:19/07/2008 - 15:32:15 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [26944]
O58 - SDL:17/07/2003 - 14:48:44 ---A- . (.Analog Deivces - adi loader.) -- C:\WINDOWS\system32\Drivers\adildr.sys [46167]
O58 - SDL:01/12/2003 - 09:36:04 R--A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\adiusbae.sys [117785]
O58 - SDL:12/08/2004 - 11:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810]
O58 - SDL:19/07/2008 - 15:37:42 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [20560]
O58 - SDL:17/01/2008 - 18:34:01 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [93264]
O58 - SDL:19/07/2008 - 15:37:21 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [94416]
O58 - SDL:19/07/2008 - 15:33:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [23152]
O58 - SDL:19/07/2008 - 15:35:18 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [78416]
O58 - SDL:19/07/2008 - 15:32:36 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [42912]
O58 - SDL:26/02/2013 - 09:25:26 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atksgt.sys [281760]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:13/04/2008 - 09:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:07/01/2005 - 16:07:16 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920]
O58 - SDL:01/08/2012 - 19:13:42 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\WINDOWS\system32\Drivers\HssDrv.sys [39656]
O58 - SDL:09/06/2014 - 09:40:58 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121440]
O58 - SDL:26/02/2013 - 09:25:26 ---A- . (...) -- C:\WINDOWS\system32\Drivers\lirsgt.sys [25888]
O58 - SDL:13/04/2008 - 11:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:13/04/2008 - 11:23:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:13/04/2008 - 09:34:28 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:13/04/2008 - 11:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:13/04/2008 - 11:23:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:17/07/2004 - 16:36:38 ---A- . (...) -- C:\WINDOWS\system32\Drivers\secdrv.sys [27440]
O58 - SDL:13/04/2008 - 11:23:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:13/04/2008 - 11:23:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:13/04/2008 - 11:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:13/04/2008 - 11:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:01/08/2012 - 19:13:40 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\taphss.sys [33512]
O58 - SDL:19/09/2014 - 20:33:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [33512]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:04/08/2004 - 03:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:04/08/2004 - 03:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:04/08/2004 - 03:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:04/08/2004 - 03:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:04/08/2004 - 03:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:04/08/2004 - 03:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 100 Legitimates Filtered in 00mn 00s

---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 19/07/2008 - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.ALWIL Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4
O64 - Services: CurCS - 19/07/2008 - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.ALWIL Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2
O64 - Services: CurCS - 19/07/2008 - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (aswUpdSv) .(.ALWIL Software - avast! Antivirus updating service.) - LEGACY_ASWUPDSV
O64 - Services: CurCS - 19/07/2008 - C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus) .(.ALWIL Software - avast! antivirus service.) - LEGACY_AVAST!_ANTIVIRUS
~ Legacy: 144 Legitimates Filtered in 00mn 00s

---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
~ Keys: Scanned in 00mn 00s

---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3D41F773-C2A2-4541-8F58-DF94FA1311D3} - (Yahoo! Search) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} - (mail.ru: Поиск в Интернете) - http://go.mail.ru
~ Keys: Scanned in 00mn 00s

---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Documents and Settings\dridi\Bureau\moiz jeus\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen
C:\Documents and Settings\dridi\Mes documents\sharing\Humax 5400...ShareMax5.5 Cracked...Upd.1...23.11.2009.rar =>.Crack,Keygen
C:\Program Files\RY's GAMES\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen
C:\Documents and Settings\dridi\Bureau\moiz jeus\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen
C:\Documents and Settings\dridi\Mes documents\sharing\Humax 5400...ShareMax5.5 Cracked...Upd.1...23.11.2009.rar =>.Crack,Keygen
C:\Program Files\RY's GAMES\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen
~ Files: Scanned in 00mn 05s

---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1854CD2E78EC1C46510F19337C32CA09] [SPRF][05/05/2011] (...) -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [32]
[MD5.1B151CCE618BE06C22B55FD4B502B75E] [SPRF][19/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\AdwCleaner.exe [1373475]
[MD5.C187EB8ED179E3BF224AF1F514012031] [SPRF][20/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\cureit.exe [155241272]
[MD5.1314D5E978CAA1393459471D81C79465] [SPRF][25/07/2011] (.Pas de propriétaire - FaceOnBody MFC Application.) -- C:\Documents and Settings\dridi\Bureau\FaceOnBody 2.4 Portable.exe [1774656]
[MD5.E6D6236B8B9AD05F54A8A7D1725F0EC8] [SPRF][26/02/2010] (.hedjazi - hedjazi.w 2009.) -- C:\Documents and Settings\dridi\Bureau\PRESS ALGERIENNE.exe [5744624]
[MD5.4A33CAE49476ECBB4D72E52BBE8D87CC] [SPRF][19/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\RogueKiller.exe [4877400]
~ Files: 9 Legitimates Filtered in 00mn 00s

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 09/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 19/07/2008 250040 | (avast! Mail Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
SS - | Demand 23/07/2008 348344 | (avast! Web Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
SS - | Demand 04/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 18/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 04/08/2004 14336 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Demand 03/10/2012 725400 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 19/07/2008 16056 | (aswUpdSv) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
SR - | Auto 19/07/2008 147640 | (avast! Antivirus) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
~ Services: Scanned in 00mn 04s

---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by dridi at 21/09/2014 18:11:54
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EEEB8] >> \Device\Harddisk0\DR0[0x86B74AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Legitimates Filtered in 00mn 02s

---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by dridi at 21/09/2014 18:11:56
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

---\\ Scan Additionnel (O88)
Database Version : 13026 - (20/09/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^
~ Additionnel Scan: 156035 Items scanned in 00mn 10s

---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 4 Legitimates Filtered in 00mn 00s

---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s

~ 1043 Legitimates filtered by white list
End of the scan (573 lines in 00mn 40s)(6)

Signaler le contenu de ce document