~ Rapport de ZHPDiag v2014.5.8.57 - Nicolas Coolman (08/05/2014) ~ Lancé par Delphine (08/05/2014 18:28:40) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows Vista (TM) Ultimate, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 932CC Windows Automatic Updates : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2018 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ Logiciels d'optimisation du système CCleaner v2.35 ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 10 Plugin Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (62% free) System Restore: Activé (Enable) System drive C: has 10 GB (23%) free of 44 GB ---\\ Mode de connexion au système ~ Computer Name: PC-DE-DELPHINE ~ User Name: Delphine ~ All Users Names: Delphine, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Delphine\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Delphine\AppData\Roaming\ ~ %Desktop% : C:\Users\Delphine\Desktop\ ~ %Favorites% : C:\Users\Delphine\Favorites\ ~ %LocalAppData% : C:\Users\Delphine\AppData\Local\ ~ %StartMenu% : C:\Users\Delphine\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 44 Go) D: Hard drive, Flash drive, Thumb drive (Free 354 Go of 422 Go) E: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 47 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 22:27:38.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.18/01/2008 - 22:33:38.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/05/2014 - 07:36:18.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 22:28:14.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.A201207363AA900ABF1A388468688570] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/04/2009 - 20:47:04.) -- C:\Windows\system32\Drivers\AFD.sys [273920] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 22:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 20:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 20:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.218D8AE46C88E82014F5D73D0236D9B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/04/2009 - 20:14:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 20:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.18/01/2008 - 20:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 20:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.454341E652BDF5E01B0F2140232B073E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/11/2010 - 17:46:15.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 20:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 22:32:50.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 20:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.10/04/2009 - 20:52:36.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 20:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 20:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.10/04/2009 - 22:32:56.) -- C:\Windows\system32\Drivers\volsnap.sys [226280] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 1/578 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/38 ~ Mes Documents (My Documents) : 1/112 ~ Mon Bureau (My Desktop) : 1/14 ~ Menu demarrer (Programs) : 1/64 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3604] [MD5.CCC08DE1286571175A75A56563C37715] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4706304] [PID.3728] [MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.2832] [MD5.BA9A09CF1B9503C363617F3748F6D791] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.3392] [MD5.CCD09CA21C1946AF24834512BD9A6FCA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7873536] [PID.2648] [MD5.387DC341E2AED29EB8F67B6EE53BB43B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 191.0.) -- C:\Windows\system32\nvvsvc.exe [215656] [PID.984] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1308] [MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1692] [MD5.177FF6608B48638D4066726F3A3F8444] - (...) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400] [PID.1280] [MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1508] [MD5.70D7BE78061126DD0C3ACCDB7E129017] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144672] [PID.2060] [MD5.00A92BD55853CAA7AA4892B266A09AD5] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.2220] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2252] [MD5.3331735A4F990A7C21AF7C0E574FD684] - (.O&O Software GmbH - O&O Defrag Agent (Win32).) -- C:\Windows\system32\oodag.exe [1049856] [PID.2380] [MD5.B1691AF4A072CB674D600DB16DD7308E] - (.Rocket Division Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [275968] [PID.2500] [MD5.55141DBD546F86517D2381522BA0D1F1] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [240232] [PID.2524] [MD5.925F0C3E7E53F1FF76C7256DF17B2D73] - (.TeamViewer GmbH - TeamViewer Service.) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [185640] [PID.2592] ~ Processes Running: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Delphine\AppData\Roaming\Mozilla\Firefox\Profiles\wi3m7yob.default\prefs.js M0 - MFSP: prefs.js [Delphine - wi3m7yob.default] http://www.lequipe.fr ~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline ~ Application: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {E31004D1-A431-41B8-826F-E902F9D95C81} . (.Microsoft Corporation - Bonus Microsoft Windows Vista Édition Intég.) -- C:\Windows\System32\DreamScene.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) ~ Services: 10 Legitimates Filtered in 00mn 07s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (Win32).) -- C:\Windows\System32\OODBS.exe ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT: - (..) -- C:\Windows\Tasks\{39A04428-3349-4FF7-B2B9-56CE08340CBF}.job [204] O39 - APT: - (..) -- C:\Windows\Tasks\{495B6A51-6E99-4794-8E31-55CD898E983D}.job [616] ~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Softonic] =>Toolbar.Conduit ~ Key Software: 198 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 16/12/2007 - 22:45:03 - [] ----D C:\Program Files\BitLocker O43 - CFD: 24/07/2010 - 12:26:50 - [] ----D C:\Users\Delphine\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1 O43 - CFD: 23/12/2007 - 16:17:21 - [] ----D C:\Users\Delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La sélection Libre Essai ~ Program Folder: 151 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.37885808A6E97243A94913DDF226D44E] - 07/05/2014 - 16:42:44 ---A- . (...) -- C:\Windows\win.ini [177] O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] O44 - LFC:[MD5.47F22CAD4A16BB40153555D631546B94] - 07/05/2014 - 22:21:20 ---A- . (...) -- C:\Windows\System32\tcpmon.ini [60124] O44 - LFC:[MD5.628FBD4EF5BD0082C473AB1291F5A46E] - 07/05/2014 - 22:21:36 ---A- . (...) -- C:\Windows\System32\winrm.vbs [195122] O44 - LFC:[MD5.4599D028A0CA8B54555CF72345940B45] - 07/05/2014 - 22:21:40 ---A- . (...) -- C:\Windows\System32\gatherWiredInfo.vbs [12198] O44 - LFC:[MD5.6C054DA115C2CA2C523ABD159ED7814B] - 07/05/2014 - 22:21:40 ---A- . (...) -- C:\Windows\System32\gpedit.msc [147439] O44 - LFC:[MD5.97AED7FC6C2B38F34CA1A3C10D2F5A60] - 07/05/2014 - 22:21:42 ---A- . (...) -- C:\Windows\System32\fsmgmt.msc [144909] O44 - LFC:[MD5.2BC2546831B054680C6F59888F295E44] - 07/05/2014 - 22:22:32 ---A- . (...) -- C:\Windows\System32\secpol.msc [120458] O44 - LFC:[MD5.371199E48F046F5CF5F7F57BF8180E57] - 07/05/2014 - 22:22:44 ---A- . (...) -- C:\Windows\System32\manage-bde.ini.en [81158] O44 - LFC:[MD5.78139758BE8E544475AF2BAFD7BF865D] - 07/05/2014 - 22:22:44 ---A- . (...) -- C:\Windows\System32\manage-bde.wsf [128482] O44 - LFC:[MD5.9E28B756F6CD07A9A93D9172EF8820FB] - 07/05/2014 - 22:36:52 ---A- . (...) -- C:\Windows\SPInstall.etl [196608] O44 - LFC:[MD5.8CA7376C2545FEDF2A1222DBFA1B6341] - 07/05/2014 - 23:01:45 ---A- . (...) -- C:\Windows\DtcInstall.log [468] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 07/05/2014 - 23:03:00 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest [749] O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 08/05/2014 - 06:37:52 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008] O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 08/05/2014 - 06:37:57 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239] O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 08/05/2014 - 06:37:58 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918] O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 08/05/2014 - 06:38:03 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612] O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 08/05/2014 - 06:38:03 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [18904] O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 08/05/2014 - 06:38:12 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966] O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 08/05/2014 - 06:38:17 ---A- . (...) -- C:\Windows\System32\korwbrkr.lex [11967524] O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 08/05/2014 - 06:38:30 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640] O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 08/05/2014 - 06:38:51 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788] O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 08/05/2014 - 06:38:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248] O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 08/05/2014 - 06:38:54 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698] O44 - LFC:[MD5.609994C36C394A8D80426BC2CB00CEF7] - 08/05/2014 - 06:39:01 ---A- . (.Pas de propriétaire - Application PrintBrm.) -- C:\Windows\System32\PrintBrmUi.exe [62976] O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 08/05/2014 - 06:39:03 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212] O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 08/05/2014 - 06:39:03 ---A- . (...) -- C:\Windows\System32\RacUREx.xml [153] O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 08/05/2014 - 06:39:06 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170] O44 - LFC:[MD5.1EFB6FD443E2E48AAC0F65E552ACD6E9] - 08/05/2014 - 06:52:31 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [1210] O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 08/05/2014 - 07:36:17 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822] O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 08/05/2014 - 07:36:29 ---A- . (...) -- C:\Windows\System32\icrav03.rat [8798] O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 08/05/2014 - 07:36:29 ---A- . (...) -- C:\Windows\System32\ticrf.rat [1988] O44 - LFC:[MD5.701374653A10020F9D7CB4E324C503AD] - 08/05/2014 - 07:37:55 ---A- . (...) -- C:\Windows\IE9_main.log [7572] O44 - LFC:[MD5.3B457012BDBDD72D2F66F3428B3AD8D1] - 08/05/2014 - 17:16:08 ---A- . (...) -- C:\Windows\System32\oodbs.lor [517185] ~ Files: 1540 Legitimates Filtered in 00mn 31s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{2ae660f3-abf1-11dc-a4b1-001731f8d91b}\AutoRun\command. (...) -- F:\BSAutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:18/10/2006 - 21:44:48 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [7680] O58 - SDL:19/10/2006 - 03:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys [10304] O58 - SDL:19/10/2006 - 03:11:30 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys [12096] O58 - SDL:19/10/2006 - 11:12:16 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [12664] O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520] O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944] O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944] O58 - SDL:21/05/2004 - 20:15:31 ---A- . (...) -- C:\Windows\System32\Drivers\LVUSBSta.sys [19968] O58 - SDL:16/12/2007 - 16:42:08 ---A- . (.PARADOX - Release Build v1.00.) -- C:\Windows\System32\Drivers\royal.sys [240128] O58 - SDL:16/12/2007 - 17:07:14 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [685816] O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112] O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408] O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816] O58 - SDL:19/04/2010 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984] O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 92 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 07/05/2014 - 18:29:50 ---A- . (...) -- C:\Users\Delphine\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [203537] ~ 467 Fichiers temporaires (Temporary files) ~ 18 Fichiers cookies (Cookies files) ~ Files: 8 Legitimates Filtered in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 07/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID ~ Legacy: 82 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 13 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: prefs.js [Delphine - wi3m7yob.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.04FF48CAA668CE89EA77660F7E334F4C] [SPRF][08/05/2014] (...) -- C:\ProgramData\nvModes.dat [111420] ~ Files: 5 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 10/07/1658 0 | (NMIndexingService) . (...) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe SS - | Disabled 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/09/2006 102400 | (AdobeActiveFileMonitor5.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 13/08/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 07/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 20/11/2008 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe SR - | Auto 27/09/2009 215656 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 28/06/2007 1049856 | (O&O Defrag) . (.O&O Software GmbH.) - C:\Windows\system32\oodag.exe SR - | Auto 28/05/2007 275968 | (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe SR - | Auto 27/09/2009 240232 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 12/01/2010 185640 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe SR - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 08s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Delphine at 08/05/2014 18:30:20 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys 1 nt!IofCallDriver[0x8288214B] >> \Device\Harddisk0\DR0[0x85465AC8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 12 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Delphine at 08/05/2014 18:30:22 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Liste des émulateurs de CD/DVD (MBR Hook) O58 - SDL:16/12/2007 - 17:07:14 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [685816] ~ Emulateurs: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13045 - (08/05/2014) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange [HKCU\Software\Softonic] =>Toolbar.Conduit ~ Additionnel Scan: 180347 Items scanned in 00mn 28s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit ~ MSI: 1 link(s) detected in 00mn 00s ~ 2305 Legitimates filtered by white list End of the scan (467 lines in 02mn 11s)(0)