~ Rapport de ZHPDiag v2014.9.20.136 - Nicolas Coolman (20/09/2014) ~ Lancé par dridi (21/09/2014 18:11:27) ~ Adresse du Site Web http://nicolascoolman.fr ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Not Found ---\\ Navigateurs Internet MSIE: Internet Explorer v6.0.2900.2180 MFIE: Mozilla Firefox 31.0 GCIE: Google Chrome v37.0.2062.120 (Defaut) OPIE: Opera v12.11 ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows XP, 32-bit Service Pack 2 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ Logiciels de protection du système avast! Antivirus v4.8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 15 Plugin Adobe Reader X ---\\ Informations sur le système ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1014 MB (58% free) System Restore: Activé (Enable) System drive C: has 26 GB (45%) free of 59 GB ---\\ Mode de connexion au système ~ Computer Name: MOAD-B9A0CC44B3 ~ User Name: dridi ~ All Users Names: SUPPORT_388945a0, HelpAssistant, dridi, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Documents and Settings\dridi\Application Data\ZHP\ ~ %AppData% : C:\Documents and Settings\dridi\Application Data\ ~ %Desktop% : C:\Documents and Settings\dridi\Bureau\ ~ %Favorites% : C:\Documents and Settings\dridi\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\dridi\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\dridi\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 59 Go) D: Hard drive, Flash drive, Thumb drive (Free 46 Go of 68 Go) E: Hard drive, Flash drive, Thumb drive (Free 55 Go of 78 Go) F: Hard drive, Flash drive, Thumb drive (Free 80 Go of 93 Go) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Not Inserted) I: Floppy drive, Flash card reader, USB Key (Not Inserted) J: Floppy drive, Flash card reader, USB Key (Not Inserted) K: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 44 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.4C33E5B9A6197B6ED215F6CFBA0A2DAA] - (.Microsoft Corporation - Explorateur Windows.) (.04/08/2004 - 05:54:50.) -- C:\WINDOWS\Explorer.exe [1036288] [MD5.58FE94EF42E074F4CAD8BF02E70E6478] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/08/2004 - 05:54:46.) -- C:\WINDOWS\system32\wininet.dll [660480] [MD5.D2DE785AEAB0BB8CA4C14A8A199DBE4E] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.04/08/2004 - 05:55:02.) -- C:\WINDOWS\system32\Winlogon.exe [506368] [MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/08/2004 - 04:14:16.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/08/2004 - 03:59:44.) -- C:\WINDOWS\system32\Drivers\atapi.sys [95360] [MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04/08/2004 - 04:14:12.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04/08/2004 - 03:59:54.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [49536] [MD5.8B121FF880683607AB2AEF0340721718] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.07/09/2002 - 01:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [35072] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.D1EFCBD693B5BA21314D06368C471070] - (.Microsoft Corporation - Pilote de port i8042.) (.04/08/2004 - 05:41:24.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54400] [MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04/08/2004 - 04:00:16.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [41856] [MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.04/08/2004 - 04:04:52.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [134912] [MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.04/08/2004 - 04:14:30.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [74752] [MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/08/2004 - 04:15:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [451456] [MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.04/08/2004 - 04:14:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.04/08/2004 - 04:15:10.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574592] [MD5.318696359AC7DF48D1E51974EC527DD2] - (.Microsoft Corporation - Pilote de port parallèle.) (.04/08/2004 - 06:05:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04/08/2004 - 04:14:24.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.03/08/2004 - 23:01:16.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196864] [MD5.2CC30B68DD62B73D444A41322CD7FC4C] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.04/08/2004 - 00:39:44.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58496] [MD5.313B1A0D5DB26DFE1C34A6C13B2CE0A7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.04/08/2004 - 05:44:16.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/73 ~ Mes musiques (My Musics) : 0/0 ~ Mes Videos (My Videos) : 0/0 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 4/1822 ~ Mon Bureau (My Desktop) : 9/12415 ~ Menu demarrer (Programs) : 1/88 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.E2323AD197689D607EBC52137B4DFB2E] - (.ALWIL Software - avast! Antivirus updating service.) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [16056] [PID.1604] [MD5.58E57D723BD437049F74408016E1735D] - (.ALWIL Software - avast! antivirus service.) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe [147640] [PID.1652] [MD5.66893067C2FB0505F151D3FCB8EA92B5] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe [78008] [PID.584] [MD5.DB28088CDADA0BE4A2896024393EFA93] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [162584] [PID.632] [MD5.C591E7DB162689C9A73A3BC9E5050F8E] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [138008] [PID.640] [MD5.44F5561C38F33CB1BC99D34573067CBD] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [252696] [PID.728] [MD5.CD4D502F0F7897B432DC3FFF82111410] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3858000] [PID.1144] [MD5.683DAC2785D061484B403676ACADECFD] - (.Pas de propriétaire - ADIMON MFC Application.) -- C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [929870] [PID.1840] [MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3428] [MD5.AC08A03D7E579E2903925736E7AB48F2] - (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [852808] [PID.2312] [MD5.7C5AF154B07BB57AF0EF26F156D5A022] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8106496] [PID.508] ~ Processes Running: Scanned in 00mn 00s ---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1) B1 - OSP: search.ini [dridi] URL=http://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb&fr2=driverpack B1 - OSP: search.ini [dridi] URL=http://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb&fr2=driverpack ~ Opera Browser: 2 Legitimates Filtered in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 04s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\dridi\Application Data\Mozilla\Firefox\Profiles\pr7m8nf1.default\prefs.js M2 - MFEP: prefs.js [dridi - pr7m8nf1.default\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}] [] Спутник @Mail.Ru v2.4.0.60 (..) ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru ~ IE Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (18) ~ Hosts File: Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{09900DE8-1DCA-443F-9243-26FF581438AF} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Documents and Settings\dridi\Application Data\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [BitTorrent] . (.BitTorrent Inc. - BitTorrent.) -- C:\Documents and Settings\dridi\Application Data\BitTorrent\BitTorrent.exe =>P2P.BitTorrent O4 - HKUS\S-1-5-21-1078081533-412668190-839522115-1003\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{CFB124D0-3C2F-4836-A7C8-B9D18764708C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ~ Services: 2 Legitimates Filtered in 00mn 01s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dridi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (BAPIDRV) . (. - .) - C:\WINDOWS\system32\DRIVERS\BAPIDRV.sys (.not file.) ~ Drivers: 86 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Composant Hmk - (...) [HKLM] -- Composant Hmk O42 - Logiciel: DoWnLLowAppp - (.DooWnLoWApp.) [HKLM] -- {15BFA1EF-4B89-F075-6B00-0B4EAD6EFA43} O42 - Logiciel: FaceOnBody - (...) [HKLM] -- FaceOnBody O42 - Logiciel: Smash Up Derby - (...) [HKLM] -- Smash_up_Derby_usa_v2 O42 - Logiciel: Total Overdose - (.Deadline Games.) [HKLM] -- {051E7B99-6D35-4905-BAF3-740893EF657A} ~ Logic: 51 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Cinefoot_Server] [HKCU\Software\Ease-Soft] [HKCU\Software\Nology] [HKLM\Software\Core] [HKLM\Software\DMZ] [HKLM\Software\Tatanka] ~ Key Software: 334 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 20/09/2014 - 13:09:27 - [0] ----D C:\Program Files\360 O43 - CFD: 30/05/2011 - 12:07:49 - [] ----D C:\Program Files\ABArena O43 - CFD: 30/05/2011 - 12:07:58 - [] ----D C:\Program Files\Air Strike II Gulf Thunder O43 - CFD: 30/05/2011 - 12:07:23 - [] ----D C:\Program Files\Avernum 3 O43 - CFD: 21/09/2014 - 07:46:48 - [0] ----D C:\Program Files\DownLow O43 - CFD: 01/12/2013 - 00:29:39 - [] ----D C:\Program Files\FaceOnBody O43 - CFD: 25/05/2011 - 12:09:34 - [0] ----D C:\Program Files\Hardwood Solitaire III O43 - CFD: 29/04/2011 - 16:55:14 - [] ----D C:\Program Files\iFoxSoft O43 - CFD: 05/09/2012 - 13:21:53 - [] ----D C:\Program Files\RY's GAMES O43 - CFD: 18/04/2013 - 14:47:22 - [] ----D C:\Program Files\Smash Up Derby O43 - CFD: 04/09/2012 - 21:24:20 - [] ----D C:\Program Files\Titus O43 - CFD: 01/08/2012 - 15:56:59 - [] ----D C:\Program Files\VID_16A2&PID_0012 O43 - CFD: 14/12/2013 - 16:08:24 - [] ----D C:\Documents and Settings\All Users\Application Data\DoWnLLowAppp O43 - CFD: 01/12/2013 - 00:29:40 - [] ----D C:\Documents and Settings\All Users\Application Data\FaceOnBody O43 - CFD: 19/06/2011 - 21:41:50 - [] ----D C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer O43 - CFD: 25/10/2012 - 21:15:42 - [] --H-D C:\Documents and Settings\All Users\Application Data\{AD634F50-8ABF-463E-B2B1-75C31697CFE7} O43 - CFD: 17/08/2014 - 23:18:11 - [0] ----D C:\Documents and Settings\dridi\Application Data\EncryptStick O43 - CFD: 29/04/2011 - 16:47:33 - [] ----D C:\Documents and Settings\dridi\Local Settings\Application Data\ReaJPEG O43 - CFD: 15/04/2013 - 16:27:52 - [] ----D C:\Documents and Settings\dridi\Menu Démarrer\Programmes\Smash Up Derby O43 - CFD: 01/04/2013 - 11:12:15 - [] ----D C:\Documents and Settings\dridi\Menu Démarrer\Programmes\VIRTUA_TENNIS ~ Program Folder: 209 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.577BC18D2B7812C7F2D5B222DAEB005D] - 17/09/2014 - 23:30:44 ---A- . (...) -- C:\WINDOWS\setupapi.old [137311] O44 - LFC:[MD5.446118FFFF5576434393AE4551A5CA74] - 19/09/2014 - 20:33:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [33512] O44 - LFC:[MD5.AC2D08E241BA946F0A95BDF5BC3E1345] - 19/09/2014 - 23:00:32 ---A- . (...) -- C:\RstAssociations.txt [3343] O44 - LFC:[MD5.38FE831D9C5BA480D5AFB8DE93AE6F4A] - 20/09/2014 - 10:50:04 R--A- . (...) -- C:\WINDOWS\SET8E.tmp [1014836] O44 - LFC:[MD5.5051529BF3627996CFE4A3B14AD67E78] - 20/09/2014 - 10:50:05 R--A- . (...) -- C:\WINDOWS\SET91.tmp [1086058] O44 - LFC:[MD5.3E6967FEB3E18473D8C2627AA0C49AD3] - 20/09/2014 - 10:50:07 R--A- . (...) -- C:\WINDOWS\SET9D.tmp [14043] O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 20/09/2014 - 10:50:22 ---A- . (...) -- C:\WINDOWS\system.ini [231] O44 - LFC:[MD5.F208431256726146C19E83564CD2F52C] - 20/09/2014 - 10:58:30 ---A- . (...) -- C:\WINDOWS\pnplog.txt [125] O44 - LFC:[MD5.D8E50555DB2BE716BFF46CE5A56D90EE] - 20/09/2014 - 11:02:35 ---A- . (...) -- C:\WINDOWS\regopt.log [4684] O44 - LFC:[MD5.645E41BF355C2470DC0F6957BEE81967] - 20/09/2014 - 11:10:16 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200] O44 - LFC:[MD5.7B6DA03D42A2B5B1ECA59B6903F4B18A] - 20/09/2014 - 11:10:49 ---A- . (...) -- C:\WINDOWS\msmqinst.log [10248] O44 - LFC:[MD5.7BD503027C7F748797A370FBBC6E0E13] - 20/09/2014 - 11:10:52 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [120] O44 - LFC:[MD5.4D5795DFF06FC684DE965CE1FE611C05] - 20/09/2014 - 11:11:06 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [23016] O44 - LFC:[MD5.9A348D469A9CD47C886717E40D8F355C] - 20/09/2014 - 11:11:30 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2790] O44 - LFC:[MD5.907228E7D566A0DF2EFE8EDEA671DA36] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [11538] O44 - LFC:[MD5.07495639191FF6B58C01EC8737143E5A] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [1635] O44 - LFC:[MD5.4C3BCF087576BD5C707BFD9CCB8D3B08] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\msgsocm.log [927] O44 - LFC:[MD5.830D2FF3715E767B024DFDDE2F12AE9D] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\ocgen.log [14732] O44 - LFC:[MD5.5DE18F1F50C385AFDEB0ED1E97F6182E] - 20/09/2014 - 11:11:32 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1041] O44 - LFC:[MD5.D2A6C8D222BB27B7E3C8F2E93A0DF4C5] - 20/09/2014 - 11:12:09 ---A- . (...) -- C:\WINDOWS\win.ini [765] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749] O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 20/09/2014 - 11:12:18 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749] O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 20/09/2014 - 11:12:22 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488] O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 20/09/2014 - 11:12:22 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488] O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 20/09/2014 - 11:12:59 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205] O44 - LFC:[MD5.EF02ECEEFD9CA17BF8CC1B33937DC3CC] - 20/09/2014 - 11:13:03 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [410] O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 20/09/2014 - 11:13:07 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832] O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 20/09/2014 - 11:13:07 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392] O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 20/09/2014 - 11:13:08 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640] O44 - LFC:[MD5.0EF38B12815FDA9BB86C1063316E0361] - 20/09/2014 - 11:13:09 ---A- . (...) -- C:\WINDOWS\wmsetup.log [7307] O44 - LFC:[MD5.3A3D74CD5CD3BE9B8A63855ECB0C9F63] - 20/09/2014 - 11:15:33 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [288] O44 - LFC:[MD5.126602456FE28522A0F7A6C2CB69D42E] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\iis6.log [63693] O44 - LFC:[MD5.C08BE115F69CB90491D4A0B592DC1FE0] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\imsins.log [4382] O44 - LFC:[MD5.DF12169D0D55BEE557E95A90EF1BC98E] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [11636] O44 - LFC:[MD5.01785A0DE1CBF690CC783DD75D770C54] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\ocmsn.log [885] O44 - LFC:[MD5.1C6E5AA4173D2F620C045B5259BF9932] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1252] O44 - LFC:[MD5.1652F37E797F4040124D193824BBA8E1] - 20/09/2014 - 11:15:50 ---A- . (...) -- C:\WINDOWS\tsoc.log [10978] O44 - LFC:[MD5.68DA9B4968551F24AC0670D34891E06D] - 20/09/2014 - 11:18:48 ---A- . (...) -- C:\WINDOWS\setuplog.txt [838115] O44 - LFC:[MD5.AD1D7B5829FFCED38C3289F4B2B4138E] - 20/09/2014 - 11:19:03 ---A- . (...) -- C:\WINDOWS\comsetup.log [22121] O44 - LFC:[MD5.E11ED6BB36B3443C2A29C00431FFA8AC] - 20/09/2014 - 11:23:53 ---A- . (...) -- C:\WINDOWS\COM+.log [1548] O44 - LFC:[MD5.E7CB978BE6AD7079CF4117AA763DB7DF] - 20/09/2014 - 11:40:10 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [65858] O44 - LFC:[MD5.7658F33DFF63F4CCE8A6F101017A565D] - 21/09/2014 - 16:36:34 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.4A6D86BF126E113B009EEFD091657A43] - 21/09/2014 - 16:36:35 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] ~ Files: 69 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "F:\Program Files\Messenger\YahooMessenger.exe" [Enabled] .(...) -- F:\Program Files\Messenger\YahooMessenger.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Valve\hl.exe" [Enabled] .(...) -- C:\Program Files\Valve\hl.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Valve\hlds.exe" [Enabled] .(...) -- C:\Program Files\Valve\hlds.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Mes documents\sharing\Wsp_0.9.8\wsp.dll" [Enabled] .(.luki222.) -- C:\Documents and Settings\dridi\Mes documents\sharing\Wsp_0.9.8\wsp.dll O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Local Settings\Temp\RarSFX1\hl.exe" [Enabled] .(...) -- C:\Documents and Settings\dridi\Local Settings\Temp\RarSFX1\hl.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\dridi\Local Settings\Temp\ibtmp4191432\component_560.decrpt" [Enabled] .(...) -- C:\Documents and Settings\dridi\Local Settings\Temp\ibtmp4191432\component_560.decrpt (.not file.) O47 - AAKE:Key Export SP - "D:\Program Files\Return to Castle Wolfenstein\WolfMP.exe" [Enabled] .(.Pas de propriétaire.) -- D:\Program Files\Return to Castle Wolfenstein\WolfMP.exe O47 - AAKE:Key Export SP - "C:\Program Files\360\Total Security\safemon\QHSafeTray.exe" [Enabled] .(...) -- C:\Program Files\360\Total Security\safemon\QHSafeTray.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\360\Total Security\LiveUpdate360.exe" [Enabled] .(...) -- C:\Program Files\360\Total Security\LiveUpdate360.exe (.not file.) ~ Keys Export: 22 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:19/07/2008 - 15:32:15 ---A- . (.ALWIL Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [26944] O58 - SDL:17/07/2003 - 14:48:44 ---A- . (.Analog Deivces - adi loader.) -- C:\WINDOWS\system32\Drivers\adildr.sys [46167] O58 - SDL:01/12/2003 - 09:36:04 R--A- . (.Analog Devices Inc. - ADSL USB Driver.) -- C:\WINDOWS\system32\Drivers\adiusbae.sys [117785] O58 - SDL:12/08/2004 - 11:56:20 R--A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [5810] O58 - SDL:19/07/2008 - 15:37:42 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [20560] O58 - SDL:17/01/2008 - 18:34:01 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\Drivers\aswmon.sys [93264] O58 - SDL:19/07/2008 - 15:37:21 ---A- . (.ALWIL Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\Drivers\aswmon2.sys [94416] O58 - SDL:19/07/2008 - 15:33:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [23152] O58 - SDL:19/07/2008 - 15:35:18 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\WINDOWS\system32\Drivers\aswSP.sys [78416] O58 - SDL:19/07/2008 - 15:32:36 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [42912] O58 - SDL:26/02/2013 - 09:25:26 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atksgt.sys [281760] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528] O58 - SDL:13/04/2008 - 09:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384] O58 - SDL:07/01/2005 - 16:07:16 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [145920] O58 - SDL:01/08/2012 - 19:13:42 ---A- . (.AnchorFree Inc. - Hotspot Shield Routing Driver.) -- C:\WINDOWS\system32\Drivers\HssDrv.sys [39656] O58 - SDL:09/06/2014 - 09:40:58 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121440] O58 - SDL:26/02/2013 - 09:25:26 ---A- . (...) -- C:\WINDOWS\system32\Drivers\lirsgt.sys [25888] O58 - SDL:13/04/2008 - 11:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686] O58 - SDL:13/04/2008 - 11:23:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184] O58 - SDL:13/04/2008 - 09:34:28 ---A- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736] O58 - SDL:13/04/2008 - 11:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792] O58 - SDL:13/04/2008 - 11:23:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776] O58 - SDL:17/07/2004 - 16:36:38 ---A- . (...) -- C:\WINDOWS\system32\Drivers\secdrv.sys [27440] O58 - SDL:13/04/2008 - 11:23:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535] O58 - SDL:13/04/2008 - 11:23:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990] O58 - SDL:13/04/2008 - 11:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424] O58 - SDL:13/04/2008 - 11:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240] O58 - SDL:01/08/2012 - 19:13:40 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\WINDOWS\system32\Drivers\taphss.sys [33512] O58 - SDL:19/09/2014 - 20:33:47 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [33512] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:04/08/2004 - 03:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:07/09/2002 - 01:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:04/08/2004 - 03:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000] O58 - SDL:04/08/2004 - 03:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:04/08/2004 - 03:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:04/08/2004 - 03:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:04/08/2004 - 03:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] ~ Drivers: 100 Legitimates Filtered in 00mn 00s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 19/07/2008 - C:\WINDOWS\system32\Drivers\Aavmker4.sys (Aavmker4) .(.ALWIL Software - avast! Base Kernel-Mode Device Driver for W.) - LEGACY_AAVMKER4 O64 - Services: CurCS - 19/07/2008 - C:\WINDOWS\system32\Drivers\aswMon2.sys (aswMon2) .(.ALWIL Software - avast! File System Filter Driver for Window.) - LEGACY_ASWMON2 O64 - Services: CurCS - 19/07/2008 - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (aswUpdSv) .(.ALWIL Software - avast! Antivirus updating service.) - LEGACY_ASWUPDSV O64 - Services: CurCS - 19/07/2008 - C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Antivirus) .(.ALWIL Software - avast! antivirus service.) - LEGACY_AVAST!_ANTIVIRUS ~ Legacy: 144 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 10 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Documents and Settings\dridi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {3D41F773-C2A2-4541-8F58-DF94FA1311D3} - (Yahoo! Search) - http://search.yahoo.com O69 - SBI: SearchScopes [HKCU] {E88E0043-C9D4-4e33-8555-FEE4F5B63060} - (mail.ru: Поиск в Интернете) - http://go.mail.ru ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Documents and Settings\dridi\Bureau\moiz jeus\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen C:\Documents and Settings\dridi\Mes documents\sharing\Humax 5400...ShareMax5.5 Cracked...Upd.1...23.11.2009.rar =>.Crack,Keygen C:\Program Files\RY's GAMES\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen C:\Documents and Settings\dridi\Bureau\moiz jeus\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen C:\Documents and Settings\dridi\Mes documents\sharing\Humax 5400...ShareMax5.5 Cracked...Upd.1...23.11.2009.rar =>.Crack,Keygen C:\Program Files\RY's GAMES\HALF LIFE COMPIL N°1\Half Life CDkeygen.exe =>.Crack,Keygen ~ Files: Scanned in 00mn 05s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.1854CD2E78EC1C46510F19337C32CA09] [SPRF][05/05/2011] (...) -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [32] [MD5.1B151CCE618BE06C22B55FD4B502B75E] [SPRF][19/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\AdwCleaner.exe [1373475] [MD5.C187EB8ED179E3BF224AF1F514012031] [SPRF][20/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\cureit.exe [155241272] [MD5.1314D5E978CAA1393459471D81C79465] [SPRF][25/07/2011] (.Pas de propriétaire - FaceOnBody MFC Application.) -- C:\Documents and Settings\dridi\Bureau\FaceOnBody 2.4 Portable.exe [1774656] [MD5.E6D6236B8B9AD05F54A8A7D1725F0EC8] [SPRF][26/02/2010] (.hedjazi - hedjazi.w 2009.) -- C:\Documents and Settings\dridi\Bureau\PRESS ALGERIENNE.exe [5744624] [MD5.4A33CAE49476ECBB4D72E52BBE8D87CC] [SPRF][19/09/2014] (...) -- C:\Documents and Settings\dridi\Bureau\RogueKiller.exe [4877400] ~ Files: 9 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 09/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 19/07/2008 250040 | (avast! Mail Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe SS - | Demand 23/07/2008 348344 | (avast! Web Scanner) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe SS - | Demand 04/08/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 18/08/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 04/08/2004 14336 | C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (nosGetPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe SS - | Demand 03/10/2012 725400 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SR - | Auto 19/07/2008 16056 | (aswUpdSv) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe SR - | Auto 19/07/2008 147640 | (avast! Antivirus) . (.ALWIL Software.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by dridi at 21/09/2014 18:11:54 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EEEB8] >> \Device\Harddisk0\DR0[0x86B74AB8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by dridi at 21/09/2014 18:11:56 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13026 - (20/09/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BitTorrent =>P2P.BitTorrent^ ~ Additionnel Scan: 156035 Items scanned in 00mn 10s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station ~ MSI: 0 link(s) detected in 00mn 00s ~ 1043 Legitimates filtered by white list End of the scan (573 lines in 00mn 40s)(6)