cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2015.3.12.29 - Nicolas Coolman (12/03/2015)
~ Lancé par Administrateur (17/03/2015 10:00:38)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Adresse du Forum http://forum.nicolascoolman.fr
~ Traduit par Nicolas Coolman
~ Etat de la version : Nouvelle version disponible
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 33.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)

---\\ Logiciels de protection du système

---\\ Logiciels d'optimisation du système
CCleaner v3.27

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player Plugin
Adobe Reader 8.1.2 - Français

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 503 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 93 GB (94%) free of 98 GB

---\\ Mode de connexion au système
~ Computer Name: SWEET-6F2A781C1
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur,
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 93 Go of 98 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 98 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 84 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Free 0 Go of 0 Go)
I: Floppy drive, Flash card reader, USB Key (Free 0 Go of 2 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 51 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.A9A7C2D6571E8FF9FE910BE2A319DCA8] - (.Microsoft Corporation - Explorateur Windows.) (.17/03/2015 - 02:44:34.) -- C:\WINDOWS\Explorer.exe [1584128]
[MD5.B8FCD84F253A7EB9F14DE1163FD68379] - (.Microsoft Corporation - Internet Extensions for Win32.) (.25/06/2008 - 18:31:07.) -- C:\WINDOWS\system32\wininet.dll [971264]
[MD5.DE669722494CF41F6E39A62B3B08525C] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.25/06/2008 - 18:31:07.) -- C:\WINDOWS\system32\Winlogon.exe [561152]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/06/2008 - 18:29:53.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 12:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/06/2008 - 18:29:57.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/06/2008 - 18:29:58.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.25/06/2008 - 18:30:17.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.25/06/2008 - 18:30:19.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.25/06/2008 - 18:30:21.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.25/06/2008 - 18:30:22.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.25/06/2008 - 18:30:24.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.25/06/2008 - 18:30:23.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.25/06/2008 - 18:30:30.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.25/06/2008 - 18:30:43.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.25/06/2008 - 18:30:47.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.25/06/2008 - 18:30:13.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/06/2008 - 18:30:53.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.25/06/2008 - 18:31:05.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 2/14
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648] [PID.1284]
[MD5.AAC20E2DC0EFF52E91F9672B11144365] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.340]
[MD5.41D82876036E46F9F37DBFAACA72E974] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [106496] [PID.3160]
[MD5.493710C72868C76100C920576BACEC2D] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [90112] [PID.3172]
[MD5.B5085E3184574E5DBF77C8AF30FADEB5] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [126976] [PID.3180]
[MD5.80CFAE4CD19FBCB392CEE0D9700C2ED5] - (.DAEMON'S HOME - Virtual DAEMON Manager.) -- C:\Program Files\D-Tools\daemon.exe [94208] [PID.3348]
[MD5.7334DFA83020E95EC820BCE8E5F5E9A2] - (.Andreas Eliasson (EliasAE) - WinMover executable.) -- C:\Program Files\WinMover\WinMover.exe [200704] [PID.3640]
[MD5.D5700DA7D9941554AFB04948067D7914] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3821136] [PID.3652]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [269848] [PID.3792]
[MD5.23970D86B4D250ECA6563D6699E4E7CC] - (...) -- C:\Documents and Settings\Administrateur\Bureau\jfrnlmf4.exe [163910440] [PID.1864]
[MD5.D6295410E4A4C8AEF023691EB0316A16] - (...) -- c:\documents and settings\administrateur\local settings\temp\F75563F4-CB42EB46-C5E4B56C-5B843FD6\9LSQShLcWxs2.exe [2134440] [PID.1828]
[MD5.F13139797A213C1E265B49778F5E7810] - (...) -- c:\documents and settings\administrateur\local settings\temp\F75563F4-CB42EB46-C5E4B56C-5B843FD6\lSOCag6q.exe [7154944] [PID.1744]
[MD5.94AA4FA24057745DFBC6ABB1A1A7F63C] - (...) -- c:\documents and settings\administrateur\local settings\temp\F75563F4-CB42EB46-C5E4B56C-5B843FD6\U9W4orH6ga.exe [479248] [PID.1224]
[MD5.CC01B1B9B7A37EE887DBC0265D6E6EC8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8290816] [PID.2036]
~ Processes Running: Scanned in 00mn 05s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,,C:\Program Files\xgtjhpmq\gmlvrsvh.exe
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hôte est sain (The hosts file is clean) (19)
~ Hosts File: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [igfxtray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mmm] . (...) -- C:\WINDOWS\system32\mmm.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] . (.DAEMON'S HOME - Virtual DAEMON Manager.) -- C:\Program Files\D-Tools\daemon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] . (.Microsoft Corporation - Microsoft IME.) -- C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
O4 - HKLM\..\Run: [MSPY2002] . (...) -- C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
O4 - HKLM\..\Run: [PHIME2002ASync] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKLM\..\Run: [PHIME2002A] . (.Microsoft Corporation - 微軟新注音輸入法 2002a.) -- C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
O4 - HKCU\..\Run: [WinMover] . (.Andreas Eliasson (EliasAE) - WinMover executable.) -- C:\Program Files\WinMover\WinMover.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
O4 - HKUS\S-1-5-21-861567501-527237240-1417001333-500\..\Run: [WinMover] . (.Andreas Eliasson (EliasAE) - WinMover executable.) -- C:\Program Files\WinMover\WinMover.exe
O4 - HKUS\S-1-5-21-861567501-527237240-1417001333-500\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: qpevikeffmznimkkasvw (stmwcysyyc) . (...) - C:\WINDOWS\system32\fsldsw.exe
~ Services: 2 Legitimates Filtered in 00mn 06s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Aasppapmmxkleh]
[HKLM\Software\7F68A003]
~ Key Software: 210 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/03/2015 - 20:09:38 - [] ----D C:\Program Files\ANGEL LOVE
O43 - CFD: 14/03/2015 - 00:43:38 - [] R---D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Jeux
~ Program Folder: 121 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.741856B15DCF6A281B7F674FBDB354CE] - 14/03/2015 - 00:41:48 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [92286]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 14/03/2015 - 00:41:54 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] - 14/03/2015 - 00:41:54 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3914]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 14/03/2015 - 00:41:54 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] - 14/03/2015 - 00:41:55 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27768]
O44 - LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] - 14/03/2015 - 00:41:55 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1263]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 14/03/2015 - 00:41:56 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\Bulles de savon.bmp [65978]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\Rosace bleue 16.bmp [1272]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\Tasse à café.bmp [17062]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 14/03/2015 - 00:41:57 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Granit vert.bmp [26582]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Jour de pêche.bmp [17336]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Mur de Santa Fe.bmp [65832]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Plume.bmp [16730]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Rivière Sumida.bmp [26680]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Vent de prairie.bmp [65954]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 14/03/2015 - 00:41:58 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 14/03/2015 - 00:42:13 ---A- . (...) -- C:\WINDOWS\system32\icrav03.rat [8798]
O44 - LFC:[MD5.1B26CF070C67085E0D529332C411DBC5] - 14/03/2015 - 00:42:14 ---A- . (...) -- C:\WINDOWS\system32\IE7Eula.rtf [74715]
O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 14/03/2015 - 00:42:17 ---A- . (...) -- C:\WINDOWS\system32\ticrf.rat [1988]
O44 - LFC:[MD5.F08F19FEAA26FB2DAC62E4AA4C44020C] - 14/03/2015 - 00:42:45 ---A- . (.Red Hat - Cygwin® POSIX Emulation DLL.) -- C:\WINDOWS\system32\cygwin1.dll [1872666]
O44 - LFC:[MD5.C54EB1E578EEF0552DB2480096C20877] - 14/03/2015 - 00:42:46 ---A- . (...) -- C:\WINDOWS\system32\cygwinb19.dll [394752]
O44 - LFC:[MD5.80E41408F6D641DC1C0F5353A0CC8125] - 14/03/2015 - 00:42:46 ---A- . (.Pas de propriétaire - zlib data compression library.) -- C:\WINDOWS\system32\zlib1.dll [59904]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 14/03/2015 - 00:43:23 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 14/03/2015 - 00:43:23 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.C65A8ECD17D7ED3285725AEB830359E1] - 14/03/2015 - 00:43:33 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21892]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 14/03/2015 - 00:45:17 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 14/03/2015 - 00:45:17 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 14/03/2015 - 00:45:17 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [49102]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 14/03/2015 - 00:45:17 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [49102]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 14/03/2015 - 00:45:54 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 14/03/2015 - 00:45:59 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 14/03/2015 - 00:45:59 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.B7F72F381C7CD86C17C0467263CE7957] - 14/03/2015 - 00:46:53 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [138354]
O44 - LFC:[MD5.8FCEAD39F23D20A0B44DB0F60382468F] - 14/03/2015 - 00:46:58 ---A- . (...) -- C:\SilverlightMSI.log [193796]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 14/03/2015 - 00:46:59 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 14/03/2015 - 00:47:07 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 14/03/2015 - 00:47:09 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 14/03/2015 - 00:47:09 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.2A44570770236D602FF1C0B51B61FBA1] - 14/03/2015 - 00:47:14 ---A- . (...) -- C:\WINDOWS\win.ini [507]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 00:47:16 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 00:47:16 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 00:47:16 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 00:47:16 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 00:47:16 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.98E7B4DF71DAFA6FF0082BC02DDEFF4B] - 14/03/2015 - 00:55:00 ---A- . (.Pas de propriétaire - Commandline Window Utility for NT4/2000/XP.) -- C:\WINDOWS\system32\cmdow.exe [58880]
O44 - LFC:[MD5.EAE5EB875C386D7BEFAB2CED29B30A80] - 14/03/2015 - 00:55:23 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [1376]
O44 - LFC:[MD5.1748F3900995967DC9CEC055B077B865] - 14/03/2015 - 01:00:09 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.6.0_06-b02.log [6508]
O44 - LFC:[MD5.79A1F65754F54B2ECD73326798129F38] - 14/03/2015 - 01:01:46 ---A- . (...) -- C:\WINDOWS\system32\Cabarc.exe [142336]
O44 - LFC:[MD5.1648A08B47BABF1AFCB351F599FF750D] - 14/03/2015 - 01:01:46 ---A- . (...) -- C:\WINDOWS\system32\Cabtool.exe [49664]
O44 - LFC:[MD5.BE2CEA95259656D288DCD297B72C13D7] - 14/03/2015 - 01:01:46 ---A- . (...) -- C:\WINDOWS\system32\Cdimage.exe [406016]
O44 - LFC:[MD5.D3A1CA7AAF93529386C873D5946F4CC5] - 14/03/2015 - 01:01:49 ---A- . (.n7Epsilon - FileGather Handler.) -- C:\WINDOWS\system32\FGCBAHandler.exe [122880]
O44 - LFC:[MD5.1BEAF350F00AB2642A243514206F341F] - 14/03/2015 - 01:01:49 ---A- . (.n7Epsilon - FileGather.) -- C:\WINDOWS\system32\Fgcba.exe [151552]
O44 - LFC:[MD5.D9B2675CC85AEA7A4317C3623FC9F41A] - 14/03/2015 - 01:01:50 ---A- . (.Pas de propriétaire - Extract Windows Hotfix`s.) -- C:\WINDOWS\system32\HFExtract.exe [1152165]
O44 - LFC:[MD5.6132CBF0705227585B5D339D5F2C9BD3] - 14/03/2015 - 01:01:52 ---A- . (...) -- C:\WINDOWS\system32\MMM.dll [175616]
O44 - LFC:[MD5.461EAD991A5F6922D0C32D687845D4BD] - 14/03/2015 - 01:01:52 ---A- . (...) -- C:\WINDOWS\system32\MakeISO.cmd [1503]
O44 - LFC:[MD5.A758711B77DADF7B2C9A1BED7E48A006] - 14/03/2015 - 01:01:52 ---A- . (...) -- C:\WINDOWS\system32\Modifype.exe [39936]
O44 - LFC:[MD5.DBDA75CAE09BACEDDF6203379AF2A3E4] - 14/03/2015 - 01:01:52 ---A- . (.Lucersoft - LCISOCreator.) -- C:\WINDOWS\system32\LCISOCreator.exe [80896]
O44 - LFC:[MD5.9EBB704CFD9C4C55548ECA303A5E10BC] - 14/03/2015 - 01:01:54 ---A- . (...) -- C:\WINDOWS\system32\Reg2InfHandler.cmd [1373]
O44 - LFC:[MD5.D604F7BD9540155732B22ED8D8C98905] - 14/03/2015 - 01:01:54 ---A- . (...) -- C:\WINDOWS\system32\Replacer.cmd [18030]
O44 - LFC:[MD5.241377445067E4DF9C9FD8314E3A4806] - 14/03/2015 - 01:01:54 ---A- . (.n7Epsilon - Reg2Inf.) -- C:\WINDOWS\system32\Reg2inf.exe [94208]
O44 - LFC:[MD5.A601471368FD5E15A2212ADD3982004A] - 14/03/2015 - 01:01:55 ---A- . (.Pas de propriétaire - Upx Gui.) -- C:\WINDOWS\system32\Upxgui.exe [797465]
O44 - LFC:[MD5.D790D38D72408A383ABD20AA0A6B5212] - 14/03/2015 - 01:01:56 ---A- . (...) -- C:\WINDOWS\system32\Wc.com [1128]
O44 - LFC:[MD5.CE05C025433085B7E856E7214F7CE8B1] - 14/03/2015 - 01:01:56 ---A- . (...) -- C:\WINDOWS\system32\xpBoot.img [2048]
O44 - LFC:[MD5.5776322F93CDB91086111F5FFBFDA2A0] - 14/03/2015 - 01:04:36 ---A- . (.Pas de propriétaire - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\d347bus.sys [155136]
O44 - LFC:[MD5.B49F79ACE459763F4E0380071BE9CB45] - 14/03/2015 - 01:04:36 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\d347prt.sys [5248]
O44 - LFC:[MD5.2CE4E3B3FEAABE7ACE422FA29C11CDC3] - 14/03/2015 - 01:05:33 ---A- . (...) -- C:\WPI.log [12336]
O44 - LFC:[MD5.F3C139AD492C4F73353057442E6995CE] - 14/03/2015 - 01:06:42 ---A- . (...) -- C:\WINDOWS\system32\c_10021.nls [66082]
O44 - LFC:[MD5.72233F1A1D788A84D4687A258CC97CBF] - 14/03/2015 - 01:06:45 ---A- . (...) -- C:\WINDOWS\system32\c_10005.nls [66082]
O44 - LFC:[MD5.A99203A3397A9DB352C5D8DFBDA230A8] - 14/03/2015 - 01:06:45 ---A- . (...) -- C:\WINDOWS\system32\c_862.nls [66594]
O44 - LFC:[MD5.4D4C7CED88E5621F21A4911A44CADACC] - 14/03/2015 - 01:06:46 ---A- . (...) -- C:\WINDOWS\system32\C_28596.NLS [66082]
O44 - LFC:[MD5.1DBBCC1B712C2674BDF29A05A5DD366E] - 14/03/2015 - 01:06:46 ---A- . (...) -- C:\WINDOWS\system32\c_10004.nls [66082]
O44 - LFC:[MD5.77F127766D758EB2C6451E221A0C7F7D] - 14/03/2015 - 01:06:46 ---A- . (...) -- C:\WINDOWS\system32\c_708.nls [66082]
O44 - LFC:[MD5.C050215D8D21DF5658E94187973FB89C] - 14/03/2015 - 01:06:46 ---A- . (...) -- C:\WINDOWS\system32\c_720.nls [66594]
O44 - LFC:[MD5.C58563DF50115E935BC811FFBCE1FC89] - 14/03/2015 - 01:06:46 ---A- . (...) -- C:\WINDOWS\system32\c_864.nls [66594]
O44 - LFC:[MD5.157A2706E78D7B581642F6F787EC37E5] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_10001.nls [162850]
O44 - LFC:[MD5.AAB0740BCBDCE107E0BABEE466905EB4] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_20000.nls [180258]
O44 - LFC:[MD5.B2B3B6A63D9A1837673A2B2C44455A20] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_20290.nls [66082]
O44 - LFC:[MD5.3FEF4EEFC8827A03B19124575B17205E] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_20932.nls [180770]
O44 - LFC:[MD5.32919D0DA9A834E8197203C4858ABCF6] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_20936.nls [173602]
O44 - LFC:[MD5.232094E602642181A5A508975665D11B] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_20949.nls [177698]
O44 - LFC:[MD5.07CD5D103AEB4AD2B624EE1ADBFAA456] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\c_21027.nls [66082]
O44 - LFC:[MD5.09E420F90A329BDA68477FA4AF43CB28] - 14/03/2015 - 01:07:12 ---A- . (...) -- C:\WINDOWS\system32\xjis.nls [28288]
O44 - LFC:[MD5.A337491EA01F4BE0779A981CB7ACB999] - 14/03/2015 - 01:07:28 ---A- . (...) -- C:\WINDOWS\system32\c_1361.nls [189986]
O44 - LFC:[MD5.DB4F8D50EDA4C0C51BDD0753880FA20B] - 14/03/2015 - 01:07:28 ---A- . (...) -- C:\WINDOWS\system32\ksc.nls [47066]
O44 - LFC:[MD5.1855E6398A2E937E47809FD8B83647E4] - 14/03/2015 - 01:07:29 ---A- . (...) -- C:\WINDOWS\system32\c_10003.nls [177698]
O44 - LFC:[MD5.AAF2CFDFCEAE84151060465A4C4506DA] - 14/03/2015 - 01:07:36 ---A- . (...) -- C:\WINDOWS\system32\WINPY.MB [1783864]
O44 - LFC:[MD5.23C1E8F026FB81824388E8EC457CF75E] - 14/03/2015 - 01:07:36 ---A- . (...) -- C:\WINDOWS\system32\c_10008.nls [173602]
O44 - LFC:[MD5.54144F43EDF5AA8F504A30E7C1D1A7B5] - 14/03/2015 - 01:07:36 ---A- . (...) -- C:\WINDOWS\system32\prc.nls [83748]
O44 - LFC:[MD5.901863C68E6523336CAC602FE9320ABC] - 14/03/2015 - 01:07:36 ---A- . (...) -- C:\WINDOWS\system32\prcp.nls [83748]
O44 - LFC:[MD5.FBA8EDF2418C8754D7199B7DCAD9F159] - 14/03/2015 - 01:07:37 ---A- . (...) -- C:\WINDOWS\system32\WINSP.MB [1564868]
O44 - LFC:[MD5.5A651B76C819817A2B992F34C3A8BC8D] - 14/03/2015 - 01:07:37 ---A- . (...) -- C:\WINDOWS\system32\WINZM.MB [1223500]
O44 - LFC:[MD5.EA2A501A6EE240361FA42FBA90E93611] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAD.HLP [14821]
O44 - LFC:[MD5.6D62961C6936709C4FE55CE5F7BE4AC1] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\PINTLPAE.HLP [16254]
O44 - LFC:[MD5.6556B40EBEB0879DB90B7AC32B41379B] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\a15.tbl [1460]
O44 - LFC:[MD5.9CF1E26D5CFC4747AF8BA76297353523] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\a234.tbl [44370]
O44 - LFC:[MD5.FF0ABF80940C1A6A9E0DB36EB431EB8E] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\acode.tbl [44370]
O44 - LFC:[MD5.C01B81BB10AD14DBC5C4ECD350638096] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\big5.nls [66728]
O44 - LFC:[MD5.EE1F60F8774D74BED8B13498F3FE737A] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.nls [82172]
O44 - LFC:[MD5.05C0B7F8FA403E6DA75671685A58A940] - 14/03/2015 - 01:07:39 ---A- . (...) -- C:\WINDOWS\system32\c_10002.nls [195618]
O44 - LFC:[MD5.217BC5677C19491A22846324300A363C] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\arphr.tbl [110566]
O44 - LFC:[MD5.BB30616600212D6EA337441AAC516F22] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\arptr.tbl [16312]
O44 - LFC:[MD5.2D37D46049C16DEDCF89BF76EC734877] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\array30.tab [146126]
O44 - LFC:[MD5.1924C588038F922AAB8CB66DF42EA4D6] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\arrayhw.tab [18600]
O44 - LFC:[MD5.2511B0F32128156F4C7F9F1164D5A108] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\dayiphr.tbl [520]
O44 - LFC:[MD5.F649C69497F99AA0E87EE81A1E140D0A] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\dayiptr.tbl [700]
O44 - LFC:[MD5.531FE5A2634D87A078017259F21D9736] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\lcphrase.tbl [211938]
O44 - LFC:[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\lcptr.tbl [24114]
O44 - LFC:[MD5.805EE17EB45B370D75BD8DE1986EE0D5] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\msdayi.tbl [116285]
O44 - LFC:[MD5.87027AC38E50D8185F83F27F92C41330] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\phon.tbl [4071]
O44 - LFC:[MD5.84E0FC05489B2E05B1F7CD41B3E7FD3B] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\phoncode.tbl [43242]
O44 - LFC:[MD5.1C47CF06E760E1865C9AAF04710D517C] - 14/03/2015 - 01:07:40 ---A- . (...) -- C:\WINDOWS\system32\phonptr.tbl [2714]
O44 - LFC:[MD5.C04D36BBEF5B9BAA8D8DA0B57F22BE20] - 14/03/2015 - 01:07:46 ---A- . (...) -- C:\WINDOWS\system32\noise.jpn [2060]
O44 - LFC:[MD5.55DCED5F0946C03E70B255A3AFC932B1] - 14/03/2015 - 01:07:47 ---A- . (...) -- C:\WINDOWS\system32\korwbrkr.lex [1158818]
O44 - LFC:[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - 14/03/2015 - 01:07:47 ---A- . (...) -- C:\WINDOWS\system32\noise.kor [1486]
O44 - LFC:[MD5.95123464EEBF34BFE8725542C6E384EA] - 14/03/2015 - 01:28:06 ---A- . (...) -- C:\WINDOWS\system32\igxpxa32.cpa [524850]
O44 - LFC:[MD5.1037CD764D18B8E6D05CE006A771F9E9] - 14/03/2015 - 01:28:26 ---A- . (...) -- C:\WINDOWS\system32\igxpxa32.vp [929]
O44 - LFC:[MD5.765CB03717D62E6F7C9F0D42D6420BE3] - 14/03/2015 - 01:28:26 ---A- . (...) -- C:\WINDOWS\system32\igxpxk32.vp [58704]
O44 - LFC:[MD5.4F61B041FB6D605845E834BD4EAF0E00] - 14/03/2015 - 01:28:26 ---A- . (...) -- C:\WINDOWS\system32\igxpxs32.vp [24736]
O44 - LFC:[MD5.CA766F99CF167151BAD175EAC06CF4F3] - 14/03/2015 - 01:32:25 ---A- . (.Sensaura Ltd - Audio3D.) -- C:\WINDOWS\system32\a3d.dll [720896]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 14/03/2015 - 01:35:36 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [3072]
O44 - LFC:[MD5.64C48F73F0150A85EC5A939BDFE961CB] - 14/03/2015 - 01:35:36 ---A- . (...) -- C:\WINDOWS\NOTEPAD.EXE [64000]
O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 14/03/2015 - 01:35:36 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1896]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 14/03/2015 - 01:35:40 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 14/03/2015 - 01:35:41 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 14/03/2015 - 01:35:41 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 14/03/2015 - 01:35:41 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 14/03/2015 - 01:35:41 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 14/03/2015 - 01:35:44 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 14/03/2015 - 01:35:44 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 14/03/2015 - 01:35:44 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 14/03/2015 - 01:35:45 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 14/03/2015 - 01:35:45 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 14/03/2015 - 01:35:45 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 14/03/2015 - 01:35:45 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 14/03/2015 - 01:35:45 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 14/03/2015 - 01:35:46 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 14/03/2015 - 01:35:46 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 14/03/2015 - 01:35:46 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 14/03/2015 - 01:35:48 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 14/03/2015 - 01:35:48 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 14/03/2015 - 01:35:48 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 14/03/2015 - 01:35:49 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.33D279B4701D06EEF165092E838D203B] - 14/03/2015 - 01:36:00 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/03/2015 - 01:40:37 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.F22AEF617A60AD00CEDDE893924C4A2E] - 14/03/2015 - 16:09:15 ---A- . (...) -- C:\WINDOWS\system.ini [268]
O44 - LFC:[MD5.CF393D01A0ED8117F769312810A8BDEA] - 14/03/2015 - 16:09:56 ----- . (...) -- C:\gnge.exe [103140]
O44 - LFC:[MD5.74A044FC3A2C0B8A1F2B8EA480CC8A1D] - 14/03/2015 - 16:09:56 RSH-- . (...) -- C:\autorun.inf [346]
O44 - LFC:[MD5.9F94A60A0D890EAD86607F7CAC89E3A4] - 14/03/2015 - 20:09:10 ---A- . (...) -- C:\WINDOWS\system32\pkdhky.exe [77312]
O44 - LFC:[MD5.6BEC35CDA90002E9E4B40DCF6EE9A86E] - 14/03/2015 - 20:09:15 RSH-- . (...) -- C:\lpk.dll [278942]
O44 - LFC:[MD5.FD44FA80DA03EA144153A76DEBBB61B4] - 14/03/2015 - 23:06:15 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [35064]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 15/03/2015 - 22:29:05 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 16/03/2015 - 02:06:44 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69]
O44 - LFC:[MD5.82441BDE557CCD2664D740D88C6C8D9D] - 16/03/2015 - 15:11:03 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.59233A50FD38BEA868A76239570101E4] - 16/03/2015 - 15:45:30 ---A- . (...) -- C:\WINDOWS\wiadebug.log [411]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:02:54 ---A- . (...) -- C:\WINDOWS\system32\aaaaaa.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:02:54 ---A- . (...) -- C:\WINDOWS\system32\pchjco.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:02:56 ---A- . (...) -- C:\WINDOWS\system32\iickie.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:02:59 ---A- . (...) -- C:\WINDOWS\system32\rebfec.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:02:59 ---A- . (...) -- C:\WINDOWS\system32\vipxie.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:03:01 ---A- . (...) -- C:\WINDOWS\system32\eeosec.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:03:01 ---A- . (...) -- C:\WINDOWS\system32\ssyqsw.exe [77312]
O44 - LFC:[MD5.F94B974CA7FBB90ABC0724452C36D115] - 17/03/2015 - 09:03:08 RSH-- . (...) -- C:\WINDOWS\lpk.dll [87040]
O44 - LFC:[MD5.8D2D6715DD5A84FF72FC637128BE02CB] - 17/03/2015 - 09:32:24 ---A- . (...) -- C:\WINDOWS\system32\mmm.exe [1031680]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:07 ---A- . (...) -- C:\WINDOWS\system32\qqeuqi.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:08 ---A- . (...) -- C:\WINDOWS\system32\yygeym.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:09 ---A- . (...) -- C:\WINDOWS\system32\wwmiwy.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:11 ---A- . (...) -- C:\WINDOWS\system32\hufzuk.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:14 ---A- . (...) -- C:\WINDOWS\system32\boxlou.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\ccuwco.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\fsldsw.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\jwzvwy.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\mmqcmg.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\nannaa.exe [77312]
O44 - LFC:[MD5.24D5F08C81FA4EE779C338A74465C8CE] - 17/03/2015 - 09:39:15 ---A- . (...) -- C:\WINDOWS\system32\uusmuk.exe [77312]
~ Files: 678 Legitimates Filtered in 00mn 18s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\mmm.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\mmm.exe
O47 - AAKE:Key Export SP - "I:\Nouveau dossier\RogueKiller.exe" [Enabled] .(.Pas de propriétaire.) -- I:\Nouveau dossier\RogueKiller.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Unlocker\UnlockerAssistant.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O47 - AAKE:Key Export SP - "C:\Program Files\WinMover\WinMover.exe" [Enabled] .(.Andreas Eliasson (EliasAE).) -- C:\Program Files\WinMover\WinMover.exe
~ Keys Export: 18 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
~ MWPS: 8 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInternetIcon"=0
~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:02/01/1601 - 23:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\36A31510.sys [22472]
O58 - SDL:25/06/2008 - 18:30:13 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/08/2004 - 16:31:10 ---A- . (.Pas de propriétaire - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\d347bus.sys [155136]
O58 - SDL:22/08/2004 - 16:31:48 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\d347prt.sys [5248]
O58 - SDL:09/08/2007 - 04:13:04 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\WINDOWS\system32\Drivers\ewdcsc.sys [24448]
O58 - SDL:25/06/2008 - 18:30:19 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:28/11/2013 - 01:24:18 ---A- . (.Tonec Inc. - Internet Download Manager TDI Driver.) -- C:\WINDOWS\system32\Drivers\idmtdi.sys [121184]
O58 - SDL:25/06/2008 - 18:30:52 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:15/08/2006 - 16:48:22 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\WINDOWS\system32\Drivers\smsens.sys [3744]
O58 - SDL:15/08/2006 - 16:48:24 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\WINDOWS\system32\Drivers\smwdm.sys [578304]
O58 - SDL:14/03/2015 - 23:06:15 ---A- . (...) -- C:\WINDOWS\system32\Drivers\TrueSight.sys [35064]
O58 - SDL:25/06/2008 - 18:30:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:25/06/2008 - 18:29:54 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:25/06/2008 - 18:30:01 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:25/06/2008 - 18:30:20 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:25/06/2008 - 18:30:25 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:25/06/2008 - 18:30:25 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:25/06/2008 - 18:30:46 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:25/06/2008 - 18:30:47 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 42 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 13/10/1745 - C:\WINDOWS\system32\drivers\epkmtt.sys (amsint32) .(...) - LEGACY_AMSINT32
~ Legacy: 105 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {5A171114-24D8-435B-8A2C-D28AC20D125C} - (Wikipedia) - http://en.wikipedia.org
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {91821537-42FB-4108-AF1C-851E2C002716} - (Yahoo!) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {E50C76D9-48D9-4941-9327-A3498F3B0E84} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {5A171114-24D8-435B-8A2C-D28AC20D125C} - (Wikipedia) - http://en.wikipedia.org
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {91821537-42FB-4108-AF1C-851E2C002716} - (Yahoo!) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {E50C76D9-48D9-4941-9327-A3498F3B0E84} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {5A171114-24D8-435B-8A2C-D28AC20D125C} - (Wikipedia) - http://en.wikipedia.org
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {91821537-42FB-4108-AF1C-851E2C002716} - (Yahoo!) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {E50C76D9-48D9-4941-9327-A3498F3B0E84} [DefaultScope] - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {5A171114-24D8-435B-8A2C-D28AC20D125C} - (Wikipedia) - http://en.wikipedia.org
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {91821537-42FB-4108-AF1C-851E2C002716} - (Yahoo!) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {E50C76D9-48D9-4941-9327-A3498F3B0E84} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.23970D86B4D250ECA6563D6699E4E7CC] [SPRF][17/03/2015] (...) -- C:\Documents and Settings\Administrateur\Bureau\jfrnlmf4.exe [163910440]
[MD5.638BFE8237964C16FC7593B7C10B2345] [SPRF][16/03/2015] (...) -- C:\Documents and Settings\Administrateur\Bureau\lpk.dll [470360]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Administrateur at 17/03/2015 10:02:13
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81E51C70]<<
1 nt!IofCallDriver[0x804E37C5] >> \Device\Harddisk0\DR0[0x81E2C240]
\Driver\atapi[0x81ECF5B8] >> IRP_MJ_CREATE >> 0x81E51C70
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi >> 0x81e51c70
user & kernel MBR OK
Warning: possible MBR rootkit infection !
~ MBR: 18 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 17/03/2015 10:02:15
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:22/08/2004 - 16:31:10 ---A- . (.Pas de propriétaire - PnP BIOS Extension.) -- C:\WINDOWS\system32\Drivers\d347bus.sys [155136]
O58 - SDL:22/08/2004 - 16:31:48 ---A- . (.Pas de propriétaire - SCSI miniport.) -- C:\WINDOWS\system32\Drivers\d347prt.sys [5248]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13008 - (12/03/2015)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc}] =>Spyware.AdaEbook
~ Additionnel Scan: 106993 Items scanned in 00mn 24s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/ =>.Image File Execution Options (IFEO) (O50)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
http://www.nicolascoolman.fr/blog/ =>Spyware.AdaEbook
~ MSI: 1 link(s) detected in 00mn 00s



~ 1370 Legitimates filtered by white list
End of the scan (612 lines in 02mn 03s)(0.4)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !