Doriarella
Participant
Nombre d'articles : 83

Hello ! :hello:

Comme d’habitude, je n’arrive pas à héberger un document sur SosUpload, alors je colle le rapport ici:

Pourras-tu me dire ce qu’il en est ?
Merci

~ Rapport de ZHPDiag v2013.11.6.9 – Nicolas Coolman (06/11/2013)
~ Lancé par Alice (06/11/2013 17:24:07)
~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 24.0

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système
CCleaner v4.06 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: x86 Family 15 Model 72 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 894 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 22 GB (49%) free of 44 GB

—\ Mode de connexion au système
~ Computer Name: ACER-3FAFADAADF
~ User Name: Alice
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Alice, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingsAliceApplication DataZHP
~ %AppData% : C:Documents and SettingsAliceApplication Data
~ %Desktop% : C:Documents and SettingsAliceBureau
~ %Favorites% : C:Documents and SettingsAliceFavoris
~ %LocalAppData% : C:Documents and SettingsAliceLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsAliceMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 22 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 44 Go of 44 Go)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 19:34:04.) — C:WINDOWSExplorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] – (.Microsoft Corporation – Internet Extensions for Win32.) (.23/09/2013 – 19:23:34.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 19:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 11:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 12:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 11:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 18:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 09:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 19:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 11:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 11:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:32.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 12:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 12:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 19:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 12:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 11:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 18:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 18:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/11
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/28
~ Mes Documents (My Documents) : 3/1262
~ Mon Bureau (My Desktop) : 0/20
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.B2906F9E62A6AC6AD7F5F35DE9656098] – (.ATI Technologies Inc. – ATI External Event Utility EXE Module.) — C:WINDOWSsystem32Ati2evxx.exe [401408] [PID.988]
[MD5.4BE7EC02133544CDE7A580875E130208] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1540]
[MD5.9C69E6A25F5500501B14AF43311F8D8B] – (.Microsoft Corporation – Media Center Tray Applet.) — C:WINDOWSehomeehtray.exe [64512] [PID.468]
[MD5.33F7659872C1C2CE295FBD1754B63957] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [16248320] [PID.536]
[MD5.3B743D7A1B3C2162D475D4E34E5C6070] – (.Pas de propriétaire – Acer ePower Management DMC.) — C:AcerEmpowering TechnologyePowerePower_DMC.exe [421888] [PID.608]
[MD5.59307A84CACE50B66089DBD5F74EA17A] – (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [761946] [PID.712]
[MD5.3FD55016CA34850ED208F1A0D3FFD2DE] – (.Dritek System Inc. – Acer Launch Manager Keyboard Application.) — C:Program FilesLaunch ManagerLManager.exe [602112] [PID.720]
[MD5.C67E00C1DCA52FB369DC54E9EE653D47] – (.Acer Inc. – eRecovery agent.) — C:AcerEmpowering TechnologyeRecoveryeRAgent.exe [413696] [PID.724]
[MD5.7C0704D4523BA671AFE6D028399942D3] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3567800] [PID.832]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:WINDOWSeHomeehmsas.exe [46592] [PID.1176]
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] – (.ATI Technologies Inc. – CLI Application (Command Line Interface).) — C:Program FilesATI TechnologiesATI.ACECLI.exe [45056] [PID.1192]
[MD5.72292AE254AD01236143E750D8952D03] – (.Adobe Systems Incorporated – Adobe Photo Downloader 3.0 component.) — C:Program FilesAdobePhotoshop Elements 5.0apdproxy.exe [67752] [PID.1196]
[MD5.BF360421753C23D2DF870908276E336F] – (.PANTERASoft – Pas de description.) — C:Program FilesHDD Healthhddhealth.exe [1692672] [PID.1164]
[MD5.CC5CB8DC9144F3D3F86BC9FEA6843EAA] – (.Acer Inc. – Acer Empowering Techonology Framework Launc.) — C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe [45056] [PID.1424]
[MD5.3CAABC2D0F87413EB1E0C7E0B3245E67] – (.Acer Inc. – Pas de description.) — C:AcerEmpowering TechnologyePerformanceMemCheck.exe [28672] [PID.2112]
[MD5.63AB43534CBF5D7F3EB81DFDC8161490] – (…) — C:Program FilesAdobePhotoshop Elements 5.0PhotoshopElementsFileAgent.exe [108712] [PID.2268]
[MD5.D039A0C347632622934906BD59A4E1EA] – (.Microsoft Corporation – Media Center Receiver Service.) — C:WINDOWSeHomeehRecvr.exe [237568] [PID.2336]
[MD5.980EEEA91776357518892C5544768E2B] – (.Microsoft Corporation – Service de planification Media Center.) — C:WINDOWSeHomeehSched.exe [103424] [PID.2376]
[MD5.AB8134127F786C9603817B5318DCEEAA] – (.Hewlett-Packard Company – Pas de description.) — C:Program FilesFichiers communsLightScribeLSSrvc.exe [73728] [PID.2512]
[MD5.52404CC76E9D53843BDF97564BB16BED] – (.Microsoft Corporation – MCRD Device Service.) — C:WINDOWSehomemcrdsvc.exe [99328] [PID.3348]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] – (.Microsoft Corporation – COM Surrogate.) — C:WINDOWSsystem32dllhost.exe [5120] [PID.1380]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.3024]
[MD5.E85885654C2E05ED6EEF9DDE0E4880C4] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8179712] [PID.1452]
~ Processes Running: Scanned in 00mn 01s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL « sysdm.cpl »
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
O4 – GSProgram [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
O4 – GSProgram [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Alice]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
O4 – GSProgram [Alice]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
O4 – GSProgram [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
~ Global Startup: 17 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSProgram [AllUsers]: Acer Empowering Technology.lnk . (.Acer Inc. – Acer Empowering Techonology Framework Launc.) — C:AcerEmpowering TechnologyAcer.Empowering.Framework.Launcher.exe
O4 – HKLM..Run: [ehTray] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WINDOWSehomeehtray.exe
O4 – HKLM..Run: [LaunchApp] Clé orpheline
O4 – HKLM..Run: [AzMixerSel] . (.Realtek Semiconductor Corp. – Azalia Mixer Selector.) — C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 – HKLM..Run: [ntiMUI] . (…) — C:Program FilesNewTech InfosystemsNTI CD & DVD-Maker 7ntiMUI.exe
O4 – HKLM..Run: [Acer ePresentation HPD] . (.Pas de propriétaire – AcerePre Application.) — C:AcerEmpowering TechnologyePresentationePresentation.exe
O4 – HKLM..Run: [IMJPMIG8.1] . (.Microsoft Corporation – Microsoft IME.) — C:WINDOWSIMEimjp8_1IMJPMIG.exe
O4 – HKLM..Run: [MSPY2002] . (…) — C:WINDOWSsystem32IMEPINTLGNTImScInst.exe
O4 – HKLM..Run: [PHIME2002ASync] . (.Microsoft Corporation – 微軟新注音輸入法 2002a.) — C:WINDOWSsystem32IMETINTLGNTTINTSETP.exe
O4 – HKLM..Run: [PHIME2002A] . (.Microsoft Corporation – 微軟新注音輸入法 2002a.) — C:WINDOWSsystem32IMETINTLGNTTINTSETP.exe
O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [SkyTel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:WINDOWSSkyTel.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [Alcmtr] . (.Realtek Semiconductor Corp. – Realtek Azalia Audio – Event Monitor.) — C:WINDOWSALCMTR.exe
O4 – HKLM..Run: [ePower_DMC] . (.Pas de propriétaire – Acer ePower Management DMC.) — C:AcerEmpowering TechnologyePowerePower_DMC.exe
O4 – HKLM..Run: [Boot] . (…) — C:AcerEmpowering TechnologyePowerBoot.exe
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [LManager] . (.Dritek System Inc. – Acer Launch Manager Keyboard Application.) — C:Program FilesLaunch ManagerLManager.exe
O4 – HKLM..Run: [ATICCC] . (…) — C:Program FilesATI TechnologiesATI.ACECLIStart.exe
O4 – HKLM..Run: [eRecoveryService] . (.Acer Inc. – eRecovery agent.) — C:AcerEmpowering TechnologyeRecoveryeRAgent.exe
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [Adobe Photo Downloader] . (.Adobe Systems Incorporated – Adobe Photo Downloader 3.0 component.) — C:Program FilesAdobePhotoshop Elements 5.0apdproxy.exe
O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [hddhealth] . (.PANTERASoft – Pas de description.) — C:Program FilesHDD Healthhddhealth.exe
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-21-1062846636-3381622424-3916878105-1005..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-1062846636-3381622424-3916878105-1005..Run: [hddhealth] . (.PANTERASoft – Pas de description.) — C:Program FilesHDD Healthhddhealth.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1383461437265 » onclick= »window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{55B2BEAB-E656-45E8-BDCD-29766525C946}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{55B2BEAB-E656-45E8-BDCD-29766525C946}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS2ServicesTcpip..{55B2BEAB-E656-45E8-BDCD-29766525C946}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. – ATI External Event Utility DLL Module.) — C:WINDOWSsystem32Ati2evxx.dll
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: LightScribeService Direct Disc Labeling (LightScribeService) . (.Hewlett-Packard Company – Pas de description.) – C:Program FilesFichiers communsLightScribeLSSrvc.exe
~ Services: 5 Legitimates Filtered in 00mn 06s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:WindowsWebWallpaperAcer.bmp
O24 – Desktop General: WallPaper – .(…) – C:WindowsWebWallpaperAcer.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareTEXTware A/S]
~ Key Software: 136 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 03/11/2013 – 05:06:16 – [3,228] —-D C:Program FilesTEXTware
~ Program Folder: 92 Legitimates Filtered in 00mn 24s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.08C92ACC6CD2957193C14B20153A5694] – 02/11/2013 – 04:56:12 —A- . (…) — C:WINDOWSREGLOCS.OLD [8192]
O44 – LFC:[MD5.910AD09C6CD3945F57513A412ED593E3] – 02/11/2013 – 04:57:30 —A- . (…) — C:WINDOWSregopt.log [4278]
O44 – LFC:[MD5.4B718D109217E78FA6781A64B56D932C] – 02/11/2013 – 05:01:16 —A- . (…) — C:WINDOWSsystem32$winnt$.inf [37441]
O44 – LFC:[MD5.A60423F0F71BAE47B9AFB9680F917B33] – 02/11/2013 – 05:03:52 —A- . (…) — C:RHDSetup.log [559]
O44 – LFC:[MD5.761025703D26ADD607B7CABA62E9EA27] – 02/11/2013 – 05:08:42 —A- . (…) — C:WINDOWSSynInst.log [615]
O44 – LFC:[MD5.7171E197044E987B1094F4E98021720F] – 02/11/2013 – 05:09:46 —A- . (…) — C:WINDOWSLManager.UNI [83]
O44 – LFC:[MD5.C1EDCC75FF20871AC6B1CB8D7AD082E9] – 02/11/2013 – 05:22:20 —A- . (…) — C:WINDOWSsystem32Acer EULA.txt [7549]
O44 – LFC:[MD5.FF4CBFD9DC16A3334D50EC5DE7C65B6C] – 02/11/2013 – 05:22:20 —A- . (…) — C:WINDOWSsystem32ClearEvent.exe [16384]
O44 – LFC:[MD5.F0A3381C068FD9797D0508322A2C9E42] – 02/11/2013 – 05:22:20 —A- . (…) — C:WINDOWSsystem32setup.iss [552]
O44 – LFC:[MD5.70727E4147ABC5CF9BF8362FB4F4A911] – 02/11/2013 – 05:28:16 —A- . (…) — C:WINDOWSGridV.UNI [92]
O44 – LFC:[MD5.4E4743BF83581C88B20759EDFBB225EA] – 02/11/2013 – 05:28:28 —A- . (…) — C:WINDOWSALaunch.ini [81]
O44 – LFC:[MD5.C1EEC2F7ABE39469D03AE5C5C62D1FD0] – 02/11/2013 – 05:53:53 —A- . (…) — C:WINDOWSAntiV.EXE [589824]
O44 – LFC:[MD5.4E62F28838D07ADD88EE668FE75EE68D] – 02/11/2013 – 05:53:53 —A- . (…) — C:WINDOWSGVista.exe [633446]
O44 – LFC:[MD5.59A19AB5FDD804121737758DB90EBB8B] – 02/11/2013 – 05:53:54 —A- . (…) — C:WINDOWSAntiV.INI [2790]
O44 – LFC:[MD5.24BCB56893AD1C611912893BBF5244EF] – 02/11/2013 – 05:53:56 —A- . (…) — C:WINDOWSCLEANUP.CMD [991]
O44 – LFC:[MD5.76669A64D2E6E21C81B0EED2F12D600C] – 02/11/2013 – 05:53:57 —A- . (…) — C:WINDOWSEMEAPAGE.EXE [159821]
O44 – LFC:[MD5.C1026A45EE866826BD463C1FC91168ED] – 02/11/2013 – 05:53:58 —A- . (…) — C:WINDOWSEMEAPAGE.INI [84]
O44 – LFC:[MD5.F1CFD87B0891DBF3E012829B1758BFB0] – 02/11/2013 – 05:54:00 —A- . (…) — C:WINDOWSHotFix.bat [903]
O44 – LFC:[MD5.7A48DCAAC099D3924125EF4CE4607A76] – 02/11/2013 – 05:54:00 —A- . (…) — C:WINDOWSPatch.Log [16657]
O44 – LFC:[MD5.8737F6F4C8EC1E2A9EA5516F1B3AE1AD] – 02/11/2013 – 07:15:32 —A- . (…) — C:WINDOWS02899_.tmp [19569]
O44 – LFC:[MD5.0A2E3DF307E0B295FF14E0E756FAB9AC] – 02/11/2013 – 07:15:40 —A- . (…) — C:WINDOWSSEC109.PNF [2948]
O44 – LFC:[MD5.7794C3221F670DE270586A2CF6E68383] – 02/11/2013 – 07:16:30 RSHA- . (…) — C:ntldr [252240]
O44 – LFC:[MD5.905CB655E93D39C97E078A3C4C884F31] – 02/11/2013 – 07:16:42


. (…) — C:WINDOWSsystem32Driversnetwlan5.img [67866]
O44 – LFC:[MD5.8E59F9BE251C8AE32A1CEB068B3F96B1] – 02/11/2013 – 07:16:43


. (…) — C:WINDOWSsystem32Driversativmc20.cod [64352]
O44 – LFC:[MD5.3194C32E8A2403073B812183355E25C6] – 02/11/2013 – 07:16:43


. (…) — C:WINDOWSsystem32Driverscxthsfs2.cty [129045]
O44 – LFC:[MD5.62F241E3243F52E92A1484143F48C422] – 02/11/2013 – 07:20:20 —A- . (…) — C:WINDOWSsessmgr.setup.log [2998]
O44 – LFC:[MD5.9982BD2DB56B8809FA3141C0ECF4A26E] – 02/11/2013 – 07:20:30 —A- . (…) — C:WINDOWScmsetacl.log [373]
O44 – LFC:[MD5.798EB1108F231101964603A98497CA82] – 02/11/2013 – 07:22:58 —A- . (…) — C:WINDOWSSEC13FC.PNF [8840]
O44 – LFC:[MD5.77AC98DDE6E95E0F85A9C0FD5B1557FA] – 02/11/2013 – 07:23:20 —A- . (…) — C:WINDOWSsvcpack.log [492869]
O44 – LFC:[MD5.7ACE6A88A1E61F633E55FC70C42BF7FA] – 02/11/2013 – 07:25:14 —A- . (…) — C:WINDOWSsetuplog.txt [1153556]
O44 – LFC:[MD5.B3E766EE74207AABEECE1DBC77904598] – 02/11/2013 – 07:25:54 —A- . (…) — C:WINDOWSOEWABLog.txt [1523]
O44 – LFC:[MD5.7BEC5150D0625748BE764AD6683008D7] – 02/11/2013 – 07:27:18 —A- . (…) — C:WINDOWSspupdsvc.log.1.log [187]
O44 – LFC:[MD5.5C174F8108BAB900D3AB1DF1A29A58E5] – 02/11/2013 – 07:27:18 —A- . (…) — C:WINDOWSsystem32spupdwxp.log [90]
O44 – LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] – 02/11/2013 – 07:27:22 —A- . (…) — C:WINDOWSWMSysPr9.prx [316640]
O44 – LFC:[MD5.BBE90A6D033548E303EA630E7E2068D4] – 02/11/2013 – 07:27:26 —A- . (…) — C:WINDOWSDtcInstall.log [867]
O44 – LFC:[MD5.2C92E786665740F0534822A0B987634F] – 02/11/2013 – 07:31:32 —A- . (…) — C:WINDOWSie8.log [40637]
O44 – LFC:[MD5.7F1586BD471E706974611261E55583FA] – 02/11/2013 – 07:31:48 —A- . (…) — C:WINDOWSie8_main.log [30997]
O44 – LFC:[MD5.3D5DB644C736B0E5D0CF310D74A6B37E] – 02/11/2013 – 22:03:26 —A- . (…) — C:WINDOWSsystem32TZLog.log [6138]
O44 – LFC:[MD5.8EA4F03B89E2BF1526C50BD21C0ED4F5] – 02/11/2013 – 22:34:28 —A- . (…) — C:WINDOWSupdspapi.log [176614]
O44 – LFC:[MD5.82D4B9C1EC9A39F6E60C0ECBABDCD520] – 02/11/2013 – 22:34:34 —A- . (…) — C:WINDOWSimsins.BAK [1374]
O44 – LFC:[MD5.488E3F76380A8A6D224E1DA709FE41EB] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSFaxSetup.log [974979]
O44 – LFC:[MD5.2D44EE8DFBB89AF33766C5741654F1D4] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWScomsetup.log [331009]
O44 – LFC:[MD5.DB7380A90F06F1EF7BBB7885F0550E49] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSehOCGen.log [53837]
O44 – LFC:[MD5.E053827F10A3F6B7E08BB07D5B2DAB67] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSiis6.log [1064451]
O44 – LFC:[MD5.A6249B53075C7535D332707BAAAD2A6C] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSimsins.log [1374]
O44 – LFC:[MD5.A58480493328B9F5D07B377E4FFD3BBB] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSmsgsocm.log [47992]
O44 – LFC:[MD5.265927537C83BD999824F987757546A6] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSmsmqinst.log [302688]
O44 – LFC:[MD5.5709FC300CC5E4A1E5185F74B91BE766] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSnetfxocm.log [181205]
O44 – LFC:[MD5.9BF3B37F1AF92EFCF3CBC3F76BA159E0] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSntdtcsetup.log [197866]
O44 – LFC:[MD5.3B96E331F32333B33A853E357CDAF495] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSocgen.log [466269]
O44 – LFC:[MD5.6F05083635E33FCC477F21B9F1967FA3] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSocmsn.log [52688]
O44 – LFC:[MD5.8E2C065C5A0DFCE9BCB43BE9EA95FE9A] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWSplusoc.log [109403]
O44 – LFC:[MD5.6BFA8EA3166488EA513318835BF01255] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWStabletoc.log [49033]
O44 – LFC:[MD5.6FC6DEC6B3BFF39377268C6D7D256DF7] – 02/11/2013 – 22:34:50 —A- . (…) — C:WINDOWStsoc.log [442735]
O44 – LFC:[MD5.3D2EC12F700BB3CB09C16AC317E99AA1] – 02/11/2013 – 22:40:48 —A- . (…) — C:WINDOWSMedCtrOC.log [159023]
O44 – LFC:[MD5.0A7D2F75404D3821CD55DE5646ED0EA7] – 02/11/2013 – 22:40:52 —A- . (…) — C:WINDOWSmedblker.Log [3248]
O44 – LFC:[MD5.F8B1BE9CB339374633AF679721621A12] – 02/11/2013 – 23:13:10 —A- . (…) — C:WINDOWSspupdsvc.log [56073]
O44 – LFC:[MD5.BE5F8368C87DA4F261A1B69CF6276AD8] – 03/11/2013 – 05:06:19 —A- . (.TEXTware A/S – Illuminator Parser.) — C:WINDOWSsystem32Illprs.dll [199168]
O44 – LFC:[MD5.7D99A501FFF82838E48001EFB5485430] – 03/11/2013 – 05:06:20 —A- . (.TEXTware A/S – Illuminator Kernel.) — C:WINDOWSsystem32ILLKRN.DLL [160768]
O44 – LFC:[MD5.E4A5D2EB9F8B58A046FD59F42DDED463] – 03/11/2013 – 05:06:20 —A- . (.TEXTware A/S – Illuminator PlugIn.) — C:WINDOWSsystem32TWATBS.ILX [62464]
O44 – LFC:[MD5.D62AE0BC8EEF7D4FEEE4963E5118EB0A] – 03/11/2013 – 05:06:20 —A- . (.TEXTware A/S – Pas de description.) — C:WINDOWSsystem32ListBox.ILX [81920]
O44 – LFC:[MD5.F4F81FE11FE0A04ED2CCC1916769D01D] – 03/11/2013 – 05:06:21 —A- . (…) — C:WINDOWSsystem32ILXTBS.DLL [143360]
O44 – LFC:[MD5.9E8D8A2A068E01B6F54A822E4F756DE9] – 03/11/2013 – 05:06:23 —A- . (…) — C:WINDOWSsystem32PolyHot.ILX [47104]
O44 – LFC:[MD5.7B4686A01EEF3F571AEEDB9100719D88] – 03/11/2013 – 05:06:23 —A- . (.TEXTware A/S – HTML Viewer.) — C:WINDOWSsystem32HTML.ILX [434688]
O44 – LFC:[MD5.A784B3BFAF8C56B95BEFF8AC4D00E779] – 03/11/2013 – 05:06:23 —A- . (.TEXTware A/S – Illuminator MPegPlayer.) — C:WINDOWSsystem32MPegPlay.ILX [162304]
O44 – LFC:[MD5.F3605BECD45BF268A015389D918DAB52] – 03/11/2013 – 05:06:23 —A- . (.TEXTware A/S – Illuminator PlugIn.) — C:WINDOWSsystem32Textv.ILX [140288]
O44 – LFC:[MD5.466D8731BC5C4AD1C5628C80C2BCFB0A] – 03/11/2013 – 05:06:24 —A- . (…) — C:WINDOWSsystem32ASpell.ILX [305152]
O44 – LFC:[MD5.4FA2C0DC19266EFB344EFCEBC28EE760] – 03/11/2013 – 05:06:24 —A- . (…) — C:WINDOWSsystem32Bass.ILX [52224]
O44 – LFC:[MD5.4644D2C5DFAA0A10F4FA79911A2458BF] – 03/11/2013 – 05:06:24 —A- . (…) — C:WINDOWSsystem32WavRecpk4.bpl [17408]
O44 – LFC:[MD5.960C3FC5D1BE0D190D3F97B88A65C754] – 03/11/2013 – 05:06:24 —A- . (…) — C:WINDOWSsystem32bass.dll [99092]
O44 – LFC:[MD5.FF9F5C6E86452027F69675FD2F7E66B7] – 03/11/2013 – 05:06:24 —A- . (.TEXTware A/S – Pas de description.) — C:WINDOWSsystem32Whelp.ILX [36352]
O44 – LFC:[MD5.4AFD52E2BDA5BC49FD8B0E439069F086] – 03/11/2013 – 05:06:25 —A- . (…) — C:WINDOWSsystem32TWAIED02.DLL [18432]
O44 – LFC:[MD5.A1E49C7D9447614D79AA9F0FD4086EC5] – 03/11/2013 – 05:06:25 —A- . (…) — C:WINDOWSsystem32TWATBS32.VBX [114688]
O44 – LFC:[MD5.2BDC73513C3FE7B3EC5316AC476C79E4] – 03/11/2013 – 05:06:25 —A- . (…) — C:WINDOWSsystem32TWAVBX32.DLL [147456]
O44 – LFC:[MD5.C0EEB726654FF7D8A0F4500848A21BC1] – 03/11/2013 – 05:06:25 —A- . (…) — C:WINDOWSsystem32TwaBcu.ILX [28672]
O44 – LFC:[MD5.80C61F596F8689BFDDBAA72F457986A9] – 03/11/2013 – 05:06:25 —A- . (.Polar – Polar SpellChecker ActiveX Control Module.) — C:WINDOWSsystem32polspell.dll [70656]
O44 – LFC:[MD5.428168B1BD467884618C49C06A3D6A7D] – 03/11/2013 – 05:06:25 —A- . (.TEXTware A/S – TwaBcu01.) — C:WINDOWSsystem32TwaBcu01.dll [69632]
O44 – LFC:[MD5.CA44D04708FECD41F2465636D3965FAF] – 03/11/2013 – 05:06:26 —A- . (…) — C:WINDOWSsystem32QFClient.ILX [48128]
O44 – LFC:[MD5.2B17E36156517FC8B5673AB844B33680] – 03/11/2013 – 05:06:26 —A- . (…) — C:WINDOWSsystem32TWABTE32.TBM [258048]
O44 – LFC:[MD5.FFAA8EBDE18C937336E7D882CBACFC1A] – 03/11/2013 – 05:06:32 —A- . (…) — C:WINDOWSTEXTware.ini [63]
O44 – LFC:[MD5.597ECD1EC5F5B3E0212B3407651AD730] – 03/11/2013 – 05:36:38 —A- . (…) — C:WINDOWSODBCINST.INI [4205]
O44 – LFC:[MD5.E94129877F02F3833BBE01DFCBF23862] – 03/11/2013 – 05:37:08 —A- . (…) — C:WINDOWSwmsetup.log [22270]
O44 – LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] – 03/11/2013 – 06:39:48 —A- . (…) — C:WINDOWSwin.ini [477]
O44 – LFC:[MD5.D010D7D8481FACC0F7462810044280C9] – 05/11/2013 – 18:26:48 —A- . (…) — C:UsbFix [Scan 1] ACER-3FAFADAADF.txt [6736]
O44 – LFC:[MD5.BEF19ED7C4BE33FB4F6F2C659F30E152] – 05/11/2013 – 21:55:42 —A- . (…) — C:WINDOWSbitssetup.log [6070]
O44 – LFC:[MD5.B61BC1D2FB7EEB155A465EA6D4287B22] – 05/11/2013 – 21:59:52 —A- . (…) — C:WinUpdateFix.txt [1235]
O44 – LFC:[MD5.39D40ABF5BD862AF4DD9476F8719B2B2] – 06/11/2013 – 04:18:20 —A- . (…) — C:UsbFix [Scan 2] ACER-3FAFADAADF.txt [7152]
O44 – LFC:[MD5.FFA5E6611EAEF5B4BF4BEE213177AD49] – 06/11/2013 – 04:21:42 —A- . (…) — C:UsbFix [Scan 3] ACER-3FAFADAADF.txt [7116]
O44 – LFC:[MD5.574A57E4C71CB2D1DB2152206533B0AA] – 06/11/2013 – 09:32:14 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.0E622095E7F0728343893B90BEC5C621] – 06/11/2013 – 16:58:12 —A- . (…) — C:WINDOWSwiadebug.log [159]
O44 – LFC:[MD5.005CA4CA285AD846699D7CE5531C3F9A] – 06/11/2013 – 16:58:46 —A- . (…) — C:WINDOWSModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt [4122]
~ Files: 473 Legitimates Filtered in 00mn 12s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.FECBAAEE822E39A3F475208DA1B4ACB9] – 02/11/2013 – 22:40:54 —A- – C:WINDOWSPrefetchCASPOL.EXE-25914F74.pf
O45 – LFCP:[MD5.CC823FA64813F96CD6BDE36446538778] – 06/11/2013 – 04:21:22 —A- – C:WINDOWSPrefetchFSUM.COM-2DF99E5A.pf
O45 – LFCP:[MD5.8B81941CA934AA304003858A4038B6A8] – 06/11/2013 – 04:21:24 —A- – C:WINDOWSPrefetchGO.EXE-2DCC3FAB.pf
O45 – LFCP:[MD5.7A8B699FB8ECB05EA050044CF8CAC306] – 06/11/2013 – 09:22:28 —A- – C:WINDOWSPrefetchSETUPSNK.EXE-1B791D5E.pf
O45 – LFCP:[MD5.18E8A0875CAB8D3DAA7AFEB5E794E14A] – 06/11/2013 – 09:31:12 —A- – C:WINDOWSPrefetchWINUPDATEFIX.EXE-2CC8C1FC.pf
O45 – LFCP:[MD5.867EB96AAFC173C3ADEA4F456CAA865A] – 06/11/2013 – 16:59:06 —A- – C:WINDOWSPrefetchSCNODVIS.EXE-17E99A96.pf
O45 – LFCP:[MD5.6949E8D305A63B9CCACA33E3EB579F93] – 06/11/2013 – 17:09:46 —A- – C:WINDOWSPrefetchWPGLDFSH.SCR-1D645552.pf
O45 – LFCP:[MD5.65F83784458A7EB44026C893BF930081] – 06/11/2013 – 17:24:40 —A- – C:WINDOWSPrefetchINSTUP.EXE-2D344058.pf
~ Prefetcher: 73 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – « C:Program FilesAdobePhotoshop Elements 5.0AdobePhotoshopElementsMediaServer.exe » [Disabled] .(.Pas de propriétaire.) — C:Program FilesAdobePhotoshop Elements 5.0AdobePhotoshopElementsMediaServer.exe
~ Keys Export: 6 Legitimates Filtered in 00mn 00s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – « InstallVisualStyle »=1
O55 – MWPS:[HKLM…PoliciesSystem] – « InstallTheme »=1
~ MWPS: 7 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] – 10/08/2004 – 20:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 10/08/2004 – 20:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
~ Drivers: 7 Legitimates Filtered in 00mn 00s