tibo76
Participant
Nombre d'articles : 7

2eme rapport : rien

4 fichiers mis en quarantaine

3eme rapport :
~ Rapport de ZHPDiag v2014.5.24.73 – Nicolas Coolman (24/05/2014)
~ Lancé par T!bO (24/05/2014 10:57:32)
~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.114

—\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 2.0.2.1012
Panda ActiveScan 2.0 v01.03.02.0000
Panda ActiveScan 2.0 v01.03.02.0000

—\ Logiciels d’optimisation du système
CCleaner v3.18

—\ Logiciels de partage PeerToPeer
eMule
µTorrent v2.2.1 =>P2P.µTorrent

—\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 25

—\ Informations sur le système
~ Processor: x86 Family 15 Model 75 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (8%) free of 290 GB

—\ Mode de connexion au système
~ Computer Name: PackardBell
~ User Name: T!bO
~ All Users Names: Yo, T!bO, SUPPORT_388945a0, ROMANE, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingsT!bOApplication DataZHP
~ %AppData% : C:Documents and SettingsT!bOApplication Data
~ %Desktop% : C:Documents and SettingsT!bOBureau
~ %Favorites% : C:Documents and SettingsT!bOFavoris
~ %LocalAppData% : C:Documents and SettingsT!bOLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsT!bOMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 290 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 15 Go)
F: Hard drive, Flash drive, Thumb drive (Free 0 Go of 44 Go)
G: Hard drive, Flash drive, Thumb drive (Free 8 Go of 53 Go)
H: Hard drive, Flash drive, Thumb drive (Free 23 Go of 298 Go)
I: Floppy drive, Flash card reader, USB Key (Free 2 Go of 8 Go)
J: Floppy drive, Flash card reader, USB Key (Free 5 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 03:34:03.) — C:WINDOWSExplorer.exe [1037824]
[MD5.3405104CE3F9B8CDCF5F5A23EC26E681] – (.Microsoft Corporation – Internet Extensions for Win32.) (.16/04/2013 – 23:16:49.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 03:34:28.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 19:40:30.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 20:14:21.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 19:40:46.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 02:57:38.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 17:36:05.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 03:00:52.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 19:40:58.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 19:57:15.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 20:19:42.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 20:21:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 20:15:53.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 03:09:40.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 20:19:43.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 19:32:51.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.14/04/2008 – 02:57:34.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 02:56:04.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 4/17674
~ Mes musiques (My Musics) : 2/23
~ Mes Videos (My Videos) : 3/273
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 5/64001
~ Mon Bureau (My Desktop) : 1/13853
~ Menu demarrer (Programs) : 1/49
~ Hidden Files: Scanned in 02mn 13s

—\ Processus lancés
[MD5.CC42F104172B4A62793083D380867317] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1468]
[MD5.E13406F701A9B2A7513CD6798A40CECB] – (.America Online, Inc. – AOL Connectivity Service.) — C:Program FilesFichiers communsAOLACSAOLacsd.exe [1135728] [PID.2044]
[MD5.3A4982DF893F198A2DFBCCD4CE10F93A] – (.Apple, Inc. – Apple Mobile Device Service.) — C:Program FilesFichiers communsAppleMobile Device SupportbinAppleMobileDeviceService.exe [110592] [PID.128]
[MD5.5D1347AA5AE6E2F77D7F4F8372D95AC9] – (.Microsoft Corporation – Media Center Receiver Service.) — C:WINDOWSeHomeehRecvr.exe [237568] [PID.204]
[MD5.980EEEA91776357518892C5544768E2B] – (.Microsoft Corporation – Service de planification Media Center.) — C:WINDOWSeHomeehSched.exe [103424] [PID.244]
[MD5.9ECF00E19736054E019C532AED8228FC] – (.Oracle Corporation – Java Quick Starter Service.) — C:Program FilesJavajre7binjqs.exe [182184] [PID.448]
[MD5.AF661F9EAF65C024EE85AC531FDAD9FA] – (.Microsoft Corporation – MsCamSvc.exe.) — C:Program FilesMicrosoft LifeCamMSCamS32.exe [207664] [PID.564]
[MD5.C7FE8C39C91B8BF7044742E76B1BCADF] – (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 182.4.) — C:WINDOWSsystem32nvsvc32.exe [163908] [PID.672]
[MD5.053178FD2676D1A010E18303111BE157] – (.Softex Inc. – Softex OmniPass Service.) — C:AppsSoftexOmniPassOmniserv.exe [32768] [PID.132]
[MD5.9E0E4C777BF358B7863D22A8CA56B189] – (…) — C:Program FilesPackard BellSrvCDEject.exe [613376] [PID.1188]
[MD5.332D341D92B933600D41953B08360DFB] – (.Ulead Systems, Inc. – ULCDRSvr.) — C:Program FilesFichiers communsUlead SystemsDVDULCDRSvr.exe [49152] [PID.1768]
[MD5.B9FE1F943508953C0683AB7F1602E643] – (.Pas de propriétaire – USBDeviceService Module.) — C:Program FilesSonicDigitalMedia LE v7MyDVD LEUSBDeviceService.exe [90112] [PID.1780]
[MD5.BF847A3972CC6B5CE26E0EA742DD52D9] – (.WDC – WD Drive Manager Service.) — C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe [238592] [PID.1948]
[MD5.B5966F1DFF6E20576F3C8C2D93D129FD] – (.Pas de propriétaire – WD File Management Engine.) — C:Program FilesWestern DigitalWD SmartWareFront ParlorWDFMEWDFME.exe [1060864] [PID.1700]
[MD5.92F0088CA18BB08BB596EF2608256F8A] – (.Pas de propriétaire – WD Shadow Copy.) — C:Program FilesWestern DigitalWD SmartWareFront ParlorWDSC.exe [484352] [PID.2692]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] – (.X10 – X10 Module.) — C:Program FilesCommon FilesX10CommonX10nets.exe [20480] [PID.2752]
[MD5.52404CC76E9D53843BDF97564BB16BED] – (.Microsoft Corporation – MCRD Device Service.) — C:WINDOWSehomemcrdsvc.exe [99328] [PID.2780]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] – (.Microsoft Corporation – COM Surrogate.) — C:WINDOWSsystem32dllhost.exe [5120] [PID.3320]
[MD5.71340FC349E4C5A706A0DA4F75902E53] – (…) — C:AppsSoftexOmniPassOPXPApp.exe [14336] [PID.3376]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.3960]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1416]
[MD5.7E48B4958C131E9643DDCD2E7CA3FE9F] – (.Microsoft Corporation – Media Center Tray Applet.) — C:WINDOWSehomeehtray.exe [67584] [PID.3532]
[MD5.DAEFB050AC8FEE4F1097FCF7CB97220E] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:WINDOWSeHomeehmsas.exe [46592] [PID.3560]
[MD5.E1A55D3518D4CAB99C2CDAF38A27C7F0] – (.Realtek Semiconductor Corp. – Show specific icon for each card type.) — C:Program FilesRealtekCard Reader SoftwareDriveIconDriveIcon.exe [656896] [PID.3680]
[MD5.CFB19D0984C7FEBBFF1A68815BA6F82F] – (.Pas de propriétaire – Multimedia Keyboard Driver.) — C:WINDOWSmHotkey.exe [548864] [PID.2440]
[MD5.33F7659872C1C2CE295FBD1754B63957] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [16248320] [PID.2404]
[MD5.C9AF9154AD9ED64F80B34DEE3270DC94] – (.Pas de propriétaire – DetectorApp Module.) — C:Program FilesSonicDigitalMedia LE v7MyDVD LEDetectorApp.exe [102400] [PID.1132]
[MD5.64C4C17BF6A40FF1CD21205E6FD415B8] – (.ATI Technologies Inc. – CLI Application (Command Line Interface).) — c:Program FilesATI TechnologiesATI.ACECLI.exe [45056] [PID.1128]
[MD5.847C1F44B3ED472FDB6CC82C8ADF1987] – (.Pas de propriétaire – Softex OmniPass.) — C:AppsSoftexOmniPassscureapp.exe [1859584] [PID.2792]
[MD5.7BE9A5D93063FAB52F2BB27D4E4D8683] – (.Microsoft Corporation – Microsoft LifeCam VX6000 Device Application.) — C:WINDOWSvVX6000.exe [994096] [PID.3276]
[MD5.7BD9F0839E7F55DD66D3F9CE9C61D810] – (.Apple Inc. – iTunesHelper Module.) — C:Program FilesiTunesiTunesHelper.exe [267064] [PID.2416]
[MD5.93AD0B78C7357A05F50E594EC7C22300] – (…) — ystem32RUNDLL32.exe [0] [PID.3892]
[MD5.FA18468460906465C6A181904F5B706B] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastui.exe [3774312] [PID.3088]
[MD5.0524D4A3CF377BCDD6A379680AD3DC7D] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe [3521424] [PID.536]
[MD5.048EA4B978851788E9F5E8E4F081DF7A] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe [959904] [PID.3016]
[MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe [253816] [PID.2544]
[MD5.EA1F07ADCCC3C09E48AB5852DE7966DD] – (.ISSENDIS – OFFICE One PDF Manager v6.) — C:Program FilesOFFICE One6.5OFFICE One PDF ManagerOoPDFSettingsv6.exe [493568] [PID.1412]
[MD5.6B8F8210242F34680B998E4A30D7B96E] – (.Packard Bell BV – SmpSys.exe.) — C:APPSSMPSmpSys.exe [975360] [PID.3652]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] – (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe [1695232] [PID.1488]
[MD5.EE8D36F6723DBDAF4176003103257E43] – (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe [21392] [PID.2984]
[MD5.CC12353AD24ECF2FC74EC77078558A37] – (.PIXELA CORPORATION – Pas de description.) — C:Program FilesPIXELAImageMixer 3 SE for SDCameraMonitor.exe [253952] [PID.3044]
[MD5.B72AA4CBF4679DAE4F7DA61D47F92D84] – (.ISSENDIS – ISSENDIS.) — C:Program FilesOFFICE One6.5OFFICE One Notesoonotesv65.exe [559104] [PID.4376]
[MD5.F415C0541CD53C453E61E2D7375CAF8F] – (.Western Digital Technologies, Inc. – WD Drive Manager Status.) — C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMStatus.exe [3986944] [PID.4700]
[MD5.97BAD81620E9F115F86D79952C625916] – (.Apple Inc. – iPodService Module.) — C:Program FilesiPodbiniPodService.exe [503608] [PID.5052]
[MD5.8BA7C024070F2B7FDD98ED8A4BA41789] – (.Microsoft Corporation – PresentationFontCache.exe.) — C:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [46104] [PID.5820]
[MD5.0DA891CB0703D912CEAFA072F54D002B] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [275568] [PID.4408]
[MD5.A2CB714DCF8F0E134F2429AF673C7C08] – (.Oracle Corporation – Java(TM) Update Checker.) — C:Program FilesFichiers communsJavaJava Updatejucheck.exe [506744] [PID.4232]
[MD5.4FDF8F99557B275A3B5BF797761C7504] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7879168] [PID.4392]
[MD5.B40094D81DF18A5CBEBFE43F2578C048] – (.Microsoft Corporation – Windows Logon UI.) — C:WINDOWSsystem32logonui.exe [515584] [PID.5344]
~ Processes Running: Scanned in 00mn 03s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:Documents and SettingsT!bOLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences

—\ Liste des dossiers d’extension Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 01mn 06s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 – MFEP: prefs.js [T!bO – hg38zr5x.defaultfr@dictionaries.addons.mozilla.org] [] Dictionnaire français «Réforme 1990» v3.5 (..)
M2 – MFEP: prefs.js [T!bO – hg38zr5x.default{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v3.1.20081127W (..) =>Toolbar.Google
P2 – FPN:Firefox Plugin Navigator . (.LizardTech – DjVu Plug-In(external version 6.1.4.2013).) — C:Program FilesMozilla FirefoxPluginsnpdjvu.dll
~ Firefox Browser: 35 Legitimates Filtered in 00mn 01s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [IMJPMIG8.1] . (.Microsoft Corporation – Microsoft IME.) — C:WINDOWSIMEimjp8_1IMJPMIG.exe
O4 – HKLM..Run: [PHIME2002ASync] . (.Microsoft Corporation – 微軟新注音輸入法 2002a.) — C:WINDOWSsystem32IMETINTLGNTTINTSETP.exe
O4 – HKLM..Run: [PHIME2002A] . (.Microsoft Corporation – 微軟新注音輸入法 2002a.) — C:WINDOWSsystem32IMETINTLGNTTINTSETP.exe
O4 – HKLM..Run: [ehTray] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WINDOWSehomeehtray.exe
O4 – HKLM..Run: [DriveIcons] . (.Realtek Semiconductor Corp. – Show specific icon for each card type.) — C:Program FilesRealtekCard Reader SoftwareDriveIconDriveIcon.exe
O4 – HKLM..Run: [NECHotkey] . (.Pas de propriétaire – Multimedia Keyboard Driver.) — C:WINDOWSmHotkey.exe
O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [SkyTel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:WINDOWSSkyTel.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [ATICCC] . (…) — c:Program FilesATI TechnologiesATI.ACECLIStart.exe
O4 – HKLM..Run: [DetectorApp] . (.Pas de propriétaire – DetectorApp Module.) — C:Program FilesSonicDigitalMedia LE v7MyDVD LEDetectorApp.exe
O4 – HKLM..Run: [OmniPass] . (.Pas de propriétaire – Softex OmniPass.) — C:AppsSoftexOmniPassscureapp.exe
O4 – HKLM..Run: [EULA] . (.Fujitsu-Siemens – Pas de description.) — C:APPSPB_TBEULALauncher.exe
O4 – HKLM..Run: [Easy-PrintToolBox] . (.CANON INC. – BJPSMAIN.) — C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.exe
O4 – HKLM..Run: [VX6000] . (.Microsoft Corporation – Microsoft LifeCam VX6000 Device Application.) — C:WINDOWSvVX6000.exe
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
O4 – HKLM..Run: [LifeCam] . (.Microsoft Corporation – LifeExp.exe.) — C:Program FilesMicrosoft LifeCamLifeExp.exe
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper Module.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [NvCplDaemon] . (.NVIDIA Corporation – NVIDIA Display Properties Extension.) — C:WINDOWSsystem32NvCpl.dll =>.NVIDIA Corporation
O4 – HKLM..Run: [nwiz] . (…) — C:WINDOWSsystem32nwiz.exe
O4 – HKLM..Run: [NvMediaCenter] . (.NVIDIA Corporation – NVIDIA Media Center Library.) — C:WINDOWSsystem32NvMcTray.dll
O4 – HKLM..Run: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastui.exe
O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
O4 – HKLM..Run: [OoPDFSettingsv6.exe] . (.ISSENDIS – OFFICE One PDF Manager v6.) — C:Program FilesOFFICE One6.5OFFICE One PDF ManagerOoPDFSettingsv6.exe
O4 – HKCU..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:APPSSMPSmpSys.exe
O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
O4 – HKCU..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKiesHelper.exe
O4 – HKCU..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
O4 – HKUS.DEFAULT..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUS.DEFAULT..Run: [Picasa Media Detector] . (.Google Inc. – Picasa.) — C:Program FilesPicasa2PicasaMediaDetector.exe
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-18..Run: [Picasa Media Detector] . (.Google Inc. – Picasa.) — C:Program FilesPicasa2PicasaMediaDetector.exe
O4 – HKUSS-1-5-21-2914521527-1397475737-3786775641-1005..Run: [SmpcSys] . (.Packard Bell BV – SmpSys.exe.) — C:APPSSMPSmpSys.exe
O4 – HKUSS-1-5-21-2914521527-1397475737-3786775641-1005..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-2914521527-1397475737-3786775641-1005..Run: [MSMSGS] . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
O4 – HKUSS-1-5-21-2914521527-1397475737-3786775641-1005..Run: [KiesHelper] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKiesHelper.exe
O4 – HKUSS-1-5-21-2914521527-1397475737-3786775641-1005..Run: [KiesPDLR] . (.Pas de propriétaire – KiesPDLR.) — C:Program FilesSamsungKiesExternalFirmwareUpdateKiesPDLR.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} . (…) — C:Program FilesRealRealPlayereb_act.ico
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
O14 – IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
~ IE Paramètres WEB: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} ((no name)) – http://webscanner.kaspersky.fr/kavwebscan_unicode.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ((no name)) – http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{0936C226-212F-4E7B-80E0-26F43A4556A3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS1ServicesTcpip..{0936C226-212F-4E7B-80E0-26F43A4556A3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS3ServicesTcpip..{0936C226-212F-4E7B-80E0-26F43A4556A3}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. – ATI External Event Utility DLL Module.) — C:WINDOWSsystem32Ati2evxx.dll
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: OPXPGina . (…) — C:AppsSoftexOmniPassopxpgina.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 – SSODL: UPnPMonitor – {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation – Moniteur et dossier UPNP Tray.) — C:WINDOWSsystem32upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Apple Mobile Device (Apple Mobile Device) . (.Apple, Inc. – Apple Mobile Device Service.) – C:Program FilesFichiers communsAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 – Service: SrvCDEject (SrvCDEject) . (…) – C:Program FilesPackard BellSrvCDEject.exe
~ Services: 17 Legitimates Filtered in 00mn 06s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsT!bOLocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsT!bOLocal SettingsApplication DataMicrosoftWallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Bibble Pro – (…) [HKLM] — Bibble Pro
O42 – Logiciel: FreeUndelete – (…) [HKLM] — FreeUndelete
O42 – Logiciel: MotionWorks 2005 – (.Solid Dynamics.) [HKLM] — MotionWorks 2005
O42 – Logiciel: Schématrice – (.© N.R.J.L.2007.) [HKLM] — {3E6B7D2A-4907-4D61-95F4-4C89C1E4B0DD}_is1
O42 – Logiciel: Universal Monsters (TM) – Monsterville – (…) [HKLM] — {3EBFCC0F-FAD6-11D5-9E0F-00A0244BD83C}
~ Logic: 46 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAmyuni Technologies]
[HKCUSoftwareAtemi]
[HKCUSoftwareBibbleLabs]
[HKCUSoftwareDesignSource]
[HKCUSoftwareIncrediMail]
[HKCUSoftwareKazaa]
[HKCUSoftware로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLMSoftware1307]
[HKLMSoftwareAtemi]
[HKLMSoftwareMecaTools]
~ Key Software: 492 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 19/06/2007 – 19:22:47 – [] —-D C:Program FilesBibble Labs
O43 – CFD: 28/12/2006 – 19:06:05 – [] —-D C:Program FilesDIDACS2
O43 – CFD: 07/10/2008 – 22:13:04 – [] —-D C:Program FilesFreeUndelete
O43 – CFD: 16/04/2009 – 08:38:24 – [] —-D C:Program FilesMecaTools
O43 – CFD: 19/12/2008 – 18:30:49 – [] —-D C:Program Filespfs-studio-min
O43 – CFD: 08/04/2011 – 18:22:25 – [] —-D C:Program FilesSchématrice
O43 – CFD: 19/06/2007 – 19:22:36 – [] —-D C:Program FilesFichiers communsBibble Labs
O43 – CFD: 06/06/2009 – 23:35:57 – [] —-D C:Documents and SettingsAll UsersApplication DataIM
O43 – CFD: 06/06/2009 – 23:35:08 – [] —-D C:Documents and SettingsAll UsersApplication DataIncrediMail
O43 – CFD: 20/08/2009 – 16:02:48 – [] —-D C:Documents and SettingsT!bOApplication Databibble
O43 – CFD: 06/06/2009 – 23:37:35 – [] —-D C:Documents and SettingsT!bOLocal SettingsApplication DataIM
O43 – CFD: 07/10/2008 – 22:13:04 – [] —-D C:Documents and SettingsT!bOMenu DémarrerProgrammesFreeUndelete
O43 – CFD: 26/12/2006 – 21:26:23 – [] —-D C:Documents and SettingsT!bOMenu DémarrerProgrammesInternet & Sécurité
~ Program Folder: 254 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.315C1E1886541BC5735F3AFEBE1C1E36] – 19/05/2014 – 06:53:24 —A- . (…) — C:WINDOWSsystem32d3d9caps.dat [664]
O44 – LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] – 24/05/2014 – 09:11:43 —A- . (.SQLite Development Team – SQLite Dynamic Link Library (No TCL).) — C:WINDOWSsystem32sqlite3.dll [536576]
O44 – LFC:[MD5.8D501D8F464A92FD5F0B84C91D8FD743] – 24/05/2014 – 09:19:09 —A- . (…) — C:WINDOWSwiadebug.log [159]
O44 – LFC:[MD5.9CA627EA91F6693EC34BDC408E959D16] – 24/05/2014 – 09:19:10 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.2297829865107A14FC0BAACD060C11EE] – 24/05/2014 – 09:22:38 —A- . (…) — C:WINDOWSsystem32nvapps.xml [215269]
O44 – LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] – 24/05/2014 – 09:22:46 –HA- . (…) — C:WINDOWSQTFont.qfn [54156]
~ Files: 16 Legitimates Filtered in 00mn 09s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.BE10627EB70253CB0DFC6D93E3203FAA] – 22/05/2014 – 07:46:35 —A- – C:WINDOWSPrefetchUTORRENT.EXE-167CE28D.pf =>P2P.µTorrent
~ Prefetcher: 1 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – “C:Program FilesPackard BellSrvCDEject.exe” [Enabled] .(.Pas de propriétaire.) — C:Program FilesPackard BellSrvCDEject.exe
O47 – AAKE:Key Export SP – “C:Program FilesIncrediMailbinImApp.exe” [Enabled] .(…) — C:Program FilesIncrediMailbinImApp.exe (.not file.)
O47 – AAKE:Key Export SP – “C:Program FilesIncrediMailbinIncMail.exe” [Enabled] .(…) — C:Program FilesIncrediMailbinIncMail.exe (.not file.)
O47 – AAKE:Key Export SP – “C:Program FilesIncrediMailbinImpCnt.exe” [Enabled] .(…) — C:Program FilesIncrediMailbinImpCnt.exe (.not file.)
~ Keys Export: 33 Legitimates Filtered in 00mn 00s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “InstallVisualStyle”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “InstallTheme”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “HideLegacyLogonScripts”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “HideLogoffScripts”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “RunLogonScriptSync”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “RunStartupScriptSync”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “HideStartupScripts”=0
O55 – MWPS:[HKCU…PoliciesSystem] – “HideLegacyLogonScripts”=0
O55 – MWPS:[HKCU…PoliciesSystem] – “HideLogoffScripts”=0
O55 – MWPS:[HKCU…PoliciesSystem] – “HideStartupScripts”=0
O55 – MWPS:[HKCU…PoliciesSystem] – “RunLogonScriptSync”=1
O55 – MWPS:[HKCU…PoliciesSystem] – “RunStartupScriptSync”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:17/08/2001 – 21:52:00 —A- . (.Advanced System Products, Inc. – AdvanSys SCSI Controller Driver.) — C:WINDOWSsystem32Driversasc.sys [26496]
O58 – SDL:17/08/2001 – 21:51:58 —A- . (.Advanced System Products, Inc. – AdvanSys Ultra-Wide PCI SCSI Driver.) — C:WINDOWSsystem32Driversasc3550.sys [14848]
O58 – SDL:24/11/2006 – 05:37:58 —A- . (.Windows (R) 2000 DDK provider – TR Manager.) — C:WINDOWSsystem32Driversasctrm.sys [8552]
O58 – SDL:21/10/2013 – 16:48:52 —A- . (…) — C:WINDOWSsystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
O58 – SDL:28/12/2013 – 17:20:25 —A- . (…) — C:WINDOWSsystem32DriversaswVmm.sys [180248] =>.ALWIL Software
O58 – SDL:26/08/2005 – 15:20:10 —A- . (.Computer & Entertainment, Inc. – USB DTV Firmware Loader.) — C:WINDOWSsystem32DriversCEBDALDR.sys [16768]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
O58 – SDL:28/03/2012 – 21:11:02 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WINDOWSsystem32Driversdgderdrv.sys [20032]
O58 – SDL:13/04/2008 – 17:36:05 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
O58 – SDL:07/01/2005 – 17:07:16 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Function Driver v1.0a.) — C:WINDOWSsystem32DriversHdaudio.sys [145920]
O58 – SDL:17/08/2001 – 21:52:12 —A- . (.American Megatrends Inc. – MegaRAID RAID Controller Driver for Windows Whistler 32.) — C:WINDOWSsystem32Driversmraid35x.sys [17280]
O58 – SDL:03/08/2004 – 21:41:40 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversmtlmnt5.sys [126686]
O58 – SDL:03/08/2004 – 21:41:38 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversmtlstrm.sys [1309184]
O58 – SDL:03/08/2004 – 21:29:38 —A- . (.Matrox Graphics Inc. – Matrox Parhelia Miniport Driver.) — C:WINDOWSsystem32Driversmtxparhm.sys [452736]
O58 – SDL:03/08/2004 – 21:41:40 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversntmtlfax.sys [180360]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
O58 – SDL:03/08/2004 – 21:41:40 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversrecagent.sys [13776]
O58 – SDL:10/08/2005 – 13:44:04 —A- . (.Protection Technology – StarForce Protection Environment Driver.) — C:WINDOWSsystem32Driverssfdrv01.sys [50688]
O58 – SDL:16/05/2005 – 14:20:39 —A- . (.Protection Technology – StarForce Protection Helper Driver.) — C:WINDOWSsystem32Driverssfhlp02.sys [6656]
O58 – SDL:10/08/2005 – 15:06:28 —A- . (.Protection Technology – StarForce Protection Synchronization Driver.) — C:WINDOWSsystem32Driverssfsync02.sys [19968]
O58 – SDL:03/08/2004 – 21:41:42 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslnt7554.sys [129535]
O58 – SDL:03/08/2004 – 21:41:44 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslntamr.sys [404990]
O58 – SDL:03/08/2004 – 21:41:46 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslnthal.sys [95424]
O58 – SDL:03/08/2004 – 21:41:46 —A- . (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslwdmsup.sys [13240]
O58 – SDL:24/02/2012 – 10:14:42 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WINDOWSsystem32Driversssudbus.sys [80824]
O58 – SDL:24/02/2012 – 10:14:42 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WINDOWSsystem32Driversssudmdm.sys [181432]
O58 – SDL:02/02/2007 – 19:04:35 —A- . (…) — C:WINDOWSsystem32DriversStarOpen.sys [5632]
O58 – SDL:17/08/2001 – 22:07:34 —A- . (.Symbios Logic Inc. – Symbios Logic Inc. SCSI Miniport Driver.) — C:WINDOWSsystem32Driverssymc810.sys [16256]
O58 – SDL:17/08/2001 – 21:52:22 —A- . (.Promise Technology, Inc. – Gestionnaire de miniport ULTRA66 de Promise.) — C:WINDOWSsystem32Driversultra.sys [36736]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
O58 – SDL:10/01/2003 – 16:13:04 —A- . (.America Online, Inc. – Wan Miniport (ATW).) — C:WINDOWSsystem32Driverswanatw4.sys [33588]
O58 – SDL:28/11/2005 – 10:45:16 —A- . (.X10 Wireless Technology, Inc. – X10 HID Control Interface.) — C:WINDOWSsystem32Driversx10hid.sys [7040]
O58 – SDL:19/05/2005 – 15:52:58 —A- . (.X10 Wireless Technology, Inc. – X10 USB Control Interface.) — C:WINDOWSsystem32Driversx10ufx2.sys [17792]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
O58 – SDL:10/08/2004 – 14:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
~ Drivers: 137 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 24/05/2014 – 11:02:09 —A- . (…) — C:Documents and SettingsT!bOMes documentsTéléchargementsadwcleaner_3.210.exe [1326389]
~ 208 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 29 Legitimates Filtered in 00mn 33s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
O63 – Logiciel: ZHPFix 1.3 – (.Nicolas Coolman.) [HKLM] — ZHPFix_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 17/08/2001 – C:WINDOWSsystem32DRIVERSasc3550.sys (asc3550) .(.Advanced System Products, Inc. – AdvanSys Ultra-Wide PCI SCSI Driver.) – LEGACY_ASC3550
O64 – Services: CurCS – 17/08/2001 – C:WINDOWSsystem32DRIVERSsparrow.sys (Sparrow) .(.Adaptec, Inc. – Adaptec AIC-6×60 series SCSI miniport.) – LEGACY_SPARROW
O64 – Services: CurCS – 17/08/2001 – C:WINDOWSsystem32DRIVERSsymc8xx.sys (symc8xx) .(.LSI Logic – Symbios 8XX SCSI Miniport Driver.) – LEGACY_SYMC8XX
~ Legacy: 205 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesAOL9~1.0aol.exe (.not file.)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0ACFF8B9208623E18D9882C0C16997AC] [SPRF][13/10/2002] (…) — C:Documents and SettingsT!bOBureauConjugaison.exe [635392]
[MD5.19FD78AE00ABC37AFBF0233F52F711A6] [SPRF][30/09/2013] (.Flexera Software – InstallAnywhere Self-Extractor.) — C:Documents and SettingsT!bOBureauMagicDraw_1704_sp1_win.exe [420735197]
[MD5.1D8F574012ED76D559BCB3C4F378F565] [SPRF][16/11/2009] (…) — C:Documents and SettingsT!bOBureausetup-adsltv(2).exe [29351126]
[MD5.1D8F574012ED76D559BCB3C4F378F565] [SPRF][15/09/2009] (…) — C:Documents and SettingsT!bOBureausetup-adsltv.exe [29351126]
[MD5.2FD87EF45963E6860696F15A60741E30] [SPRF][16/04/2009] (.MecaTools – CorrecteurSoft Setup.) — C:Documents and SettingsT!bOBureausetup-correcteursoft.exe [1022021]
~ Files: 9 Legitimates Filtered in 00mn 09s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 18/07/2006 401408 | (Ati HotKey Poller) . (.ATI Technologies Inc..) – C:WINDOWSsystem32Ati2evxx.exe
SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SS – | Auto 03/05/2012 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 03/05/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 04/01/2007 136120 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamscheduler.exe
SS – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes Anti-Malwarembamservice.exe
SS – | Demand 23/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SR – | Auto 08/04/2004 1135728 | (AOL ACS) . (.America Online, Inc..) – C:Program FilesFichiers communsAOLACSAOLacsd.exe
SR – | Auto 06/09/2007 110592 | (Apple Mobile Device) . (.Apple, Inc..) – C:Program FilesFichiers communsAppleMobile Device SupportbinAppleMobileDeviceService.exe
SR – | Auto 07/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Demand 26/09/2007 503608 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 28/06/2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) – C:Program FilesJavajre7binjqs.exe
SR – | Auto 08/03/2009 163908 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
SR – | Auto 12/08/2005 32768 | (omniserv) . (.Softex Inc..) – C:AppsSoftexOmniPassOmniserv.exe
SR – | Auto 25/07/2006 613376 | (SrvCDEject) . (…) – C:Program FilesPackard BellSrvCDEject.exe
SR – | Auto 31/01/2005 49152 | (UleadBurningHelper) . (.Ulead Systems, Inc..) – C:Program FilesFichiers communsUlead SystemsDVDULCDRSvr.exe
SR – | Auto 20/10/2005 90112 | (USBDeviceService) . (…) – C:Program FilesSonicDigitalMedia LE v7MyDVD LEUSBDeviceService.exe
SR – | Auto 09/03/2011 238592 | (WDDMService) . (.WDC.) – C:Program FilesWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe
SR – | Auto 09/03/2011 1060864 | (WDFME) . (…) – C:Program FilesWestern DigitalWD SmartWareFront ParlorWDFMEWDFME.exe
SR – | Auto 09/03/2011 484352 | (WDSC) . (…) – C:Program FilesWestern DigitalWD SmartWareFront ParlorWDSC.exe
SR – | Auto 12/11/2001 20480 | (x10nets) . (.X10.) – C:Program FilesCommon FilesX10CommonX10nets.exe
~ Services: Scanned in 00mn 12s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by T!bO at 24/05/2014 11:06:03
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys nvata.sys
C:WINDOWSsystem32driverssfsync02.sys Protection Technology StarForce Protection System
C:WINDOWSsystem32driversnvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk1DR1[0x8A6F9AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 15 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by T!bO at 24/05/2014 11:06:05
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13029 – (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

C:Documents and SettingsT!bOApplication DataMozillaFirefoxProfileshg38zr5x.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c} =>Toolbar.Google^
~ Additionnel Scan: 336533 Items scanned in 00mn 30s

—\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s

~ 1259 Legitimates filtered by white list
End of the scan (616 lines in 09mn 04s)(0)