cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.4.23.42 - Nicolas Coolman (23/04/2014)
~ Lancé par Administrateur (24/04/2014 13:56:00)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v6.0.3790.1830 (Defaut)
OBIE: Wacom WebTabletPlugin for Internet Explorer and Netscape v2.1.0.2

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 64-bit Service Pack 2 (Build 3790)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 2.0.1.1004

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Reader 8 - Français

---\\ Informations sur le système
~ Processor: EM64T Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094.6 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (21%) free of 233 GB

---\\ Mode de connexion au système
~ Computer Name: BE15B
~ User Name: Administrateur
~ All Users Names: SUPPORT_388945a0, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\administrateur\desktop\
~ %Favorites% : C:\Documents and Settings\administrateur\Favorites\
~ %LocalAppData% : C:\Documents and Settings\administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\administrateur\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 49 Go of 233 Go)
D: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 7 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.AE7A08C05F72A9242734C03230A5CD7F] - (.Microsoft Corporation - Windows Explorer.) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1364480]
[MD5.39F24E3689F6768F01A51768BBBC1E47] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\wininet.dll [1190912]
[MD5.901C7E44D11C00CA9D48BA1A866FDC4B] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [944128]
[MD5.F0E008AC59FAA5ECD22C8891B3300378] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\AFD.sys [291840]
[MD5.7A1814D0D112F50F828E25557A1ED29F] - (....) (.17/02/2007 - 00:03:34.) -- C:\WINDOWS\system32\Drivers\atapi.sys [150016]
[MD5.4D99E36322FB51A8D1B2B6D6B69D9889] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [113152]
[MD5.11663FE50E499FFEE77979542B285F38] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [77312]
[MD5.73EA9000F8FB2E060954EB7C3377A3C7] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [50176]
[MD5.50FD608643D9B56C4C75C0784513F77E] - (....) (.17/02/2007 - 00:28:56.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [93184]
[MD5.D2E541613B72FF9FCEDF37B166930706] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [72704]
[MD5.088ECB04137DF1F52EC10C29D57A8CCA] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [180736]
[MD5.DB841EC6F027C780002EF47AABFDDF86] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [156672]
[MD5.9899C0483AE641A9540731164FCA1AC5] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [786944]
[MD5.FEDAAFB6CD700B9E0787C94D81C07DB5] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [347136]
[MD5.C8904B5F90AB2236692E83D491C4D426] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1041920]
[MD5.7DDAA09186DA9F1D304E819B5A6BBC5A] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [135680]
[MD5.D81FDC53EE9C0F68D709E504342D1D74] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [135168]
[MD5.0482A9BE0BE2098A12A61464306BF24B] - (....) (.17/02/2007 - 00:51:24.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [333824]
[MD5.1D793394201000D2D56E848C18FE9A62] - (....) (.24/03/2005 - 18:24:04.) -- C:\WINDOWS\system32\Drivers\redbook.sys [64000]
[MD5.9A7410739230F3AAF9390B79EB398570] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\smb.sys [99328]
[MD5.FD6D28D1BBF31C719D9C5EC2D20FB5C2] - (....) (.18/02/2007 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [288768]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/302
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 3/1889
~ Mon Bureau (My Desktop) : 1/12108
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 04s



---\\ Processus lancés
[MD5.D998FA33E11467D43A9BB7E9D3BAD124] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867392] [PID.956]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [AllUsers]: Brother Creative Center.lnk . (.AVAST Software - avast! Antivirus.) -- C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url
O4 - GS\Desktop [AllUsers]: CATIA V5R20.lnk . (.Dassault Systemes - Administration.) -- C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSTART.exe
O4 - GS\Desktop [AllUsers]: KeyShot 4 64.lnk . (...) -- C:\Program Files\KeyShot4\bin\keyshot4.exe
O4 - GS\Desktop [AllUsers]: SolidWorks eDrawings 2011.lnk . (.Dassault Systèmes SolidWorks Corp. - EModelViewer Module.) -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe
O4 - GS\Desktop [AllUsers]: SolidWorks Explorer 2011.lnk . (.Acresso Software Inc. - InstallShield.) -- C:\WINDOWS\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe
O4 - GS\Desktop [AllUsers]: TransMagic R8.lnk . (.TransMagic, Inc. - TransMagic Application.) -- C:\Program Files (x86)\TransMagic Inc\TransMagic R8\System\TransMagic.exe
~ Global Startup: 15 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [AllUsers]: Adobe Reader Synchronizer.lnk . (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 8.0.) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - GS\Startup [AllUsers]: Lancement rapide d'Adobe Reader.lnk . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - GS\Startup [AllUsers]: Logitech SetPoint.lnk . (.Logitech Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - GS\Startup [AllUsers]: Téléchargement en arrière-plan de SolidWorks.lnk . (.Dassault Systèmes SolidWorks Corp. - sldBgDwldresu.) -- C:\Program Files (x86)\Common Files\Gestionnaire d'installation SolidWorks\BackgroundDownloading\sldBgDwld.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (...) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe
O4 - HKLM\..\Run: [NvMediaCenter] . (...) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [Synchronization Manager] . (.Microsoft Corporation - Microsoft Synchronization Manager.) -- C:\WINDOWS\system32\mobsync.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon00] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [Device Detector] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [BrStsMon01] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] . (...) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] . (...) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] . (...) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] . (...) -- C:\WINDOWS\system32\tscupgrd.exe
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Windows Messenger [64Bits] - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CQFD.local
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia [64Bits] - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (...) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (...) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (...) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (...) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (...) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader [64Bits] - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Event Log (Eventlog) . (...) - C:\WINDOWS\system32\services.exe
O23 - Service: HASP License Manager (hasplms) . (...) - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Net Logon (Netlogon) . (...) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Plug and Play (PlugPlay) . (...) - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) . (...) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) . (...) - C:\WINDOWS\system32\lsass.exe
~ Services: 13 Legitimates Filtered in 00mn 01s



---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - KnownDLLs: (wow64) . (...) -- C:\WINDOWS\system32\wow64.dll
O36 - KnownDLLs: (wow64cpu) . (...) -- C:\WINDOWS\system32\wow64cpu.dll
O36 - KnownDLLs: (wow64win) . (...) -- C:\WINDOWS\system32\wow64win.dll
~ Keys: Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (AFD) . (...) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (...) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (...) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (imapi) . (...) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (IPSec) . (...) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (...) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (Mouclass) . (...) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (...) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (...) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (...) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (RasAcd) . (...) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (...) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (...) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (...) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (Serial) . (...) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: (Tcpip) . (...) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (...) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: VGA Display Controller. (VgaSave) . (...) - C:\WINDOWS\system32\drivers\vga.sys
~ Drivers: 57 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: DATAKIT CrossManager 2010 - (.DATAKIT.) [HKLM][64Bits] -- {D14AD67F-DB76-42D8-927F-3C5742A7E963}
O42 - Logiciel: GT-SUITE C:\GTI - (.Gamma Technologies, Inc..) [HKLM][64Bits] -- GT-SUITE_C:/GTI
O42 - Logiciel: GT-SUITE v6.1.0 - (.Gamma Technologies, Inc..) [HKLM][64Bits] -- GT-SUITE v6.1.0
O42 - Logiciel: KeyShot4 4.0 64 bit - (.Luxion ApS.) [HKLM][64Bits] -- KeyShot4_64
O42 - Logiciel: TransMagic R8 - (.TransMagic, Inc..) [HKLM][64Bits] -- {B96CF7E1-FCFF-4450-A26D-DD05B5CE49B8}
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Gamma Technologies, Inc.]
[HKCU\Software\Luxion]
[HKCU\Software\TransMagic]
[HKLM\Software\ADFS]
[HKLM\Software\Luxion]
[HKLM\Software\Wow6432Node\Luxion]
~ Key Software: 188 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/05/2011 - 15:47:40 - [] ----D C:\Program Files (x86)\DATAKIT
O43 - CFD: 03/05/2011 - 15:28:54 - [] ----D C:\Program Files (x86)\TransMagic Inc
O43 - CFD: 16/04/2009 - 11:25:33 - [0] ----D C:\Documents and Settings\administrateur\Local Settings\Application Data\FEMAP
O43 - CFD: 03/05/2011 - 15:47:47 - [] ----D C:\Documents and Settings\administrateur\Start Menu\Programs\Datakit
~ Program Folder: 111 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5F1C733247938493C9E7C482F8303BFC] - 09/04/2014 - 16:17:45 ----- . (...) -- C:\UsbFix [Clean 7] BE15B.txt [8119]
O44 - LFC:[MD5.299A08DAF8DA7C27C642EA9CC9B01F5F] - 11/04/2014 - 12:53:25 ----- . (...) -- C:\UsbFix [Clean 8] BE15B.txt [8709]
O44 - LFC:[MD5.2E34867CD7EEC26A74B35242D282B175] - 11/04/2014 - 16:45:54 ----- . (...) -- C:\UsbFix [Clean 9] BE15B.txt [8500]
O44 - LFC:[MD5.EC3BA4D1FA4DF8F6BC929CD4BEEF0F31] - 17/04/2014 - 17:27:46 ----- . (...) -- C:\UsbFix [Clean 10] BE15B.txt [6919]
O44 - LFC:[MD5.8D511CDCB99CFB032AA886ADDCA820A1] - 18/04/2014 - 06:38:28 ----- . (...) -- C:\UsbFix [Scan 1] BE15B.txt [4382]
O44 - LFC:[MD5.6F9FC3F7EDEE8D4BD7892F3C479B196D] - 18/04/2014 - 06:40:01 ----- . (...) -- C:\UsbFix [Clean 11] BE15B.txt [6469]
O44 - LFC:[MD5.10F7C2D355A957C482A76627CDAE508A] - 21/04/2014 - 16:45:18 ----- . (...) -- C:\UsbFix [Clean 12] BE15B.txt [7828]
O44 - LFC:[MD5.2A16CFBD9FBB4832FCB99793C4A089D5] - 23/04/2014 - 11:28:46 ----- . (...) -- C:\UsbFix [Clean 15] BE15B.txt [9850]
O44 - LFC:[MD5.FD5465B876D55534117963FAAA4B9DFC] - 23/04/2014 - 12:01:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbam.sys [25816]
O44 - LFC:[MD5.4A1356200B82B852E137B687F03E8054] - 23/04/2014 - 12:01:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [88280]
O44 - LFC:[MD5.D31DEC83A496E4C96BB091FEAFD3151D] - 23/04/2014 - 12:51:23 ----- . (...) -- C:\UsbFix [Clean 16] BE15B.txt [9015]
O44 - LFC:[MD5.DDA3AC368F147487262A094E537AF750] - 23/04/2014 - 12:55:06 ----- . (...) -- C:\UsbFix [Clean 17] BE15B.txt [9498]
O44 - LFC:[MD5.8F6E5597268D8A38E04174898D861BF9] - 23/04/2014 - 12:56:50 ----- . (...) -- C:\UsbFix [Scan 2] BE15B.txt [4093]
O44 - LFC:[MD5.6140163BFE9D8F2DFDBA088ED5521C13] - 23/04/2014 - 13:55:45 ---A- . (...) -- C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys [119512]
O44 - LFC:[MD5.F2C333CB56FD892A53DA5354E2349270] - 24/04/2014 - 09:01:27 ----- . (...) -- C:\UsbFix [Clean 13] BE15B.txt [7251]
O44 - LFC:[MD5.B99813EE0EB081DDC0E169E35ADC93BF] - 24/04/2014 - 09:06:09 ----- . (...) -- C:\UsbFix [Clean 18] BE15B.txt [11746]
O44 - LFC:[MD5.CF0A00C4756068469DD3CB45D8FFA7C5] - 24/04/2014 - 10:52:27 ----- . (...) -- C:\UsbFix [Clean 14] BE15B.txt [8385]
O44 - LFC:[MD5.4C77D05D850E768E43551C993CC5116A] - 24/04/2014 - 10:57:10 ----- . (...) -- C:\UsbFix [Clean 19] BE15B.txt [12750]
O44 - LFC:[MD5.999DB196E3D49E984E62F1D743F48F42] - 24/04/2014 - 10:58:27 ---A- . (...) -- C:\UsbFix [Clean 20] BE15B.txt [11816]
~ Files: 30 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - URL Exec Hook [64Bits] - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CATELFSlaveProcess.exe" [Disabled] .(...) -- C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CATELFSlaveProcess.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CNEXT.exe" [Disabled] .(...) -- C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CNEXT.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CATUTIL.exe" [Enabled] .(...) -- C:\Program Files (x86)\Dassault Systemes\B14\intel_a\code\bin\CATUTIL.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\orbixd.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\orbixd.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "C:\GTI\flexlm\GTISOFT.exe" [Enabled] .(...) -- C:\GTI\flexlm\GTISOFT.exe (.not file.)
O47 - AAKE:Key Export DP - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
O47 - AAKE:Key Export DP - "C:\Program Files\KeyShot4\bin\keyshot4.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\KeyShot4\bin\keyshot4.exe
O47 - AAKE:Key Export DP - "C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe" [Enabled] .(...) -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe (.not file.)
~ Keys Export: 14 Legitimates Filtered in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\wd.sys . (...) -- C:\WINDOWS\system32\Drivers\wd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (...) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (...) -- C:\WINDOWS\system32\Drivers\tdpipe.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (...) -- C:\WINDOWS\system32\Drivers\tdtcp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (...) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys (.not file.)
~ CSB: 24 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisablePersonalDirChange"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWelcomeScreen"=1
~ MWPE Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\acpiec.sys [18432]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\afd.sys [291840]
O58 - SDL:16/10/2006 - 18:34:56 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aksclass.sys [13952]
O58 - SDL:13/12/2006 - 17:14:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aksdf.sys [65024]
O58 - SDL:27/03/2008 - 18:50:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aksfridge.sys [128512]
O58 - SDL:04/12/2006 - 09:44:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\akshasp.sys [90240]
O58 - SDL:23/07/2007 - 15:13:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\akshhl.sys [56960]
O58 - SDL:04/12/2006 - 09:44:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aksusb.sys [18688]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\amdk8.sys [51712]
O58 - SDL:08/05/2006 - 19:19:40 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASACPI.sys [8192]
O58 - SDL:09/05/2013 - 09:59:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswFsBlk.sys [33400]
O58 - SDL:09/05/2013 - 09:59:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswMonFlt.sys [80816]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRdr.sys [59144]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [65336]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSnx.sys [1025808]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswSP.sys [378432]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswTdi.sys [64288]
O58 - SDL:09/05/2013 - 09:59:07 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [189936]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\asyncmac.sys [25088]
O58 - SDL:17/02/2007 - 00:03:34 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atapi.sys [150016]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atmarpc.sys [106496]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atmepvc.sys [57344]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atmlane.sys [91648]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\atmuni.sys [569856]
O58 - SDL:24/03/2005 - 18:12:02 ---A- . (...) -- C:\WINDOWS\system32\Drivers\audstub.sys [5632]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\beep.sys [6144]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\bridge.sys [116224]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\cdac15ba.sys [13312]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\cdad10ba.sys [13312]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\cdfs.sys [113152]
O58 - SDL:17/10/2011 - 02:00:00 ----- . (...) -- C:\WINDOWS\system32\Drivers\cdr4_xp.sys [10224]
O58 - SDL:17/10/2011 - 02:00:00 ----- . (...) -- C:\WINDOWS\system32\Drivers\cdralw2k.sys [10224]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\cdrom.sys [77312]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\classpnp.sys [88576]
O58 - SDL:24/03/2005 - 18:15:54 ---A- . (...) -- C:\WINDOWS\system32\Drivers\crcdisk.sys [19968]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\disk.sys [63488]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\diskdump.sys [24064]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\dmboot.sys [415232]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\dmio.sys [244224]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\dmload.sys [9216]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\dxapi.sys [20992]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\dxg.sys [137216]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\fastfat.sys [247808]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\fdc.sys [36352]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\fips.sys [50176]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\flpydisk.sys [32256]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\fltMgr.sys [227328]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\fs_rec.sys [13824]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ftdisk.sys [240128]
O58 - SDL:04/12/2006 - 09:44:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hardlock.sys [314368]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hidclass.sys [64512]
O58 - SDL:21/06/2012 - 15:12:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hidkmdf.sys [13728]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hidparse.sys [41472]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\hidusb.sys [18944]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\http.sys [560640]
O58 - SDL:17/02/2007 - 00:28:56 ---A- . (...) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [93184]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\imapi.sys [72704]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\intelppm.sys [49152]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ip6fw.sys [57856]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ipfltdrv.sys [49664]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ipnat.sys [180736]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ipsec.sys [156672]
O58 - SDL:17/02/2007 - 01:31:14 ---A- . (...) -- C:\WINDOWS\system32\Drivers\irenum.sys [19456]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\isapnp.sys [14336]
O58 - SDL:17/02/2007 - 00:34:06 ---A- . (...) -- C:\WINDOWS\system32\Drivers\kbdclass.sys [36864]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ks.sys [279552]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ksecdd.sys [187392]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ksthunk.sys [24192]
O58 - SDL:23/01/2007 - 15:47:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\L8042Kbd.sys [35600]
O58 - SDL:03/04/2014 - 08:50:58 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbam.sys [25816]
O58 - SDL:03/04/2014 - 08:51:04 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [88280]
O58 - SDL:23/04/2014 - 13:55:45 ---A- . (...) -- C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys [119512]
O58 - SDL:01/06/2011 - 14:27:04 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mcamvusb.sys [41984]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mcd.sys [20992]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mf.sys [94208]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mnmdd.sys [8192]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\modem.sys [49664]
O58 - SDL:24/03/2005 - 17:21:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mouclass.sys [33792]
O58 - SDL:24/03/2005 - 17:21:12 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mouhid.sys [19456]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mountmgr.sys [72192]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mqac.sys [154624]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mrxdav.sys [273408]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mrxsmb.sys [786944]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\msfs.sys [32768]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\msgpc.sys [71168]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mssmbios.sys [29696]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mup.sys [178688]
O58 - SDL:25/05/2007 - 04:35:10 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mv61xx.sys [159232]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ndis.sys [361984]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ndistapi.sys [15872]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ndisuio.sys [28160]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ndiswan.sys [161280]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ndproxy.sys [65024]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\netbios.sys [53760]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\netbt.sys [347136]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\nmnt.sys [71168]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\npfs.sys [56832]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1041920]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\null.sys [5632]
O58 - SDL:26/05/2008 - 15:06:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\nv4_mini.sys [9525760]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\nwlnkipx.sys [138752]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\nwlnknb.sys [105472]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\nwlnkspx.sys [87552]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\oprghdlr.sys [6656]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\parport.sys [135680]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\partmgr.sys [45056]
O58 - SDL:17/02/2007 - 00:44:22 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pci.sys [115200]
O58 - SDL:24/03/2005 - 17:22:08 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pciide.sys [6144]
O58 - SDL:17/02/2007 - 00:44:22 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pciidex.sys [40448]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\pcmcia.sys [188416]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\processr.sys [47616]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\psched.sys [106496]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ptilink.sys [31232]
O58 - SDL:03/11/2011 - 02:01:00 ----- . (...) -- C:\WINDOWS\system32\Drivers\PxHlpa64.sys [56208]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rasacd.sys [18432]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rasl2tp.sys [135168]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\raspppoe.sys [69120]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\raspptp.sys [120320]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\raspti.sys [31232]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rawwan.sys [59904]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rdbss.sys [309248]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys [7680]
O58 - SDL:17/02/2007 - 00:51:24 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [333824]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rdpwd.sys [230536]
O58 - SDL:24/03/2005 - 18:24:04 ---A- . (...) -- C:\WINDOWS\system32\Drivers\redbook.sys [64000]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\RMCast.sys [181248]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rndismp.sys [51200]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\rootmdm.sys [11776]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\scsiport.sys [171008]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sdbus.sys [119296]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\secdrv.sys [12800]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\serenum.sys [27648]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\serial.sys [121344]
O58 - SDL:24/03/2005 - 16:24:40 ---A- . (...) -- C:\WINDOWS\system32\Drivers\serscan.sys [11776]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sffdisk.sys [16896]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sffp_sd.sys [17408]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sfloppy.sys [17920]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\smb.sys [99328]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\smclib.sys [23040]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sonydcam.sys [39680]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sr.sys [123904]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\srv.sys [646656]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\storport.sys [173056]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\stream.sys [84736]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\swenum.sys [5120]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tape.sys [30720]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tcpip.sys [768000]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tcpip6.sys [375296]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tdi.sys [33792]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tdpipe.sys [20616]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tdtcp.sys [37512]
O58 - SDL:17/02/2007 - 00:59:40 ---A- . (...) -- C:\WINDOWS\system32\Drivers\termdd.sys [69768]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\tunmp.sys [19968]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\udfs.sys [107520]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\update.sys [81920]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usb8023.sys [24064]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbcamd2.sys [43264]
O58 - SDL:17/02/2007 - 01:00:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbccgp.sys [42752]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbd.sys [7552]
O58 - SDL:17/02/2007 - 01:00:46 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbehci.sys [44160]
O58 - SDL:17/02/2007 - 01:00:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbhub.sys [102400]
O58 - SDL:17/02/2007 - 01:00:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbport.sys [212480]
O58 - SDL:17/02/2007 - 01:00:50 ---A- . (...) -- C:\WINDOWS\system32\Drivers\USBSTOR.SYS [48128]
O58 - SDL:17/02/2007 - 01:00:50 ---A- . (...) -- C:\WINDOWS\system32\Drivers\usbuhci.sys [32512]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\vga.sys [32768]
O58 - SDL:24/03/2005 - 18:34:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\vgapnp.sys [33792]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\videoprt.sys [117760]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\volsnap.sys [288768]
O58 - SDL:21/06/2012 - 15:12:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\wachidrouter.sys [68512]
O58 - SDL:22/05/2012 - 14:07:18 ---A- . (...) -- C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys [15736]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\wanarp.sys [55296]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\watchdog.sys [11264]
O58 - SDL:14/07/2009 - 10:35:06 ----- . (...) -- C:\WINDOWS\system32\Drivers\wdf01000.sys [654072]
O58 - SDL:14/07/2009 - 10:35:06 ----- . (...) -- C:\WINDOWS\system32\Drivers\wdfldr.sys [41192]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\wmilib.sys [9216]
O58 - SDL:24/03/2005 - 17:35:08 ---A- . (...) -- C:\WINDOWS\system32\Drivers\WpdUsb.sys [29696]
O58 - SDL:18/02/2007 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ws2ifsl.sys [23040]
O58 - SDL:23/11/2006 - 08:01:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\yk51x64.sys [326656]
O58 - SDL:11/10/2006 - 04:33:58 ---A- . (...) -- C:\WINDOWS\SysWOW64\drivers\ASUSHWIO.SYS [10288]
~ Drivers: 6 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 13/12/2006 - C:\WINDOWS\system32\DRIVERS\aksdf.sys (aksdf) .(...) - LEGACY_AKSDF
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys (CdaD10BA) .(...) - LEGACY_CDAD10BA
O64 - Services: CurCS - 24/03/2005 - C:\WINDOWS\system32\DRIVERS\crcdisk.sys (crcdisk) .(...) - LEGACY_CRCDISK
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\msgpc.sys (Gpc) .(...) - LEGACY_GPC
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec) .(...) - LEGACY_IPSEC
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (MRxSmb) .(...) - LEGACY_MRXSMB
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\lsass.exe (Netlogon) .(...) - LEGACY_NETLOGON
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\Drivers\PartMgr.sys (PartMgr) .(...) - LEGACY_PARTMGR
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\lsass.exe (PolicyAgent) .(...) - LEGACY_POLICYAGENT
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\rasacd.sys (RasAcd) .(...) - LEGACY_RASACD
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\sr.sys (sr) .(...) - LEGACY_SR
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\tcpip.sys (Tcpip) .(...) - LEGACY_TCPIP
O64 - Services: CurCS - 18/02/2007 - C:\WINDOWS\system32\DRIVERS\wanarp.sys (Wanarp) .(...) - LEGACY_WANARP
~ Legacy: 132 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: DMServer (DMServer) . (...) -- C:\WINDOWS\system32\dmserver.dll [37376]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (...) -- C:\WINDOWS\system32\srvsvc.dll [160256]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (...) -- C:\WINDOWS\system32\wkssvc.dll [226304]
O83 - Search Svchost Services: Messenger (Messenger) . (...) -- C:\WINDOWS\system32\msgsvc.dll [57344]
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (...) -- C:\WINDOWS\system32\ntmssvc.dll [794112]
O83 - Search Svchost Services: SRService (SRService) . (...) -- C:\WINDOWS\system32\srsvc.dll [231424]
O83 - Search Svchost Services: winmgmt (winmgmt) . (...) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [232960]
O83 - Search Svchost Services: wscsvc (wscsvc) . (...) -- C:\WINDOWS\system32\wscsvc.dll [74752]
O83 - Search Svchost Services: TermService (TermService) . (...) -- C:\WINDOWS\system32\termsrv.dll [364032]
O83 - Search Svchost Services: BITS (BITS) . (...) -- C:\WINDOWS\system32\qmgr.dll [706560]
O83 - Search Svchost Services: wuauserv (wuauserv) . (...) -- C:\WINDOWS\system32\wuauserv.dll [12288]
~ Services: 36 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.58FF3BA4A5A34A20D6E0E095F05D1939] [SPRF][23/04/2014] (...) -- C:\Documents and Settings\administrateur\desktop\adwcleaner.exe [1345299]
[MD5.0D7B94A9D8068CAAF4FDD01D1C223C42] [SPRF][09/11/2011] (.The GIMP Team - GIMP Setup.) -- C:\Documents and Settings\administrateur\desktop\gimp-2.6.10-i686-setup-1.exe [20039632]
[MD5.5C8C133D2154898683EF4846477817CD] [SPRF][05/11/2012] (...) -- C:\Documents and Settings\administrateur\desktop\pro633-4_int.exe [30947232]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SS - | Auto 26/09/2009 36864 | (BBDemon) . (.Dassault Systemes.) - C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
SS - | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files (x86)\Browny02\BrYNSvc.exe
SS - | Demand 05/10/2010 87336 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 18/02/2007 399872 | (dmadmin) . (...) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 22/11/2010 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 22/11/2010 1431888 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 23/09/2004 143360 | (gtexecd3490) . (...) - C:\GTI\services\v10\bin\win32\gtexecd.exe
SS - | Demand 23/09/2004 217088 | (gtsched3491) . (...) - C:\GTI\services\v10\bin\win32\gtsched.exe
SS - | Auto 17/07/2008 2549248 | (hasplms) . (...) - C:\WINDOWS\system32\hasplms.exe
SS - | Demand 18/02/2007 14336 | (HTTPFilter) . (...) - C:\WINDOWS\system32\lsass.exe
SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Demand 18/02/2007 265728 | (ImapiService) . (...) - C:\WINDOWS\system32\imapi.exe
SS - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SS - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SS - | Demand 18/02/2007 6656 | (MSDTC) . (...) - C:\WINDOWS\system32\msdtc.exe
SS - | Demand 18/02/2007 14336 | (NtLmSsp) . (...) - C:\WINDOWS\system32\lsass.exe
SS - | Auto 26/05/2008 153600 | (NVSvc) . (...) - C:\WINDOWS\system32\nvsvc64.exe
SS - | Demand 18/02/2007 212480 | (RDSessMgr) . (...) - C:\WINDOWS\system32\sessmgr.exe
SS - | Demand 04/04/2014 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 02/08/2012 8786848 | (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
SS - | Disabled 18/02/2007 113152 | (TlntSvr) . (...) - C:\WINDOWS\system32\tlntsvr.exe
SS - | Auto 02/08/2012 565152 | (TouchServiceWacom) . (.Wacom Technology, Corp..) - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
SS - | Demand 18/02/2007 613376 | (vds) . (...) - C:\WINDOWS\system32\vds.exe
SS - | Demand 18/02/2007 2062336 | (VSS) . (...) - C:\WINDOWS\system32\vssvc.exe
SS - | Demand 18/02/2007 223232 | (WmiApSrv) . (...) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
SR - | Auto 18/02/2007 224256 | (Eventlog) . (...) - C:\WINDOWS\system32\services.exe
SR - | Auto 18/02/2007 14336 | (Netlogon) . (...) - C:\WINDOWS\system32\lsass.exe
SR - | Auto 18/02/2007 224256 | (PlugPlay) . (...) - C:\WINDOWS\system32\services.exe
SR - | Auto 18/02/2007 14336 | (PolicyAgent) . (...) - C:\WINDOWS\system32\lsass.exe
SR - | Auto 18/02/2007 14336 | (ProtectedStorage) . (...) - C:\WINDOWS\system32\lsass.exe
SR - | Auto 18/02/2007 14336 | (SamSs) . (...) - C:\WINDOWS\system32\lsass.exe
~ Services: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (23/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 493659 Items scanned in 00mn 22s



~ 684 Legitimates filtered by white list
End of the scan (671 lines in 00mn 42s)(0)

Publicité


Signaler le contenu de ce document

Publicité