Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.5.8.57 - Nicolas Coolman (08/05/2014)
~ Lancé par Delphine (08/05/2014 18:28:40)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Ultimate, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Windows Operating System - Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 932CC
Windows Automatic Updates : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ Logiciels d'optimisation du système
CCleaner v2.35
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader X
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (23%) free of 44 GB
---\\ Mode de connexion au système
~ Computer Name: PC-DE-DELPHINE
~ User Name: Delphine
~ All Users Names: Delphine, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Delphine\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Delphine\AppData\Roaming\
~ %Desktop% : C:\Users\Delphine\Desktop\
~ %Favorites% : C:\Users\Delphine\Favorites\
~ %LocalAppData% : C:\Users\Delphine\AppData\Local\
~ %StartMenu% : C:\Users\Delphine\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 44 Go)
D: Hard drive, Flash drive, Thumb drive (Free 354 Go of 422 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowPrinters: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 22:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.18/01/2008 - 22:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.08/05/2014 - 07:36:18.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 22:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.A201207363AA900ABF1A388468688570] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/04/2009 - 20:47:04.) -- C:\Windows\system32\Drivers\AFD.sys [273920]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 22:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 20:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 20:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.218D8AE46C88E82014F5D73D0236D9B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/04/2009 - 20:14:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 20:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.18/01/2008 - 20:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 20:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.454341E652BDF5E01B0F2140232B073E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/11/2010 - 17:46:15.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 20:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.10/04/2009 - 22:32:50.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 20:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.10/04/2009 - 20:52:36.) -- C:\Windows\system32\Drivers\rdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 20:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 20:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.10/04/2009 - 22:32:56.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes musiques (My Musics) : 1/578
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/38
~ Mes Documents (My Documents) : 1/112
~ Mon Bureau (My Desktop) : 1/14
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.3604]
[MD5.CCC08DE1286571175A75A56563C37715] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4706304] [PID.3728]
[MD5.0E20A3213ED010FC4997D1EF48082ABC] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.2832]
[MD5.BA9A09CF1B9503C363617F3748F6D791] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.3392]
[MD5.CCD09CA21C1946AF24834512BD9A6FCA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7873536] [PID.2648]
[MD5.387DC341E2AED29EB8F67B6EE53BB43B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 191.0.) -- C:\Windows\system32\nvvsvc.exe [215656] [PID.984]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1308]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1692]
[MD5.177FF6608B48638D4066726F3A3F8444] - (...) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400] [PID.1280]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.1508]
[MD5.70D7BE78061126DD0C3ACCDB7E129017] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144672] [PID.2060]
[MD5.00A92BD55853CAA7AA4892B266A09AD5] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [65536] [PID.2220]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2252]
[MD5.3331735A4F990A7C21AF7C0E574FD684] - (.O&O Software GmbH - O&O Defrag Agent (Win32).) -- C:\Windows\system32\oodag.exe [1049856] [PID.2380]
[MD5.B1691AF4A072CB674D600DB16DD7308E] - (.Rocket Division Software - StarWind iSCSI Target (Alcohol Edition).) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [275968] [PID.2500]
[MD5.55141DBD546F86517D2381522BA0D1F1] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [240232] [PID.2524]
[MD5.925F0C3E7E53F1FF76C7256DF17B2D73] - (.TeamViewer GmbH - TeamViewer Service.) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [185640] [PID.2592]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Delphine\AppData\Roaming\Mozilla\Firefox\Profiles\wi3m7yob.default\prefs.js
M0 - MFSP: prefs.js [Delphine - wi3m7yob.default] http://www.lequipe.fr
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech Inc. - Logitech KHAL Main Process.) -- C:\Windows\KHALMNPR.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] Clé orpheline
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] Clé orpheline
~ Application: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{C743BD54-F51A-4FD7-A140-8904E4726768}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{FA53F9B6-E150-4F93-BE00-17E94EC9D29C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {E31004D1-A431-41B8-826F-E902F9D95C81} . (.Microsoft Corporation - Bonus Microsoft Windows Vista Édition Intég.) -- C:\Windows\System32\DreamScene.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
~ Services: 10 Legitimates Filtered in 00mn 07s
---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (Win32).) -- C:\Windows\System32\OODBS.exe
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT: - (..) -- C:\Windows\Tasks\{39A04428-3349-4FF7-B2B9-56CE08340CBF}.job [204]
O39 - APT: - (..) -- C:\Windows\Tasks\{495B6A51-6E99-4794-8E31-55CD898E983D}.job [616]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Softonic] =>Toolbar.Conduit
~ Key Software: 198 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/12/2007 - 22:45:03 - [] ----D C:\Program Files\BitLocker
O43 - CFD: 24/07/2010 - 12:26:50 - [] ----D C:\Users\Delphine\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 23/12/2007 - 16:17:21 - [] ----D C:\Users\Delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La sélection Libre Essai
~ Program Folder: 151 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.37885808A6E97243A94913DDF226D44E] - 07/05/2014 - 16:42:44 ---A- . (...) -- C:\Windows\win.ini [177]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.47F22CAD4A16BB40153555D631546B94] - 07/05/2014 - 22:21:20 ---A- . (...) -- C:\Windows\System32\tcpmon.ini [60124]
O44 - LFC:[MD5.628FBD4EF5BD0082C473AB1291F5A46E] - 07/05/2014 - 22:21:36 ---A- . (...) -- C:\Windows\System32\winrm.vbs [195122]
O44 - LFC:[MD5.4599D028A0CA8B54555CF72345940B45] - 07/05/2014 - 22:21:40 ---A- . (...) -- C:\Windows\System32\gatherWiredInfo.vbs [12198]
O44 - LFC:[MD5.6C054DA115C2CA2C523ABD159ED7814B] - 07/05/2014 - 22:21:40 ---A- . (...) -- C:\Windows\System32\gpedit.msc [147439]
O44 - LFC:[MD5.97AED7FC6C2B38F34CA1A3C10D2F5A60] - 07/05/2014 - 22:21:42 ---A- . (...) -- C:\Windows\System32\fsmgmt.msc [144909]
O44 - LFC:[MD5.2BC2546831B054680C6F59888F295E44] - 07/05/2014 - 22:22:32 ---A- . (...) -- C:\Windows\System32\secpol.msc [120458]
O44 - LFC:[MD5.371199E48F046F5CF5F7F57BF8180E57] - 07/05/2014 - 22:22:44 ---A- . (...) -- C:\Windows\System32\manage-bde.ini.en [81158]
O44 - LFC:[MD5.78139758BE8E544475AF2BAFD7BF865D] - 07/05/2014 - 22:22:44 ---A- . (...) -- C:\Windows\System32\manage-bde.wsf [128482]
O44 - LFC:[MD5.9E28B756F6CD07A9A93D9172EF8820FB] - 07/05/2014 - 22:36:52 ---A- . (...) -- C:\Windows\SPInstall.etl [196608]
O44 - LFC:[MD5.8CA7376C2545FEDF2A1222DBFA1B6341] - 07/05/2014 - 23:01:45 ---A- . (...) -- C:\Windows\DtcInstall.log [468]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 07/05/2014 - 23:03:00 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest [749]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 08/05/2014 - 06:37:52 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [130008]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 08/05/2014 - 06:37:57 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man [9239]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 08/05/2014 - 06:37:58 ---A- . (...) -- C:\Windows\System32\slmgr.vbs [92918]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 08/05/2014 - 06:38:03 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin [107612]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 08/05/2014 - 06:38:03 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [18904]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 08/05/2014 - 06:38:12 ---A- . (...) -- C:\Windows\System32\WFP.TMF [208966]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 08/05/2014 - 06:38:17 ---A- . (...) -- C:\Windows\System32\korwbrkr.lex [11967524]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 08/05/2014 - 06:38:30 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll [368640]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 08/05/2014 - 06:38:51 ---A- . (...) -- C:\Windows\System32\dot3.tmf [442788]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 08/05/2014 - 06:38:52 ---A- . (.Pas de propriétaire - Programme d'authentification du périphériqu.) -- C:\Windows\System32\EhStorAuthn.dll [117248]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 08/05/2014 - 06:38:54 ---A- . (...) -- C:\Windows\System32\eaphost.tmf [344698]
O44 - LFC:[MD5.609994C36C394A8D80426BC2CB00CEF7] - 08/05/2014 - 06:39:01 ---A- . (.Pas de propriétaire - Application PrintBrm.) -- C:\Windows\System32\PrintBrmUi.exe [62976]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 08/05/2014 - 06:39:03 ---A- . (...) -- C:\Windows\System32\RacUR.xml [9212]
O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 08/05/2014 - 06:39:03 ---A- . (...) -- C:\Windows\System32\RacUREx.xml [153]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 08/05/2014 - 06:39:06 ---A- . (...) -- C:\Windows\System32\onex.tmf [392170]
O44 - LFC:[MD5.1EFB6FD443E2E48AAC0F65E552ACD6E9] - 08/05/2014 - 06:52:31 ---A- . (...) -- C:\Windows\System32\lvcoinst.log [1210]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 08/05/2014 - 07:36:17 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 08/05/2014 - 07:36:29 ---A- . (...) -- C:\Windows\System32\icrav03.rat [8798]
O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 08/05/2014 - 07:36:29 ---A- . (...) -- C:\Windows\System32\ticrf.rat [1988]
O44 - LFC:[MD5.701374653A10020F9D7CB4E324C503AD] - 08/05/2014 - 07:37:55 ---A- . (...) -- C:\Windows\IE9_main.log [7572]
O44 - LFC:[MD5.3B457012BDBDD72D2F66F3428B3AD8D1] - 08/05/2014 - 17:16:08 ---A- . (...) -- C:\Windows\System32\oodbs.lor [517185]
~ Files: 1540 Legitimates Filtered in 00mn 31s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2ae660f3-abf1-11dc-a4b1-001731f8d91b}\AutoRun\command. (...) -- F:\BSAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:18/10/2006 - 21:44:48 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [7680]
O58 - SDL:19/10/2006 - 03:11:12 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp32.sys [10304]
O58 - SDL:19/10/2006 - 03:11:30 ---A- . (...) -- C:\Windows\System32\Drivers\AsInsHelp64.sys [12096]
O58 - SDL:19/10/2006 - 11:12:16 ---A- . (...) -- C:\Windows\System32\Drivers\AsIO.sys [12664]
O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:07/05/2014 - 18:14:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:02/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:02/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:02/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:21/05/2004 - 20:15:31 ---A- . (...) -- C:\Windows\System32\Drivers\LVUSBSta.sys [19968]
O58 - SDL:16/12/2007 - 16:42:08 ---A- . (.PARADOX - Release Build v1.00.) -- C:\Windows\System32\Drivers\royal.sys [240128]
O58 - SDL:16/12/2007 - 17:07:14 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [685816]
O58 - SDL:02/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:02/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:02/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:19/04/2010 - 19:47:42 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [41984]
O58 - SDL:02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:02/11/2006 - 08:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:02/11/2006 - 08:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:02/11/2006 - 08:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:02/11/2006 - 08:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:02/11/2006 - 08:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:02/11/2006 - 08:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:02/11/2006 - 08:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:02/11/2006 - 08:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:02/11/2006 - 08:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:02/11/2006 - 08:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:02/11/2006 - 08:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:02/11/2006 - 08:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 92 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 07/05/2014 - 18:29:50 ---A- . (...) -- C:\Users\Delphine\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin [203537]
~ 467 Fichiers temporaires (Temporary files)
~ 18 Fichiers cookies (Cookies files)
~ Files: 8 Legitimates Filtered in 00mn 01s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 07/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Delphine - wi3m7yob.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.04FF48CAA668CE89EA77660F7E334F4C] [SPRF][08/05/2014] (...) -- C:\ProgramData\nvModes.dat [111420]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/07/1658 0 | (NMIndexingService) . (...) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Disabled 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/09/2006 102400 | (AdobeActiveFileMonitor5.0) . (...) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/08/2010 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/11/2008 65536 | C:\Program Files\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SR - | Auto 27/09/2009 215656 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 28/06/2007 1049856 | (O&O Defrag) . (.O&O Software GmbH.) - C:\Windows\system32\oodag.exe
SR - | Auto 28/05/2007 275968 | (StarWindServiceAE) . (.Rocket Division Software.) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
SR - | Auto 27/09/2009 240232 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 12/01/2010 185640 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Delphine at 08/05/2014 18:30:20
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
1 nt!IofCallDriver[0x8288214B] >> \Device\Harddisk0\DR0[0x85465AC8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Delphine at 08/05/2014 18:30:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:16/12/2007 - 17:07:14 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [685816]
~ Emulateurs: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13045 - (08/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Classes\CLSID\{08C06D61-F1F3-4799-86F8-BE1A89362C85}] =>Toolbar.Orange
[HKCU\Software\Softonic] =>Toolbar.Conduit
~ Additionnel Scan: 180347 Items scanned in 00mn 28s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/ =>Toolbar.Conduit
~ MSI: 1 link(s) detected in 00mn 00s
~ 2305 Legitimates filtered by white list
End of the scan (467 lines in 02mn 11s)(0)