Firefox trop lent au démarrage

Bonjour,






Voici le rapport ZHPDiag et merci d'avance pour votre contribution


~ Rapport de ZHPDiag v2013.8.28.38 - Nicolas Coolman (28/08/2013)
~ Lancé par Abdesalem Derdar (28/08/2013 15:03:03)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 23.0.1 (Defaut)
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
AVG 2013 v13.0.3211
Malwarebytes Anti-Malware version 1.75.0.1300
ZoneAlarm Firewall v11.0.000.054
ZoneAlarm Free Firewall v11.0.000.504
ZoneAlarm Security v11.0.000.054

---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 25

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1014 MB (17% free)
System Restore: Activé (Enable)
System drive C: has 88 GB (74%) free of 118 GB

---\\ Mode de connexion au système
~ Computer Name: YOUR-10A2E35C12
~ User Name: Abdesalem Derdar
~ All Users Names: SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur, Abdesalem Derdar,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Abdesalem Derdar\Application Data\
~ %Desktop% : C:\Documents and Settings\Abdesalem Derdar\Bureau\
~ %Favorites% : C:\Documents and Settings\Abdesalem Derdar\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 88 Go of 118 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 25 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 26 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] - (.Microsoft Corporation - Internet Extensions for Win32.) (.26/07/2013 - 03:47:15.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/13
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/431
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 08s



---\\ Processus lancés au démarrage du système
[MD5.2313A18382B038AAF6EB5DD750CC65E5] - (.Check Point Software Technologies LTD - TrueVector Service.) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447888] [PID.1416]
[MD5.57FE873B8246DEF1372503CBC57A7499] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320] [PID.236]
[MD5.9F9D928F2004559247E8DEA4D1361D9B] - (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984] [PID.740]
[MD5.9ECF00E19736054E019C532AED8228FC] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182184] [PID.1188]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1452]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1896]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2100]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2236]
[MD5.A96F636AFBDE939E8ABD601F9801B031] - (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\WINDOWS\System32\StkCSrv.exe [31248] [PID.2428]
[MD5.80349CB09DDC2F99E16D0F8919E2DCA3] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [349528] [PID.2988]
[MD5.57B463FB782C46D30E680ACF8983CFD3] - (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [659456] [PID.3692]
[MD5.FFD1C110E23B515EE0EFE15D9993EC45] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480] [PID.3832]
[MD5.91539F4F58BB4B1E3BF24604656CE7D3] - (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [3153408] [PID.3976]
[MD5.D49ED5FF272A46FA38361028835D09FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [166424] [PID.508]
[MD5.116F2BCCAC99E445C2FC4557B6B47927] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [137752] [PID.1388]
[MD5.9208018B94294F39E8FF504A182A102E] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.1764]
[MD5.0D67A518BE3BC74C63423AC5595C7251] - (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832] [PID.2220]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.2372]
[MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe [295512] [PID.2528]
[MD5.3886EC1A39667F30E5A6797E2DD54062] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [603488] [PID.2680]
[MD5.8FCDD80575921F180E75BC7CF4310140] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [1451384] [PID.0]
[MD5.01921762F0525B17057ECEAD1ADFC22D] - (.SAMSUNG Electronics - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [679936] [PID.3316]
[MD5.3B209AAB427023013F982E125B72DB41] - (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\system32\igfxext.exe [170520] [PID.3544]
[MD5.50E187E0EC23EF6C46E68109FB75D31B] - (.SAMSUNG Electronics Co., Ltd. - MagicKBD V5 Launcher.) -- C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe [372736] [PID.3412]
[MD5.3048C513A620837E94F527435012E25B] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe [299008] [PID.3084]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.2552]
[MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe [4411440] [PID.480]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312] [PID.676]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136] [PID.1964]
[MD5.3F4DE64257DAC6B892EC2AD0CEEEFF68] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe [1117744] [PID.988]
[MD5.EC45360EF69F034D2D6F52AFE88EA88D] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe [799280] [PID.772]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [276376] [PID.3220]
[MD5.013CBC83D1C8131EB623567EF4D3FFCC] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.1856]
[MD5.E1CD28D843470D427A2A48D39734939A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7842304] [PID.3848]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3176]
[MD5.B1EC3A650C8640BA5094D7C4F02A798B] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe [763952] [PID.176]
[MD5.6167870E1C50E29C18F5120524C0C191] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe [452144] [PID.3984]
~ Processes Running: Scanned in 00mn 19s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Abdesalem Derdar\Application Data\Mozilla\Firefox\Profiles\ese4l2v8.default-1372297400015\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar: ZoneAlarm Security Engine - [HKLM]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [EDS] . (.Samsung Electronics,.LTD - EDSAgentEx Application.) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] . (.SAMSUNG Electronics - Loader of Easy Display Manager - Display Co.) -- C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [SUPBackground] . (...) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
O4 - HKLM\..\Run: [BatteryManager] . (.Pas de propriétaire - BatteryManager MFC.) -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] . (.Pas de propriétaire - PreMKBD before Magic Keyboard Program.) -- C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Run: [ZoneAlarm] . (.Check Point Software Technologies LTD - ZoneAlarm.) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [ISW] . (.Check Point Software Technologies - ZoneAlarm Browser Security.) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\program files\real\realplayer\update\realsched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3659336295-3222183615-1794127435-1005\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
~ Application: Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\Programs: Favoris Bluetooth.lnk - Clé orpheline
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Photorécit 3 pour Windows.lnk . (.Microsoft Corp. - Photo Story 3 for Windows.) -- C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe
O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: Create Amazing Presentations.lnk - Clé orpheline
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 02s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{E8A71F27-00C9-42D2-94FA-C649948551C9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) . (.Check Point Software Technologies LTD - TrueVector Service.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
~ Services: 12 Legitimates Filtered in 00mn 25s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Advanced File Encryptor - (.Zemerick Software, Inc..) [HKLM] -- {3F1828A5-C1EA-43DC-B2AC-2E1275805D51}_is1
O42 - Logiciel: Convertisseur La Poste - (...) [HKLM] -- Convertisseur La Poste
O42 - Logiciel: Magic Keyboard - (...) [HKLM] -- {BD723E53-A42C-4702-AA04-1D74A0311590}
O42 - Logiciel: Play Camera - (.Nom de votre société.) [HKLM] -- InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}
~ Logic: 99 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\IncrediMail]
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKLM\Software\AFE]
[HKLM\Software\D-MAX]
[HKLM\Software\WLAN]
~ Key Software: 167 Legitimates Filtered in 00mn 03s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2013 - 23:58:27 - [3,404] ----D C:\Program Files\afe
O43 - CFD: 28/11/2011 - 20:00:27 - [2,187] ----D C:\Program Files\La Poste
O43 - CFD: 21/05/2013 - 20:00:53 - [0,000] ----D C:\Documents and Settings\All Users\Application Data\IM
O43 - CFD: 21/05/2013 - 19:56:28 - [0,012] ----D C:\Documents and Settings\All Users\Application Data\IncrediMail
O43 - CFD: 03/02/2013 - 04:13:01 - [0,016] ----D C:\Documents and Settings\All Users\Application Data\InstallBrainService =>PUP.InstallBrain
O43 - CFD: 27/08/2009 - 17:22:48 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\WLAN
O43 - CFD: 24/06/2013 - 09:29:06 - [0,029] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\emaze
O43 - CFD: 21/05/2013 - 20:03:01 - [40,063] ----D C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\IM
O43 - CFD: 29/06/2013 - 23:58:29 - [0,001] ----D C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\Programmes\Advanced File Encryptor
O43 - CFD: 28/11/2011 - 20:00:27 - [0,004] ----D C:\Documents and Settings\Abdesalem Derdar\Menu Démarrer\Programmes\La Poste
~ Program Folder: 158 Legitimates Filtered in 01mn 22s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9E31ED1ADFA5037952B6FEEF82612E02] - 28/08/2013 - 12:09:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.3FF5E48FBA41260D8E52F9DFC85AC2A8] - 28/08/2013 - 12:09:08 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.C37415AF29ACE4819256A9ECCA8837AD] - 16/08/2013 - 01:52:56 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [32558]
~ Files: 18 Legitimates Filtered in 00mn 16s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bee5467a-96d3-11de-9fc8-001377b526a5}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.)
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 27/10/2005 - Pas de propriétaire (DOSMEMIO) .(...) - LEGACY_DOSMEMIO
O64 - Services: CurCS - 03/05/2009 - C:\WINDOWS\system32\StkCSrv.exe (StkSSrv) .(.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - LEGACY_STKSSRV
~ Legacy: 137 Legitimates Filtered in 00mn 02s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {0B23F89D-F1A9-4F6C-1F6A-1B5E860BACAC} - (AVG Secure Search) - https://isearch.avg.com/ =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {C7211E1C-F627-42EC-8140-6A26038A8798} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FC6AA20F66BD7958D3D7339B28A68B21] [SPRF][30/07/2012] (...) -- C:\Documents and Settings\Abdesalem Derdar\Local Settings\Application Data\dt.dat [27520]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "FC9F64B706FCE29418E659BEA1D9B14B" . (.Play Camera.) -- C:\WINDOWS\Installer\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\ARPPRODUCTICON.exe
~ Update Products: 69 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8C5A8864813F7974AB87F7A80B2D5884] [WIS][21/02/2013] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\2da0dd.msi [538624] =>Toolbar.DeltaSearch
[MD5.8AE9BF86B2FBA914152AEDBA0C41EACA] [WIS][27/02/2013] (.Iminent - Iminent.) -- C:\Windows\Installer\6b09a.msi [1772032] =>Adware.IMBooster
[MD5.787C2F06A3E7A86ED97A0940583ABB6A] [WIS][27/02/2013] (.IMinent - IMinent Toolbar.) -- C:\Windows\Installer\6b0a0.msi [272896] =>Adware.IMBooster
~ WIS: 76 Legitimates Filtered in 00mn 28s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgidsagent.exe
SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 23/03/2009 349528 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 21/08/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 21/08/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 22/11/2012 497320 | (IswSvc) . (.Check Point Software Technologies.) - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
SR - | Auto 23/06/2013 182184 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 17/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 03/05/2009 31248 | (StkSSrv) . (.Syntek America Inc..) - C:\WINDOWS\system32\StkCSrv.exe
SR - | Auto 27/03/2013 2447888 | (vsmon) . (.Check Point Software Technologies LTD.) - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
SR - | Auto 14/04/2008 14336 | C:\WINDOWS\system32\yk51x86.dll (yksvc) . (.Marvell.) - C:\WINDOWS\system32\svchost.exe
~ Services: Scanned in 00mn 30s



---\\ Scan Additionnel (O88)
Database Version : v2.12867 - (28/08/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4

[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
C:\Documents and Settings\All Users\Application Data\InstallBrainService =>PUP.InstallBrain^
C:\Documents and Settings\All Users\Application Data\Software =>Adware.Boxore
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
C:\Windows\Installer\2da0dd.msi =>Toolbar.DeltaSearch^
C:\Windows\Installer\6b09a.msi =>Adware.IMBooster^
C:\Windows\Installer\6b0a0.msi =>Adware.IMBooster^
~ Additionnel Scan: 199461 Items scanned in 02mn 20s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com26626977-adware-boxore =>Adware.Boxore
~ MSI: 4 link(s) detected in 02mn 21s



~ 860 Legitimates filtered by white list
End of the scan (468 lines in 06mn 08s)(0)