~ Rapport de ZHPDiag v2014.4.16.27 - Nicolas Coolman  (16/04/2014)
~ Lancé par Marvin (16/04/2014 18:30:34)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17031
MFIE: Mozilla Firefox 28.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit  (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7
Vuze v5.3.0.0  =>P2P.Azureus

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 8075 MB (85% free)
System Restore: Activé (Enable)
System drive C: has 739 GB (80%) free of 915 GB

---\\ Mode de connexion au système
~ Computer Name: ASPIRE
~ User Name: Marvin
~ All Users Names: Marvin, HomeGroupUser$, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marvin\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marvin\AppData\Roaming\
~ %Desktop% : C:\Users\Marvin\Desktop\
~ %Favorites% : C:\Users\Marvin\Favorites\
~ %LocalAppData% : C:\Users\Marvin\AppData\Local\
~ %StartMenu% : C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 739 Go of 915 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.12/04/2014 - 07:41:04.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/03/2014 - 11:09:56.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.18/03/2014 - 11:09:53.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.18/03/2014 - 11:09:55.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 11:09:57.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2014 - 07:41:03.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 - 10:41:24.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.18/03/2014 - 11:09:37.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/18
~ Mes musiques (My Musics) : 2/121
~ Mes Videos (My Videos) : 2/72
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/3528
~ Mon Bureau (My Desktop) : 1/10090
~ Menu demarrer (Programs) : 1/29
~ Hidden Files:  Scanned in 00mn 11s



---\\ Processus lancés
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [275568] [PID.1988]
[MD5.405A2343A4A4337EA221603D69D8061A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8217088] [PID.756]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 19 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.)  -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe 
O4 - GS\Desktop [Public]: GeForce Experience.lnk . (.NVIDIA - NVIDIA GeForce Experience.)  -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe 
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.)  -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe   =>.VMware, Inc
O4 - GS\Desktop [Public]: Vuze.lnk . (...)  -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.)  =>P2P.Azureus
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Program [Public]: Vuze.lnk . (...)  -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.)  =>P2P.Azureus
O4 - GS\QuickLaunch [Marvin]: Google Chrome.lnk - Clé orpheline
O4 - GS\QuickLaunch [Marvin]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [Marvin]: VMware Workstation.lnk . (.VMware, Inc. - VMware Workstation.)  -- C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe   =>.VMware, Inc
O4 - GS\TaskBar [Marvin]: Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Program [Marvin]: Documents.lnk . (...)  -- C:\Users\Marvin\Documents 
O4 - GS\Program [Marvin]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [Marvin]: Amnesia.lnk . (...)  -- C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Launcher.exe
O4 - GS\Desktop [Marvin]: Google Chrome.lnk - Clé orpheline
~ Global Startup: 59 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Marvin]: Alertes de surveillance de l'encre - HP Deskjet 3050A J611 series (réseau).lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.)  -- C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll   =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) 
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\WINDOWS\system32\nvspcap64.dll 
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe   =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe   =>.Google Inc
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [vmware-tray.exe] . (.VMware, Inc. - VMware Tray Process.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe   =>.VMware, Inc
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe 
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Marvin\AppData\Local\Google\Update\GoogleUpdate.exe   =>.Google Inc
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2859820766-4216485214-4291460723-1002\..\Run: [HP Deskjet 3050A J611 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe   =>.Hewlett-Packard Co
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14568838-BBE9-4E91-982A-26F5A74431B9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D76FE5BC-42EE-4BD5-B9D2-B5D92E051F14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{14568838-BBE9-4E91-982A-26F5A74431B9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D76FE5BC-42EE-4BD5-B9D2-B5D92E051F14}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll  =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 335.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job   [264]
~ Scheduled Task: 4 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver:  (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys  =>PUP.LinkiDoo
~ Drivers: 38 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Contagion - (.Monochrome LLC.) [HKLM][64Bits] -- Steam App 238430
~ Logic: 24 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 270 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2014 - 19:53:56 - [7,182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 11/04/2014 - 18:28:56 - [0] ----D C:\ProgramData\OEM_YAHOO
O43 - CFD: 16/04/2014 - 18:22:43 - [0,646] ----D C:\Users\Marvin\AppData\Roaming\qone8  =>Hijacker.Qone8
~ Program Folder: 158 Legitimates Filtered in 00mn 46s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.7A3D4ABB2134AD2DD0B237806E2D3E99] - 11/04/2014 - 23:40:58 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
O44 - LFC:[MD5.A8195D18342858EABCC67D60C47257A6] - 12/04/2014 - 06:30:25 ---A- . (...) -- C:\Windows\WindowsUpdate (1).log   [1665824]
O44 - LFC:[MD5.E298081C108A8FB4C1C48FC105973710] - 12/04/2014 - 06:56:42 ---A- . (...) -- C:\Windows\DtcInstall.log   [4893]
O44 - LFC:[MD5.CFF445C4413902FC39FC81895998B579] - 12/04/2014 - 07:05:46 ---A- . (...) -- C:\Windows\System32\emptyregdb.dat   [23108]
O44 - LFC:[MD5.736F372780E8B1707385435C29E0C21D] - 12/04/2014 - 07:06:03 ---A- . (...) -- C:\Windows\comsetup.log   [6523]
O44 - LFC:[MD5.9B2C4A2B498F91D769AD53FAB4794D1A] - 12/04/2014 - 07:06:04 ---A- . (...) -- C:\Windows\diagerr.xml   [28578]
O44 - LFC:[MD5.9B2C4A2B498F91D769AD53FAB4794D1A] - 12/04/2014 - 07:06:04 ---A- . (...) -- C:\Windows\diagwrn.xml   [28578]
O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 12/04/2014 - 07:41:03 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml   [387210]
O44 - LFC:[MD5.528F558212E5C2358F28E1624A473392] - 12/04/2014 - 08:12:02 ---A- . (...) -- C:\Windows\System32\nvinfo.pb   [24544]
O44 - LFC:[MD5.8F18FE6AF5D85C0FBA83BE6C8489D2CC] - 12/04/2014 - 08:18:54 ---A- . (...) -- C:\Windows\System32\nvcoproc.bin   [3649185]
O44 - LFC:[MD5.F7424D6CF244922D045D00F3EF111535] - 12/04/2014 - 08:43:12 ---A- . (...) -- C:\Windows\System32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat   [244]
O44 - LFC:[MD5.3BC10FA856911EAE5FE7CD700FE137B5] - 12/04/2014 - 08:43:12 ---A- . (...) -- C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat   [451]
O44 - LFC:[MD5.DA678C670EA5BC7529636A44F1A87230] - 12/04/2014 - 08:43:42 ---A- . (...) -- C:\Windows\System32\results.xml   [16264]
O44 - LFC:[MD5.E47A844AC4B2A85B1E4EAE78C6E40FD9] - 12/04/2014 - 08:56:54 ---A- . (...) -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat   [180]
O44 - LFC:[MD5.EF16C439EF0FEF1580C12A3C105C8E54] - 12/04/2014 - 09:16:27 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [445929]
O44 - LFC:[MD5.2B2034A707113A8E0D30F521B2264339] - 12/04/2014 - 12:34:06 ---A- . (...) -- C:\Windows\DirectX.log   [27598]
O44 - LFC:[MD5.DEAF0FD88FB596B8CEEF9C5F65359AD0] - 12/04/2014 - 23:37:57 ---A- . (...) -- C:\Windows\DPINST.LOG   [10498]
O44 - LFC:[MD5.38839344F7A7B77FF533DD52B4450244] - 12/04/2014 - 23:37:57 ---A- . (...) -- C:\Windows\Synaptics.log   [1480]
O44 - LFC:[MD5.33D56B8E59662B70CAA0AFDD4018D524] - 16/04/2014 - 17:30:33 ---A- . (...) -- C:\Windows\ntbtlog.txt   [552828]
~ Files: 371 Legitimates Filtered in 00mn 12s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:[MD5.A5B22EACF1DA28E19CC9F80D37978657] - 20/10/2009 - 09:34:26 ---A- . (.QUANTA - Quanta Generic IO Access.) -- C:\Windows\System32\Drivers\QRDCIO.sys   [9728]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
O58 - SDL:[MD5.7A3D4ABB2134AD2DD0B237806E2D3E99] - 11/04/2014 - 23:40:58 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys   [61120]  =>PUP.LinkiDoo
~ Drivers: 20 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{27717A5A-9B0F-48AB-A2C6-B8913C0CB588}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe (.not file.)
O87 - FAEL: "{7E69EC38-9618-4B63-83DB-8913B6F59B0B}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe (.not file.)
O87 - FAEL: "{045A45E0-4AA5-4078-B3DD-F5458130F668}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe (.not file.)
O87 - FAEL: "{07725F26-47F5-4CBA-8962-E0C6BA0D29B0}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe (.not file.)
O87 - FAEL: "{D19303F5-CB7C-46E8-A5FE-D6F2A1BDE94F}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
O87 - FAEL: "{720B7DAB-9695-480E-BE19-B27B86609161}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe (.not file.)
~ Firewall: 297 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
~ Update Products: 57 Legitimates Filtered in 00mn 00s



---\\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseMark_RASMANCS  =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASAPI32  =>PUP.BrowseMark
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseMark_RASMANCS  =>PUP.BrowseMark
~ BTK: 19 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 12/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/02/2013 227968 |  (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
SS - | Demand 17/03/2014 279024 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 18/01/2013 660040 |  (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
SS - | Demand 24/04/2012 169752 |  (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Auto 17/03/2014 282096 |  (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\Windows\System32\igfxCUIService.exe
SS - | Auto 27/08/2013 747520 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SS - | Demand 27/08/2013 828376 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 10/12/2013 169432 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SS - | Auto 10/12/2013 390616 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Auto 26/04/2013 431656 |  (LMSvc) . (.Acer Incorporate.) - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
SS - | Auto 01/04/2014 2818888 |  (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 15/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 14/07/2012 769432 |  (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Auto 05/02/2014 1593632 |  (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SS - | Auto 05/02/2014 16941856 |  (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SS - | Auto 04/03/2014 922968 |  (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Auto 27/03/2014 581568 |  (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files (x86)\Online Games Manager\ogmservice.exe
SS - | Demand 25/02/2014 568512 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 18/10/2013 86096 |  (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe  =>.VMware, Inc
SS - | Auto 10/07/1658 0 |  (VMnetDHCP) . (.VMware, Inc..) - C:\WINDOWS\system32\vmnetdhcp.exe
SS - | Auto 09/10/2013 905272 |  (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SS - | Auto 10/07/1658 0 |  (VMware NAT Service) . (.VMware, Inc..) - C:\WINDOWS\system32\vmnat.exe
SS - | Auto 18/10/2013 14405200 |  (VMwareHostd) . (...) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe  =>.VMware, Inc
SS - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe

~ Services:  Scanned in 00mn 10s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (16/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 0

C:\Users\Marvin\AppData\Roaming\qone8   =>Hijacker.Qone8^
~ Additionnel Scan: 252523 Items scanned in 00mn 21s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8   =>Hijacker.Qone8
http://nicolascoolman.webs.com/apps/blog/show/42099886-pup-browsemark  =>PUP.BrowseMark
~ MSI: 2 link(s) detected in 00mn 00s



~ 1332 Legitimates filtered by white list
End of the scan (430 lines in 02mn 17s)(0)