~ Rapport de ZHPDiag v2014.4.17.28 - Nicolas Coolman (17/04/2014) ~ Lancé par Thib (17/04/2014 19:16:11) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17031 GCIE: Google Chrome v32.0.1700.107 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : 92C43 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2016 Malwarebytes Anti-Malware version 2.0.1.1004 Windows Defender W8 ---\\ Logiciels d'optimisation du système CCleaner v4.12 =>.Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels ---\\ Informations sur le système ~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 1475 MB (12% free) System Restore: Activé (Enable) System drive C: has 17 GB (27%) free of 60 GB ---\\ Mode de connexion au système ~ Computer Name: THIBAULT ~ User Name: Thib ~ All Users Names: Thib, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Thib\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Thib\AppData\Roaming\ ~ %Desktop% : C:\Users\Thib\Desktop\ ~ %Favorites% : C:\Users\Thib\Favorites\ ~ %LocalAppData% : C:\Users\Thib\AppData\Local\ ~ %StartMenu% : C:\Users\Thib\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 60 Go) D: Hard drive, Flash drive, Thumb drive (Free 394 Go of 395 Go) E: CD-ROM drive (Not Inserted) F: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Explorateur Windows.) (.04/03/2014 - 13:25:49.) -- C:\Windows\Explorer.exe [2373784] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2014 - 10:11:56.) -- C:\Windows\System32\wininet.dll [2262016] [MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/02/2014 - 10:45:48.) -- C:\Windows\System32\Winlogon.exe [562176] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 10:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06/03/2014 - 10:20:23.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.20/03/2014 - 04:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:11:06.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.22/02/2014 - 16:44:13.) -- C:\Windows\system32\Drivers\volsnap.sys [311640] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes Favoris (My Favorites) : 1/9 ~ Mon Bureau (My Desktop) : 1/38 ~ Menu demarrer (Programs) : 1/20 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.9C1BDB837A2DA4FFC60CB61CEEA3E334] - (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800] [PID.4024] [MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.1312] [MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.4348] [MD5.738CB65FF16ED1F23C585EFFDE41AE5C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8215040] [PID.4384] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://www.bing.com G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 12 Legitimates Filtered in 00mn 04s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Additional Information.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Addendum\TREXLauncher.exe O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop [Public]: Manual.lnk . (.TOSHIBA - Toshiba Regensburg EXternal file Launcher.) -- C:\Program Files (x86)\TOSHIBA\Manuals\TREXLauncher.exe O4 - GS\Desktop [Public]: MiniTool Partition Wizard Home Edition.lnk . (...) -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 8.1.1\loader.exe O4 - GS\Desktop [Public]: True Image 2013.lnk . (.Acronis - Acronis True Image.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe O4 - GS\Desktop [Public]: WD Security.lnk . (.Western Digital - WD Security.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveSecurity.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\QuickLaunch [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Thib]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Thib]: Desktop Assist.lnk . (...) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Desktop Assist\TosDesktopAssist.exe (.not file.) O4 - GS\TaskBar [Thib]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Thib]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Thib]: Auslogics Disk Defrag Professional.lnk . (.Auslogics - Disk Defrag Professional.) -- C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe ~ Global Startup: 54 Legitimates Filtered in 00mn 07s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Function Key Main Module.) -- C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe O4 - HKLM\..\Run: [TecoResident] . (.TOSHIBA Corporation - Resident module of eco Utility.) -- C:\Program Files\TOSHIBA\Teco\TecoResident.exe O4 - HKLM\..\Run: [TSSSrv] . (.TOSHIBA Corporation - TOSHIBA System Settings Service.) -- C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe O4 - HKLM\..\Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe (.not file.) O4 - HKLM\..\Run: [Acronis Scheduler2 Service] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Wow6432Node\Run: [1.TPUReg] . (.TOSHIBA - readLM.) -- C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe O4 - HKLM\..\Wow6432Node\Run: [TSVU] . (.TOSHIBA - TOSHIBA Display Setup Launcher.) -- c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe O4 - HKLM\..\Wow6432Node\Run: [TrueImageMonitor.exe] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [AcronisTibMounterMonitor] . (.Acronis - Acronis TIB Monitor.) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe O4 - HKLM\..\Wow6432Node\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe =>.Western Digital Technologies O4 - HKLM\..\Wow6432Node\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe =>.Western Digital Technologies O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-392877870-2953951230-1412515938-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. ~ Application: Scanned in 00mn 01s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{11AF8087-AC9C-4350-8400-5B473A87B85C}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{CB2F77D3-A0EA-47BA-AB11-DCECAA9D86A8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AdaptiveSleepService (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: DTS APO Service (dts_apo_service) . (.Pas de propriétaire - dts_apo_service.) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe ~ Services: 12 Legitimates Filtered in 00mn 25s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (aswBoot.exe /M:101e756c /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/03/2014 - 14:58:39 - [0,001] ----D C:\ProgramData\9ec9c0493be11564 O43 - CFD: 11/01/2014 - 19:52:48 - [0] ----D C:\ProgramData\APN O43 - CFD: 26/03/2014 - 15:07:10 - [0,007] ----D C:\ProgramData\topDeal O43 - CFD: 11/02/2014 - 18:06:14 - [1,689] ----D C:\ProgramData\Updater =>PUP.CrossRider O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieSiteList O43 - CFD: 16/04/2014 - 00:20:55 - [0] -SH-D C:\Users\Thib\AppData\Local\EmieUserList ~ Program Folder: 124 Legitimates Filtered in 00mn 27s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.12B0701B1CEC1A7BB0E4C71D97661E23] - 15/04/2014 - 13:14:55 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [387210] O44 - LFC:[MD5.385AF1C48CE3E86B37B9E66749FFEC1B] - 15/04/2014 - 13:33:59 ---A- . (...) -- C:\Windows\System32\srms.dat [50053] O44 - LFC:[MD5.E7B53AF004BEE5112F787A6E5B04D737] - 15/04/2014 - 13:34:09 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [11109] O44 - LFC:[MD5.F1DB86EA935C13CDFF27AB957297136A] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-suggestions.searchconnector-ms [7762] O44 - LFC:[MD5.1FDF29F970E2E843B4DC5D0626D0EDD5] - 15/04/2014 - 13:34:49 ---A- . (...) -- C:\Windows\System32\connectedsearch-zeroinput.searchconnector-ms [7130] O44 - LFC:[MD5.DE461B86C05946D10E519F512D09E389] - 15/04/2014 - 13:34:51 ---A- . (...) -- C:\Windows\System32\RacRules.xml [100197] O44 - LFC:[MD5.119E0F7A71775A5CFB208B036ECE35E1] - 15/04/2014 - 13:36:12 ---A- . (...) -- C:\Windows\System32\WimBootCompress.ini [2255] O44 - LFC:[MD5.DCF2510E0745720E543E84F5E921FCC0] - 15/04/2014 - 13:39:32 ---A- . (...) -- C:\Windows\System32\dfpinc.dat [262335] O44 - LFC:[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - 15/04/2014 - 13:44:14 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [139600] O44 - LFC:[MD5.08750A50CF027F93070C8BB78E27C3B7] - 15/04/2014 - 15:26:40 -SH-- . (...) -- C:\Windows\System32\desktop.ini [75] O44 - LFC:[MD5.4AA7852BD80E94539012D434C9D7E062] - 17/04/2014 - 12:00:17 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536] ~ Files: 567 Legitimates Filtered in 02mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.87230FC16DC1DA25B00A203C53571E27] - 12/04/2014 - 18:32:22 ---A- - C:\Windows\Prefetch\CHROMERECOVERY.EXE-0A140A5C.pf O45 - LFCP:[MD5.CBDFB2D3F9CC681EBFB5CDF87C7AB489] - 15/04/2014 - 11:52:15 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf O45 - LFCP:[MD5.FD2411ABD27754F383AA7A2EBFCB2CAD] - 15/04/2014 - 14:01:24 ---A- - C:\Windows\Prefetch\INSTUP.EXE-25E24300.pf O45 - LFCP:[MD5.E605E40110929D704ECAD482F7E338DB] - 15/04/2014 - 16:04:19 ---A- - C:\Windows\Prefetch\ONEDRIVEREBRAND.EXE-B469944A.pf O45 - LFCP:[MD5.8B67FD841CDA0238A4D3C5B61C822C31] - 15/04/2014 - 16:07:06 ---A- - C:\Windows\Prefetch\TSSSRV.EXE-E86A7BE1.pf O45 - LFCP:[MD5.D020F1BE5280B84F2E9CA15D0803BDDC] - 15/04/2014 - 16:07:27 ---A- - C:\Windows\Prefetch\READLM.EXE-DD0A7195.pf O45 - LFCP:[MD5.0A7016288C5A1655BED65FAC8667381C] - 15/04/2014 - 16:20:52 ---A- - C:\Windows\Prefetch\PRESENTATION.EXE-4649D937.pf O45 - LFCP:[MD5.14E298740C602BB53A3795581D770482] - 15/04/2014 - 16:29:12 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.203DC172CDCD0BCCBCD9AA091FD5D22B] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER32.EXE-4D6768AE.pf O45 - LFCP:[MD5.1226FA4C62359B722B8860D2547F662E] - 16/04/2014 - 19:13:48 ---A- - C:\Windows\Prefetch\ASWWRCIELOADER64.EXE-A46A316F.pf O45 - LFCP:[MD5.28BFF3AD1C125022406181EC20120099] - 17/04/2014 - 05:10:51 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf O45 - LFCP:[MD5.2DA989EC40BFBC156D8F4A0C5EC79DA8] - 17/04/2014 - 08:29:25 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf O45 - LFCP:[MD5.B31E5C7FDDEB9FDA023E43B373FE732A] - 17/04/2014 - 17:35:22 ---A- - C:\Windows\Prefetch\PfPre_967ce262.db ~ Prefetcher: 13 Legitimates Filtered in 00mn 03s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 3 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 15/04/2014 - 14:04:38 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 15/04/2014 - 14:04:39 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928] O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800] O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 08:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:[MD5.71CB3BB20F08BB724769DAAAFD5AB26E] - 16/08/2013 - 14:21:10 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [551936] O58 - SDL:[MD5.77CF0ECC1C2B5E616B650AB5D4931114] - 19/08/2013 - 21:32:10 ---A- . (.Windows (R) Win 7 DDK provider - Toshiba Hotkey Driver.) -- C:\Windows\System32\Drivers\Thotkey.sys [32624] O58 - SDL:[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - 01/10/2013 - 01:26:50 ----- . (...) -- C:\Windows\System32\pwdrvio.sys [19152] O58 - SDL:[MD5.D619356B955EEFA642F5FF72755E8B3C] - 01/10/2013 - 01:26:48 ----- . (...) -- C:\Windows\System32\pwdspio.sys [12504] ~ Drivers: 18 Legitimates Filtered in 00mn 10s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 14/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\adwcleaner.exe [1426178] O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieSiteList\container.dat [0] O61 - LFC: 15/04/2014 - 19:20:47 -SHA- . (...) -- C:\Users\Thib\AppData\Local\EmieUserList\container.dat [0] O61 - LFC: 15/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\eventvwr [139640] O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Desktop.lnk [443] O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\Downloads.lnk [888] O61 - LFC: 15/04/2014 - 19:21:24 ---A- . (...) -- C:\Users\Thib\Links\RecentPlaces.lnk [383] O61 - LFC: 16/04/2014 - 19:21:21 ---A- . (...) -- C:\Users\Thib\AppData\Roaming\Microsoft\MMC\services [93558] O61 - LFC: 17/04/2014 - 19:20:47 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [299896] O61 - LFC: 17/04/2014 - 19:20:50 ---A- . (...) -- C:\Users\Thib\AppData\Local\Google\Chrome\User Data\Local State [65540] O61 - LFC: 17/04/2014 - 19:21:23 ---A- . (...) -- C:\Users\Thib\Downloads\extension_1_7_4.crx [488141] ~ Files: 52 Legitimates Filtered in 00mn 38s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] 558112A1AE484F9185709D1B08D07D4D - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] C823A48BE0FA44D0A8C06E795A6B6E06 [DefaultScope] - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "E747A8856FFC3B642970DC57F44937FA" . (.IDT Audio Driver.) -- C:\Windows\Installer\{588A747E-CFF6-46B3-9207-CD754F9473AF}\IDTIcon.exe ~ Update Products: 84 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.0B92A91C44CB8CF7FD956D8179AFA299] [WIS][26/08/2013] (.IDT - IDT High Definition Audio Installer.) -- C:\Windows\Installer\2f3df.msi [16072704] ~ WIS: 84 Legitimates Filtered in 01mn 21s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 15/02/2013 1143720 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe SS - | Demand 11/01/2014 3808248 | (afcdpsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 13/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 20/01/2014 2818896 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Demand 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 27/03/2013 7093272 | (syncagentsrv) . (.Acronis.) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe SS - | Demand 19/07/2013 116088 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe =>.Toshiba Corporation SS - | Demand 20/09/2012 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe SS - | Demand 06/09/2012 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe SS - | Demand 20/09/2012 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 31/08/2013 99328 | (AdaptiveSleepService) . (...) - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe SR - | Auto 30/08/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 22/08/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe SR - | Auto 15/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 10/09/2013 19792 | (dts_apo_service) . (...) - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe SR - | Auto 27/03/2013 163168 | (GFNEXSrv) . (...) - C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe SR - | Auto 07/08/2013 219272 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 07/08/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe SR - | Auto 16/08/2013 339456 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Demand 31/07/2013 53864 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation SR - | Auto 28/07/2009 140632 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe SR - | Auto 10/08/2013 328544 | (TOSHIBA eco Utility Service) . (.Toshiba Corporation.) - C:\Program Files\TOSHIBA\Teco\TecoService.exe =>.Toshiba Corporation SR - | Demand 04/09/2013 466504 | (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 43s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Thib at 17/04/2014 19:25:14 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : 13044 - (17/04/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 C:\ProgramData\Updater =>PUP.CrossRider^ ~ Additionnel Scan: 212512 Items scanned in 02mn 14s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ MSI: 1 link(s) detected in 00mn 00s ~ 1439 Legitimates filtered by white list End of the scan (437 lines in 11mn 22s)(0)