Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Lancé par Morue (12/03/2014 23:28:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : C34D6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3973 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 286 GB (65%) free of 435 GB
---\\ Mode de connexion au système
~ Computer Name: MORUE
~ User Name: Morue
~ All Users Names: Morue, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\J\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\J\AppData\Roaming\
~ %Desktop% : C:\Users\J\Desktop\
~ %Favorites% : C:\Users\J\Favorites\
~ %LocalAppData% : C:\Users\J\AppData\Local\
~ %StartMenu% : C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 286 Go of 435 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/12546
~ Mes musiques (My Musics) : 1/10262
~ Mes Videos (My Videos) : 2/103
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/600
~ Mon Bureau (My Desktop) : 2/5
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3780]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3800]
[MD5.2E2F360FF158A67F8128EFAAF974189C] - (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776] [PID.3876]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.3960]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4036]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2572]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4464]
[MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.Pas de propriétaire - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.5048]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2624]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1488]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.2848]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.5904]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ Global Startup: 37 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 17 Legitimates Filtered in 00mn 02s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKLM\Software\Internet Content Filter]
[HKLM\Software\Wow6432Node\Internet Content Filter]
~ Key Software: 232 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2012 - 17:36:22 - [0] ----D C:\ProgramData\Internet Content Filter
~ Program Folder: 138 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.967C7DAFF9D85100E396772D3E957DA9] - 01/03/2014 - 15:22:33 ---A- . (...) -- C:\Windows\DirectX.log [946]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 12/03/2014 - 04:48:18 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
~ Files: 47 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8C1E7A63911147AE487627EE0811B392] - 04/03/2014 - 10:01:57 ---A- - C:\Windows\Prefetch\CDEX.EXE-8F648B50.pf
O45 - LFCP:[MD5.5323F36B172895628837716CC8B570D4] - 04/03/2014 - 19:02:08 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-4F12BBBD.pf
O45 - LFCP:[MD5.20EA56EE55E3C03AA6C54C799B4DD6B9] - 04/03/2014 - 19:31:10 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-31CF4C5E.pf
O45 - LFCP:[MD5.F4649BE145E37D3B955DAB5A8661792C] - 07/03/2014 - 18:44:27 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.E16CC231007B8F9BE7CC19D8B19BEF6A] - 08/03/2014 - 12:14:00 ---A- - C:\Windows\Prefetch\WLXTRANSCODE.EXE-EBF285AB.pf
O45 - LFCP:[MD5.B00689E141E947DF02004725EBB7C931] - 08/03/2014 - 12:47:59 ---A- - C:\Windows\Prefetch\FONTVIEW.EXE-29AA2259.pf
O45 - LFCP:[MD5.898CD436230DA9CA4F10A92440B62087] - 12/03/2014 - 05:03:17 ---A- - C:\Windows\Prefetch\VESMGRSUB.EXE-5F3BF9F4.pf
O45 - LFCP:[MD5.44588D64C8FB319C576DC1D2412B9CA1] - 12/03/2014 - 05:11:57 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-E57CFFD5.pf
O45 - LFCP:[MD5.A708159B4E4EC95B1B950D4CDFD085E8] - 12/03/2014 - 05:31:56 ---A- - C:\Windows\Prefetch\RELPOST.EXE-9967872C.pf
O45 - LFCP:[MD5.A9419F30B6FADF620B903D4EDC17EE17] - 12/03/2014 - 05:34:24 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-946B024A.pf
O45 - LFCP:[MD5.8FB9A212129C92878DA9D83B71CC0285] - 12/03/2014 - 05:36:01 ---A- - C:\Windows\Prefetch\DIFXINST64.EXE-7208E477.pf
O45 - LFCP:[MD5.43B498F4F593FD59693A38C3C38BD21F] - 12/03/2014 - 06:27:46 ---A- - C:\Windows\Prefetch\MSERT.EXE-AA79E7B7.pf
O45 - LFCP:[MD5.4149B27B70E9FC02A6A134CA82114297] - 12/03/2014 - 06:43:44 ---A- - C:\Windows\Prefetch\VCADMIN.EXE-D3DFB322.pf
O45 - LFCP:[MD5.37693D2B456E1BD4B2CDE30B22492021] - 12/03/2014 - 08:00:26 ---A- - C:\Windows\Prefetch\WSHOST.EXE-EAFFA074.pf
O45 - LFCP:[MD5.65BB143F025400E2A88E7A554E3447B8] - 12/03/2014 - 19:56:27 ---A- - C:\Windows\Prefetch\ESRV_SVC.EXE-4D949A93.pf
O45 - LFCP:[MD5.03CDFE96B5F3755255FD8304BA06B676] - 12/03/2014 - 19:56:34 ---A- - C:\Windows\Prefetch\ESRV.EXE-20910D24.pf
O45 - LFCP:[MD5.ED02708E255CA76708BF7391249C5764] - 12/03/2014 - 22:55:34 ---A- - C:\Windows\Prefetch\PfPre_673969fd.db
O45 - LFCP:[MD5.B2316B5E7DBF3EE20FA94F902F5D3022] - 15/02/2014 - 22:13:51 ---A- - C:\Windows\Prefetch\VAIO GATE.EXE-DA064CAE.pf
O45 - LFCP:[MD5.6156692A8C2BDE853B83608D11A52919] - 15/02/2014 - 22:29:10 ---A- - C:\Windows\Prefetch\EP0000310545.EXE-B3837583.pf
O45 - LFCP:[MD5.00CE82F7A30F862E608F2359B3AE2A1A] - 15/02/2014 - 22:38:54 ---A- - C:\Windows\Prefetch\EP0000310293.EXE-CD9C8853.pf
O45 - LFCP:[MD5.73749E69DB6EECB0B217BF2BDD23097D] - 15/02/2014 - 22:45:25 ---A- - C:\Windows\Prefetch\EP0000313051.EXE-AAA46E19.pf
O45 - LFCP:[MD5.4128718A20BA1ECBD7833A5994F15119] - 15/02/2014 - 22:45:26 ---A- - C:\Windows\Prefetch\EP0000310299.EXE-FC90EB9F.pf
O45 - LFCP:[MD5.0CDB82F9DEB8737C058B38526CE43455] - 15/02/2014 - 22:45:35 ---A- - C:\Windows\Prefetch\SHELLEXEPROXY.EXE-41782C6C.pf
O45 - LFCP:[MD5.106AD266AED74CA8AA28944B82DD88EE] - 15/02/2014 - 22:45:40 ---A- - C:\Windows\Prefetch\VAIO CONTROL CENTER.EXE-C2E391F3.pf
O45 - LFCP:[MD5.C04C5CBF2A33C7C1AC3FA39C003C9251] - 15/02/2014 - 23:08:52 ---A- - C:\Windows\Prefetch\SWBUNDLE.EXE-3B90F436.pf
O45 - LFCP:[MD5.F2A8A8CF3ABF67E46C2AF486737093C0] - 16/02/2014 - 02:31:53 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-94FD71BB.pf
O45 - LFCP:[MD5.686E21074FA0E78E57687799B913833E] - 16/02/2014 - 12:59:07 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-914F4DAB.pf
O45 - LFCP:[MD5.5F14CA9FCEEBA9BF8A6C6190EFD249DF] - 16/02/2014 - 13:09:01 ---A- - C:\Windows\Prefetch\CDEX_1.7_BETA_4_196.EXE-B03AC06E.pf
O45 - LFCP:[MD5.5945827ED66EB0F3D73A70983F56C3D9] - 16/02/2014 - 13:32:57 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-522B4C9D.pf
O45 - LFCP:[MD5.66BA27B3B6EA8C68B58B683FECF646D9] - 18/02/2014 - 21:01:01 ---A- - C:\Windows\Prefetch\LAME_V3.99.3_FOR_WINDOWS.TMP-D99A503A.pf
O45 - LFCP:[MD5.6D03C16AEC1D47305A92AD9B0729E6E6] - 22/02/2014 - 20:35:13 ---A- - C:\Windows\Prefetch\WLSETTINGS.EXE-8FF545BD.pf
O45 - LFCP:[MD5.10B254804E8DAC97D9858A5FBE081FB1] - 24/02/2014 - 02:11:34 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-09EB30B1.pf
O45 - LFCP:[MD5.51F76BED87BE11D107F81EC75C3C676F] - 28/02/2014 - 05:52:27 ---A- - C:\Windows\Prefetch\FSAVAILUX.EXE-84333236.pf
~ Prefetcher: 299 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.F1CE49C11A9833A5D2EC32443A142064] - 06/12/2013 - 14:37:50 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35232]
O58 - SDL:[MD5.D8AD76AB13299C52D1D3C58FD3ADAF59] - 27/11/2013 - 02:53:58 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [52128]
O58 - SDL:[MD5.1ED7A8574A28357097A5CB4063C96B00] - 15/02/2014 - 22:20:24 ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Sin City 2, a dame to kill for.mp4 [24617906]
O61 - LFC: 11/03/2014 - 23:28:54 -SHA- . (...) -- C:\Users\J\Downloads\Thumbs.db [234496]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 1\Thumbs.db [134656]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 2\Thumbs.db [67072]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 3\Thumbs.db [76800]
O61 - LFC: 11/03/2014 - 23:34:12 -SHA- . (...) -- C:\Users\J\Videos\Thumbs.db [103424]
O61 - LFC: 11/03/2014 - 23:34:13 -SHA- . (...) -- C:\Users\J\Videos\Videos\Thumbs.db [364544]
O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\Log.txt [31835] =>.Nicolas Coolman
O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\TestsZHPDiag.txt [2731] =>.Nicolas Coolman
O61 - LFC: 12/03/2014 - 23:28:54 ---A- . (...) -- C:\Users\J\Links\Photos iCloud.lnk [160]
O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Electra heart (clip).mp4 [73770912]
O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Lies (clip).mp4 [67624996]
~ 15 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 379 Legitimates Filtered in 05mn 54s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {116591E8-7A94-4226-9CD6-79D0D0DD1C25} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 76 Legitimates Filtered in 00mn 12s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/02/2013 235216 | (McComponentHostServiceSony) . (.McAfee, Inc..) - C:\Program Files (x86)\Sony\MSS\3.0.318\McCHSvc.exe
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 28/09/2013 625240 | (NetworkSupport) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 08/08/2012 123616 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
SS - | Demand 08/08/2012 460512 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
SS - | Demand 08/08/2012 78048 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SS - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SS - | Demand 29/05/2013 377768 | (USER_ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SS - | Demand 19/07/2012 476328 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SS - | Demand 08/08/2012 972000 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/09/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 29/05/2013 377768 | (ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/08/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 29/05/2013 266168 | (SampleCollector) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
SR - | Auto 27/08/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 18/08/2012 68776 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Demand 09/08/2013 57944 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe
SR - | Demand 01/08/2013 1368624 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\VUAgent.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Morue at 12/03/2014 23:35:12
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Morue at 12/03/2014 23:35:15
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\APN PIP] =>Toolbar.Ask
~ Additionnel Scan: 282874 Items scanned in 00mn 17s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 17s
~ 1596 Legitimates filtered by white list
End of the scan (433 lines in 07mn 28s)(0)
~ Lancé par Morue (12/03/2014 23:28:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : C34D6
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
Java 7 Update 51
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3973 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 286 GB (65%) free of 435 GB
---\\ Mode de connexion au système
~ Computer Name: MORUE
~ User Name: Morue
~ All Users Names: Morue, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\J\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\J\AppData\Roaming\
~ %Desktop% : C:\Users\J\Desktop\
~ %Favorites% : C:\Users\J\Favorites\
~ %LocalAppData% : C:\Users\J\AppData\Local\
~ %StartMenu% : C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 286 Go of 435 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/12546
~ Mes musiques (My Musics) : 1/10262
~ Mes Videos (My Videos) : 2/103
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/600
~ Mon Bureau (My Desktop) : 2/5
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3780]
[MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3800]
[MD5.2E2F360FF158A67F8128EFAAF974189C] - (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776] [PID.3876]
[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.3960]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4036]
[MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2572]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4464]
[MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.Pas de propriétaire - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.5048]
[MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2624]
[MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1488]
[MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.2848]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.5904]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
~ Global Startup: 37 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: 17 Legitimates Filtered in 00mn 02s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKLM\Software\Internet Content Filter]
[HKLM\Software\Wow6432Node\Internet Content Filter]
~ Key Software: 232 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2012 - 17:36:22 - [0] ----D C:\ProgramData\Internet Content Filter
~ Program Folder: 138 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.967C7DAFF9D85100E396772D3E957DA9] - 01/03/2014 - 15:22:33 ---A- . (...) -- C:\Windows\DirectX.log [946]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 12/03/2014 - 04:48:18 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
~ Files: 47 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.8C1E7A63911147AE487627EE0811B392] - 04/03/2014 - 10:01:57 ---A- - C:\Windows\Prefetch\CDEX.EXE-8F648B50.pf
O45 - LFCP:[MD5.5323F36B172895628837716CC8B570D4] - 04/03/2014 - 19:02:08 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-4F12BBBD.pf
O45 - LFCP:[MD5.20EA56EE55E3C03AA6C54C799B4DD6B9] - 04/03/2014 - 19:31:10 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-31CF4C5E.pf
O45 - LFCP:[MD5.F4649BE145E37D3B955DAB5A8661792C] - 07/03/2014 - 18:44:27 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.E16CC231007B8F9BE7CC19D8B19BEF6A] - 08/03/2014 - 12:14:00 ---A- - C:\Windows\Prefetch\WLXTRANSCODE.EXE-EBF285AB.pf
O45 - LFCP:[MD5.B00689E141E947DF02004725EBB7C931] - 08/03/2014 - 12:47:59 ---A- - C:\Windows\Prefetch\FONTVIEW.EXE-29AA2259.pf
O45 - LFCP:[MD5.898CD436230DA9CA4F10A92440B62087] - 12/03/2014 - 05:03:17 ---A- - C:\Windows\Prefetch\VESMGRSUB.EXE-5F3BF9F4.pf
O45 - LFCP:[MD5.44588D64C8FB319C576DC1D2412B9CA1] - 12/03/2014 - 05:11:57 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-E57CFFD5.pf
O45 - LFCP:[MD5.A708159B4E4EC95B1B950D4CDFD085E8] - 12/03/2014 - 05:31:56 ---A- - C:\Windows\Prefetch\RELPOST.EXE-9967872C.pf
O45 - LFCP:[MD5.A9419F30B6FADF620B903D4EDC17EE17] - 12/03/2014 - 05:34:24 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-946B024A.pf
O45 - LFCP:[MD5.8FB9A212129C92878DA9D83B71CC0285] - 12/03/2014 - 05:36:01 ---A- - C:\Windows\Prefetch\DIFXINST64.EXE-7208E477.pf
O45 - LFCP:[MD5.43B498F4F593FD59693A38C3C38BD21F] - 12/03/2014 - 06:27:46 ---A- - C:\Windows\Prefetch\MSERT.EXE-AA79E7B7.pf
O45 - LFCP:[MD5.4149B27B70E9FC02A6A134CA82114297] - 12/03/2014 - 06:43:44 ---A- - C:\Windows\Prefetch\VCADMIN.EXE-D3DFB322.pf
O45 - LFCP:[MD5.37693D2B456E1BD4B2CDE30B22492021] - 12/03/2014 - 08:00:26 ---A- - C:\Windows\Prefetch\WSHOST.EXE-EAFFA074.pf
O45 - LFCP:[MD5.65BB143F025400E2A88E7A554E3447B8] - 12/03/2014 - 19:56:27 ---A- - C:\Windows\Prefetch\ESRV_SVC.EXE-4D949A93.pf
O45 - LFCP:[MD5.03CDFE96B5F3755255FD8304BA06B676] - 12/03/2014 - 19:56:34 ---A- - C:\Windows\Prefetch\ESRV.EXE-20910D24.pf
O45 - LFCP:[MD5.ED02708E255CA76708BF7391249C5764] - 12/03/2014 - 22:55:34 ---A- - C:\Windows\Prefetch\PfPre_673969fd.db
O45 - LFCP:[MD5.B2316B5E7DBF3EE20FA94F902F5D3022] - 15/02/2014 - 22:13:51 ---A- - C:\Windows\Prefetch\VAIO GATE.EXE-DA064CAE.pf
O45 - LFCP:[MD5.6156692A8C2BDE853B83608D11A52919] - 15/02/2014 - 22:29:10 ---A- - C:\Windows\Prefetch\EP0000310545.EXE-B3837583.pf
O45 - LFCP:[MD5.00CE82F7A30F862E608F2359B3AE2A1A] - 15/02/2014 - 22:38:54 ---A- - C:\Windows\Prefetch\EP0000310293.EXE-CD9C8853.pf
O45 - LFCP:[MD5.73749E69DB6EECB0B217BF2BDD23097D] - 15/02/2014 - 22:45:25 ---A- - C:\Windows\Prefetch\EP0000313051.EXE-AAA46E19.pf
O45 - LFCP:[MD5.4128718A20BA1ECBD7833A5994F15119] - 15/02/2014 - 22:45:26 ---A- - C:\Windows\Prefetch\EP0000310299.EXE-FC90EB9F.pf
O45 - LFCP:[MD5.0CDB82F9DEB8737C058B38526CE43455] - 15/02/2014 - 22:45:35 ---A- - C:\Windows\Prefetch\SHELLEXEPROXY.EXE-41782C6C.pf
O45 - LFCP:[MD5.106AD266AED74CA8AA28944B82DD88EE] - 15/02/2014 - 22:45:40 ---A- - C:\Windows\Prefetch\VAIO CONTROL CENTER.EXE-C2E391F3.pf
O45 - LFCP:[MD5.C04C5CBF2A33C7C1AC3FA39C003C9251] - 15/02/2014 - 23:08:52 ---A- - C:\Windows\Prefetch\SWBUNDLE.EXE-3B90F436.pf
O45 - LFCP:[MD5.F2A8A8CF3ABF67E46C2AF486737093C0] - 16/02/2014 - 02:31:53 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-94FD71BB.pf
O45 - LFCP:[MD5.686E21074FA0E78E57687799B913833E] - 16/02/2014 - 12:59:07 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-914F4DAB.pf
O45 - LFCP:[MD5.5F14CA9FCEEBA9BF8A6C6190EFD249DF] - 16/02/2014 - 13:09:01 ---A- - C:\Windows\Prefetch\CDEX_1.7_BETA_4_196.EXE-B03AC06E.pf
O45 - LFCP:[MD5.5945827ED66EB0F3D73A70983F56C3D9] - 16/02/2014 - 13:32:57 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-522B4C9D.pf
O45 - LFCP:[MD5.66BA27B3B6EA8C68B58B683FECF646D9] - 18/02/2014 - 21:01:01 ---A- - C:\Windows\Prefetch\LAME_V3.99.3_FOR_WINDOWS.TMP-D99A503A.pf
O45 - LFCP:[MD5.6D03C16AEC1D47305A92AD9B0729E6E6] - 22/02/2014 - 20:35:13 ---A- - C:\Windows\Prefetch\WLSETTINGS.EXE-8FF545BD.pf
O45 - LFCP:[MD5.10B254804E8DAC97D9858A5FBE081FB1] - 24/02/2014 - 02:11:34 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-09EB30B1.pf
O45 - LFCP:[MD5.51F76BED87BE11D107F81EC75C3C676F] - 28/02/2014 - 05:52:27 ---A- - C:\Windows\Prefetch\FSAVAILUX.EXE-84333236.pf
~ Prefetcher: 299 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.F1CE49C11A9833A5D2EC32443A142064] - 06/12/2013 - 14:37:50 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35232]
O58 - SDL:[MD5.D8AD76AB13299C52D1D3C58FD3ADAF59] - 27/11/2013 - 02:53:58 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [52128]
O58 - SDL:[MD5.1ED7A8574A28357097A5CB4063C96B00] - 15/02/2014 - 22:20:24 ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 17 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Sin City 2, a dame to kill for.mp4 [24617906]
O61 - LFC: 11/03/2014 - 23:28:54 -SHA- . (...) -- C:\Users\J\Downloads\Thumbs.db [234496]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 1\Thumbs.db [134656]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 2\Thumbs.db [67072]
O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 3\Thumbs.db [76800]
O61 - LFC: 11/03/2014 - 23:34:12 -SHA- . (...) -- C:\Users\J\Videos\Thumbs.db [103424]
O61 - LFC: 11/03/2014 - 23:34:13 -SHA- . (...) -- C:\Users\J\Videos\Videos\Thumbs.db [364544]
O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\Log.txt [31835] =>.Nicolas Coolman
O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\TestsZHPDiag.txt [2731] =>.Nicolas Coolman
O61 - LFC: 12/03/2014 - 23:28:54 ---A- . (...) -- C:\Users\J\Links\Photos iCloud.lnk [160]
O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Electra heart (clip).mp4 [73770912]
O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Lies (clip).mp4 [67624996]
~ 15 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 379 Legitimates Filtered in 05mn 54s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {116591E8-7A94-4226-9CD6-79D0D0DD1C25} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 76 Legitimates Filtered in 00mn 12s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/02/2013 235216 | (McComponentHostServiceSony) . (.McAfee, Inc..) - C:\Program Files (x86)\Sony\MSS\3.0.318\McCHSvc.exe
SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 28/09/2013 625240 | (NetworkSupport) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 08/08/2012 123616 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
SS - | Demand 08/08/2012 460512 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
SS - | Demand 08/08/2012 78048 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
SS - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
SS - | Demand 29/05/2013 377768 | (USER_ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SS - | Demand 19/07/2012 476328 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
SS - | Demand 08/08/2012 972000 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/09/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 29/05/2013 377768 | (ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 07/08/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 29/05/2013 266168 | (SampleCollector) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
SR - | Auto 27/08/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 18/08/2012 68776 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
SR - | Demand 09/08/2013 57944 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe
SR - | Demand 01/08/2013 1368624 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\VUAgent.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/09/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Morue at 12/03/2014 23:35:12
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Morue at 12/03/2014 23:35:15
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\APN PIP] =>Toolbar.Ask
~ Additionnel Scan: 282874 Items scanned in 00mn 17s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 17s
~ 1596 Legitimates filtered by white list
End of the scan (433 lines in 07mn 28s)(0)