Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.4.6.3 - Nicolas Coolman (06/04/2014)
~ Lancé par SA PHIRA (07/04/2014 06:47:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 28.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5580 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 883 GB (96%) free of 917 GB
---\\ Mode de connexion au système
~ Computer Name: SAPHIRA
~ User Name: SA PHIRA
~ All Users Names: SA PHIRA, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\SA PHIRA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\SA PHIRA\AppData\Roaming\
~ %Desktop% : C:\Users\SA PHIRA\Desktop\
~ %Favorites% : C:\Users\SA PHIRA\Favorites\
~ %LocalAppData% : C:\Users\SA PHIRA\AppData\Local\
~ %StartMenu% : C:\Users\SA PHIRA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 883 Go of 917 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.22/10/2013 - 08:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:12:11.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/3
~ Menu demarrer (Programs) : 1/20
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [29395264] [PID.1192]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3240]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.4748]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4144]
[MD5.4456B06D9E1340C39017EA98DA6436A0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8184320] [PID.380]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\SA PHIRA\AppData\Roaming\Mozilla\Firefox\Profiles\06czd4jy.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: SlimDrivers.lnk . (...) -- C:\windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [SA PHIRA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [SA PHIRA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [SA PHIRA]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [SA PHIRA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 45 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A90ABFE-654D-4028-A42D-D149C664C36C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A90ABFE-654D-4028-A42D-D149C664C36C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) . (...) - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: McAfee AP Service (McAPExe) . (...) - C:\Program Files\McAfee\MSC\McAPexe.exe (.not file.)
~ Services: 11 Legitimates Filtered in 00mn 18s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SlimDrivers Startup.job [432]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/03/2014 - 01:12:29 - [43,052] ----D C:\ProgramData\{F9CD6566-34FB-4F9F-9994-15FBD73F4A78}
~ Program Folder: 102 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 05/04/2014 - 18:21:34 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 05/04/2014 - 18:25:15 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.E56AB201E67E8F4EB8224CC7924008A0] - 06/04/2014 - 08:06:00 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536]
O44 - LFC:[MD5.D53A0800A3E7E720F12C1FD2854CC97B] - 06/04/2014 - 17:05:55 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [757301]
O44 - LFC:[MD5.9CFEFD62D86DABFAC12D1C5ED72BA6A4] - 07/04/2014 - 05:07:00 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
~ Files: 354 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.2EA4C42E3F504A16AA2C59EA51524C0F] - 05/04/2014 - 17:13:18 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-5C83D17E.pf
O45 - LFCP:[MD5.1BDDA0C7F7AE8EB46CFFC77AA585060B] - 05/04/2014 - 17:18:21 ---A- - C:\Windows\Prefetch\PS.EXE-1EE522C7.pf
O45 - LFCP:[MD5.632A45E9EB54AEC2B0EFEB7E5026BFD2] - 05/04/2014 - 17:34:41 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-CF768DB4.pf
O45 - LFCP:[MD5.AFBAA706CE352BAA7E470EFC4B90A901] - 05/04/2014 - 17:44:40 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3E5D6C5C.pf
O45 - LFCP:[MD5.34A3147228E4975FB515509C102BB74E] - 05/04/2014 - 20:09:12 ---A- - C:\Windows\Prefetch\MIGWIZ.EXE-278FCD0C.pf
O45 - LFCP:[MD5.BB78C510073BF3BC63000FD33535526E] - 05/04/2014 - 20:15:18 ---A- - C:\Windows\Prefetch\25684U~1.EXE-DE0CA07A.pf
O45 - LFCP:[MD5.19CCDF9775DB6CABA54AD56E8F7BD6C3] - 05/04/2014 - 21:29:38 ---A- - C:\Windows\Prefetch\MCUIHOST.EXE-AE5E0AD4.pf
O45 - LFCP:[MD5.AE7793F377175ACEABC68AE534E12186] - 06/04/2014 - 16:44:34 ---A- - C:\Windows\Prefetch\HPSAOBJUTILDT.EXE-49B61A4E.pf
O45 - LFCP:[MD5.CE5C2D05857F35BC27C0BE46A9899164] - 06/04/2014 - 16:49:09 ---A- - C:\Windows\Prefetch\0012A630EDEBE5E558FB393E14880-6A749159.pf
O45 - LFCP:[MD5.1F129DF741EAD266E7839864C2BE71E0] - 06/04/2014 - 16:49:21 ---A- - C:\Windows\Prefetch\SP63733.EXE-AF86673D.pf
O45 - LFCP:[MD5.3DAC68827F800A447B7DF55FB07A9C24] - 06/04/2014 - 16:50:32 ---A- - C:\Windows\Prefetch\DEVAMD64.EXE-1D26AFFA.pf
O45 - LFCP:[MD5.0E7DF4688A6DC41A54C0516F183980F4] - 06/04/2014 - 16:53:21 ---A- - C:\Windows\Prefetch\001A9AE695534F7050F6A344A24C1-B9BA7DB2.pf
O45 - LFCP:[MD5.30477C500EF55AB294712C1A26D06FA5] - 06/04/2014 - 16:57:02 ---A- - C:\Windows\Prefetch\00F30D6E58DA4E088F28F8E6B6111-29534DFD.pf
O45 - LFCP:[MD5.8C1DCD900C60097618AA65C9312C66B8] - 06/04/2014 - 17:02:00 ---A- - C:\Windows\Prefetch\00E2792FE02DFA6DFB3EF2F298199-22F4FB53.pf
O45 - LFCP:[MD5.DC376AFD591ACF7774C09AC3EBA8C076] - 06/04/2014 - 17:02:04 ---A- - C:\Windows\Prefetch\PSTUBXX.EXE-8C94F3D2.pf
O45 - LFCP:[MD5.C3B9FB971DF48F47EA81CE6753E08592] - 06/04/2014 - 17:02:23 ---A- - C:\Windows\Prefetch\SP63634.EXE-5C077C69.pf
O45 - LFCP:[MD5.3FDB76EB7ABC75CD8005D22CF61A491B] - 06/04/2014 - 17:03:17 ---A- - C:\Windows\Prefetch\REVCON64.EXE-BD82F343.pf
O45 - LFCP:[MD5.38356838F8BAD3C365C71B40342B681B] - 06/04/2014 - 18:39:24 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.3A3FB4FCA843AB7645DB391D3E263925] - 06/04/2014 - 20:39:30 ---A- - C:\Windows\Prefetch\PfPre_814c712b.db
O45 - LFCP:[MD5.2DF5219D6821CD1ADBB67C708EC58CEF] - 07/04/2014 - 05:04:14 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-A309F880.pf
O45 - LFCP:[MD5.CA128816117FAC1DDB61D2D9A907E005] - 07/04/2014 - 05:07:09 ---A- - C:\Windows\Prefetch\SLIMDRIVERS.EXE-A0F8D99B.pf
O45 - LFCP:[MD5.29DA1C60BC0EECD607122E7280D2CFB7] - 07/04/2014 - 05:07:12 ---A- - C:\Windows\Prefetch\OPVAPP.EXE-EF82EDB7.pf
O45 - LFCP:[MD5.E9C436DC835ACFEDC21FA2537C55E983] - 07/04/2014 - 05:07:22 ---A- - C:\Windows\Prefetch\HPSMPLPASS.EXE-7889A858.pf
O45 - LFCP:[MD5.966697DDF76C4776417C062CDCBD4F15] - 07/04/2014 - 05:07:23 ---A- - C:\Windows\Prefetch\OPBHOBROKER.EXE-7BC4A4DA.pf
O45 - LFCP:[MD5.79AC24A5383C2312A0529CA476037AE2] - 07/04/2014 - 05:07:24 ---A- - C:\Windows\Prefetch\OPBHOBROKERDSKTOP.EXE-B3F963A3.pf
~ Prefetcher: 25 Legitimates Filtered in 00mn 00s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05/04/2014 - 17:48:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05/04/2014 - 17:48:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 30/05/2012 - 00:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.9CFEFD62D86DABFAC12D1C5ED72BA6A4] - 07/04/2014 - 05:07:00 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
~ Drivers: 19 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 05/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\vlc-2.1.3-win32.exe [24677393]
O61 - LFC: 05/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Searches\winrt--{S-1-5-21-4119803159-1899536095-1781288996-1001}-.searchconnector-ms [859]
O61 - LFC: 05/04/2014 - 06:48:41 R-HA- . (...) -- C:\Users\SA PHIRA\Searches\Everywhere.search-ms [248]
O61 - LFC: 05/04/2014 - 06:48:41 R-HA- . (...) -- C:\Users\SA PHIRA\Searches\Indexed Locations.search-ms [248]
O61 - LFC: 06/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\Documents\mbam.txt [22366]
O61 - LFC: 06/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\adwcleaner.exe [1426178]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\MaConfig_win.exe [255880]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\Desktop.lnk [451]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\Downloads.lnk [908]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\RecentPlaces.lnk [383]
O61 - LFC: 07/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\ZHP\Log.txt [15924] =>.Nicolas Coolman
O61 - LFC: 07/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\ZHP\TestsZHPDiag.txt [2903] =>.Nicolas Coolman
~ 11 Fichiers temporaires (Temporary files)
~ Files: 226 Legitimates Filtered in 00mn 16s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {7B57ADFE-D76D-4948-9E97-6A7CFC9144A8} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{4AF5C211-FFD2-4344-9FEC-6687E5E09542}" | Out - None - P17 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{FF5303F5-EA04-4B19-804D-14C0E2AFC62A}" | In - None - P17 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 234 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3196F87812473174797FA037E62E1A88" . (.Inst5676.) -- C:\windows\Installer\{878F6913-7421-4713-97F7-0A736EE2A188}\ARPPRODUCTICON.exe
O90 - PUC: "C7426ED27707B154B87AFF1D2ABABB74" . (.Inst5675.) -- C:\windows\Installer\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}\ARPPRODUCTICON.exe
~ Update Products: 96 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 14/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 10/07/1658 0 | (McAPExe) . (...) - C:\Program Files\McAfee\MSC\McAPexe.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 06/12/2013 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 05/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 31/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 05/09/2013 109568 | (Cachedrv server) . (...) - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
SR - | Auto 12/08/2013 77576 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
SR - | Auto 12/08/2013 298760 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
SR - | Auto 27/08/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Disabled 10/07/1658 0 | (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 05/09/2013 87552 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
SR - | Auto 01/01/2000 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by SA PHIRA at 07/04/2014 06:49:32
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by SA PHIRA at 07/04/2014 06:49:34
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (06/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 196936 Items scanned in 00mn 38s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 1422 Legitimates filtered by white list
End of the scan (408 lines in 03mn 09s)(0)
~ Lancé par SA PHIRA (07/04/2014 06:47:04)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16521
MFIE: Mozilla Firefox 28.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware version 2.0.1.1004
Windows Defender W8
---\\ Logiciels d'optimisation du système
CCleaner v4.12 =>.Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
---\\ Informations sur le système
~ Processor: AMD64 Family 22 Model 0 Stepping 1, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5580 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 883 GB (96%) free of 917 GB
---\\ Mode de connexion au système
~ Computer Name: SAPHIRA
~ User Name: SA PHIRA
~ All Users Names: SA PHIRA, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\SA PHIRA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\SA PHIRA\AppData\Roaming\
~ %Desktop% : C:\Users\SA PHIRA\Desktop\
~ %Favorites% : C:\Users\SA PHIRA\Favorites\
~ %LocalAppData% : C:\Users\SA PHIRA\AppData\Local\
~ %StartMenu% : C:\Users\SA PHIRA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 883 Go of 917 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.22/10/2013 - 08:55:27.) -- C:\Windows\Explorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.27/11/2013 - 13:02:29.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.23/11/2013 - 08:08:19.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.22/08/2013 - 20:12:11.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/3
~ Menu demarrer (Programs) : 1/20
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [29395264] [PID.1192]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3240]
[MD5.4E9AF25BA5E8219310E384AEA5B0EED8] - (.CyberLink - CyberLink MediaLibrary Service.) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576] [PID.4748]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4144]
[MD5.4456B06D9E1340C39017EA98DA6436A0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8184320] [PID.380]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\SA PHIRA\AppData\Roaming\Mozilla\Firefox\Profiles\06czd4jy.default\prefs.js
~ Firefox Browser: 1 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: SlimDrivers.lnk . (...) -- C:\windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: HP Connected Music.lnk . (.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [SA PHIRA]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [SA PHIRA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [SA PHIRA]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [SA PHIRA]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 45 Legitimates Filtered in 00mn 01s
---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SimplePass] . (.Hewlett-Packard - HP SimplePass Application.) -- C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
O4 - HKLM\..\Run: [OPBHOBroker] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
O4 - HKLM\..\Run: [OPBHOBrokerDesktop] . (.Hewlett-Packard - HP SimplePass BHO Broker.) -- C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =>.Advanced Micro Devices, Inc
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A90ABFE-654D-4028-A42D-D149C664C36C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A90ABFE-654D-4028-A42D-D149C664C36C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) . (...) - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: McAfee AP Service (McAPExe) . (...) - C:\Program Files\McAfee\MSC\McAPexe.exe (.not file.)
~ Services: 11 Legitimates Filtered in 00mn 18s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\SlimDrivers Startup.job [432]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 06s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/03/2014 - 01:12:29 - [43,052] ----D C:\ProgramData\{F9CD6566-34FB-4F9F-9994-15FBD73F4A78}
~ Program Folder: 102 Legitimates Filtered in 00mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2100B28C34C4FCE916A4A61F58E31198] - 05/04/2014 - 18:21:34 ---A- . (...) -- C:\Windows\System32\connectedsearch-results.searchconnector-ms [9701]
O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 05/04/2014 - 18:25:15 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722]
O44 - LFC:[MD5.E56AB201E67E8F4EB8224CC7924008A0] - 06/04/2014 - 08:06:00 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536]
O44 - LFC:[MD5.D53A0800A3E7E720F12C1FD2854CC97B] - 06/04/2014 - 17:05:55 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT [757301]
O44 - LFC:[MD5.9CFEFD62D86DABFAC12D1C5ED72BA6A4] - 07/04/2014 - 05:07:00 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
~ Files: 354 Legitimates Filtered in 00mn 21s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.2EA4C42E3F504A16AA2C59EA51524C0F] - 05/04/2014 - 17:13:18 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-5C83D17E.pf
O45 - LFCP:[MD5.1BDDA0C7F7AE8EB46CFFC77AA585060B] - 05/04/2014 - 17:18:21 ---A- - C:\Windows\Prefetch\PS.EXE-1EE522C7.pf
O45 - LFCP:[MD5.632A45E9EB54AEC2B0EFEB7E5026BFD2] - 05/04/2014 - 17:34:41 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-CF768DB4.pf
O45 - LFCP:[MD5.AFBAA706CE352BAA7E470EFC4B90A901] - 05/04/2014 - 17:44:40 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3E5D6C5C.pf
O45 - LFCP:[MD5.34A3147228E4975FB515509C102BB74E] - 05/04/2014 - 20:09:12 ---A- - C:\Windows\Prefetch\MIGWIZ.EXE-278FCD0C.pf
O45 - LFCP:[MD5.BB78C510073BF3BC63000FD33535526E] - 05/04/2014 - 20:15:18 ---A- - C:\Windows\Prefetch\25684U~1.EXE-DE0CA07A.pf
O45 - LFCP:[MD5.19CCDF9775DB6CABA54AD56E8F7BD6C3] - 05/04/2014 - 21:29:38 ---A- - C:\Windows\Prefetch\MCUIHOST.EXE-AE5E0AD4.pf
O45 - LFCP:[MD5.AE7793F377175ACEABC68AE534E12186] - 06/04/2014 - 16:44:34 ---A- - C:\Windows\Prefetch\HPSAOBJUTILDT.EXE-49B61A4E.pf
O45 - LFCP:[MD5.CE5C2D05857F35BC27C0BE46A9899164] - 06/04/2014 - 16:49:09 ---A- - C:\Windows\Prefetch\0012A630EDEBE5E558FB393E14880-6A749159.pf
O45 - LFCP:[MD5.1F129DF741EAD266E7839864C2BE71E0] - 06/04/2014 - 16:49:21 ---A- - C:\Windows\Prefetch\SP63733.EXE-AF86673D.pf
O45 - LFCP:[MD5.3DAC68827F800A447B7DF55FB07A9C24] - 06/04/2014 - 16:50:32 ---A- - C:\Windows\Prefetch\DEVAMD64.EXE-1D26AFFA.pf
O45 - LFCP:[MD5.0E7DF4688A6DC41A54C0516F183980F4] - 06/04/2014 - 16:53:21 ---A- - C:\Windows\Prefetch\001A9AE695534F7050F6A344A24C1-B9BA7DB2.pf
O45 - LFCP:[MD5.30477C500EF55AB294712C1A26D06FA5] - 06/04/2014 - 16:57:02 ---A- - C:\Windows\Prefetch\00F30D6E58DA4E088F28F8E6B6111-29534DFD.pf
O45 - LFCP:[MD5.8C1DCD900C60097618AA65C9312C66B8] - 06/04/2014 - 17:02:00 ---A- - C:\Windows\Prefetch\00E2792FE02DFA6DFB3EF2F298199-22F4FB53.pf
O45 - LFCP:[MD5.DC376AFD591ACF7774C09AC3EBA8C076] - 06/04/2014 - 17:02:04 ---A- - C:\Windows\Prefetch\PSTUBXX.EXE-8C94F3D2.pf
O45 - LFCP:[MD5.C3B9FB971DF48F47EA81CE6753E08592] - 06/04/2014 - 17:02:23 ---A- - C:\Windows\Prefetch\SP63634.EXE-5C077C69.pf
O45 - LFCP:[MD5.3FDB76EB7ABC75CD8005D22CF61A491B] - 06/04/2014 - 17:03:17 ---A- - C:\Windows\Prefetch\REVCON64.EXE-BD82F343.pf
O45 - LFCP:[MD5.38356838F8BAD3C365C71B40342B681B] - 06/04/2014 - 18:39:24 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.3A3FB4FCA843AB7645DB391D3E263925] - 06/04/2014 - 20:39:30 ---A- - C:\Windows\Prefetch\PfPre_814c712b.db
O45 - LFCP:[MD5.2DF5219D6821CD1ADBB67C708EC58CEF] - 07/04/2014 - 05:04:14 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-A309F880.pf
O45 - LFCP:[MD5.CA128816117FAC1DDB61D2D9A907E005] - 07/04/2014 - 05:07:09 ---A- - C:\Windows\Prefetch\SLIMDRIVERS.EXE-A0F8D99B.pf
O45 - LFCP:[MD5.29DA1C60BC0EECD607122E7280D2CFB7] - 07/04/2014 - 05:07:12 ---A- - C:\Windows\Prefetch\OPVAPP.EXE-EF82EDB7.pf
O45 - LFCP:[MD5.E9C436DC835ACFEDC21FA2537C55E983] - 07/04/2014 - 05:07:22 ---A- - C:\Windows\Prefetch\HPSMPLPASS.EXE-7889A858.pf
O45 - LFCP:[MD5.966697DDF76C4776417C062CDCBD4F15] - 07/04/2014 - 05:07:23 ---A- - C:\Windows\Prefetch\OPBHOBROKER.EXE-7BC4A4DA.pf
O45 - LFCP:[MD5.79AC24A5383C2312A0529CA476037AE2] - 07/04/2014 - 05:07:24 ---A- - C:\Windows\Prefetch\OPBHOBROKERDSKTOP.EXE-B3F963A3.pf
~ Prefetcher: 25 Legitimates Filtered in 00mn 00s
---\\ Déni du service (Local Security Authority) (O48)
~ LSA: 3 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05/04/2014 - 17:48:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05/04/2014 - 17:48:32 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 30/05/2012 - 00:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
O58 - SDL:[MD5.9CFEFD62D86DABFAC12D1C5ED72BA6A4] - 07/04/2014 - 05:07:00 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
~ Drivers: 19 Legitimates Filtered in 00mn 03s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 05/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC: 05/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\vlc-2.1.3-win32.exe [24677393]
O61 - LFC: 05/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Searches\winrt--{S-1-5-21-4119803159-1899536095-1781288996-1001}-.searchconnector-ms [859]
O61 - LFC: 05/04/2014 - 06:48:41 R-HA- . (...) -- C:\Users\SA PHIRA\Searches\Everywhere.search-ms [248]
O61 - LFC: 05/04/2014 - 06:48:41 R-HA- . (...) -- C:\Users\SA PHIRA\Searches\Indexed Locations.search-ms [248]
O61 - LFC: 06/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\Documents\mbam.txt [22366]
O61 - LFC: 06/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\adwcleaner.exe [1426178]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Downloads\MaConfig_win.exe [255880]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\Desktop.lnk [451]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\Downloads.lnk [908]
O61 - LFC: 06/04/2014 - 06:48:41 ---A- . (...) -- C:\Users\SA PHIRA\Links\RecentPlaces.lnk [383]
O61 - LFC: 07/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\ZHP\Log.txt [15924] =>.Nicolas Coolman
O61 - LFC: 07/04/2014 - 06:48:40 ---A- . (...) -- C:\Users\SA PHIRA\AppData\Roaming\ZHP\TestsZHPDiag.txt [2903] =>.Nicolas Coolman
~ 11 Fichiers temporaires (Temporary files)
~ Files: 226 Legitimates Filtered in 00mn 16s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {7B57ADFE-D76D-4948-9E97-6A7CFC9144A8} - (Propositions de recherche Amazon.fr) - http://www.amazon.fr
O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{4AF5C211-FFD2-4344-9FEC-6687E5E09542}" | Out - None - P17 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
O87 - FAEL: "{FF5303F5-EA04-4B19-804D-14C0E2AFC62A}" | In - None - P17 - TRUE | .(.Meridian Audio Ltd - HP Connected Music.) -- C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
~ Firewall: 234 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "3196F87812473174797FA037E62E1A88" . (.Inst5676.) -- C:\windows\Installer\{878F6913-7421-4713-97F7-0A736EE2A188}\ARPPRODUCTICON.exe
O90 - PUC: "C7426ED27707B154B87AFF1D2ABABB74" . (.Inst5675.) -- C:\windows\Installer\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}\ARPPRODUCTICON.exe
~ Update Products: 96 Legitimates Filtered in 00mn 00s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Demand 14/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 10/07/1658 0 | (McAPExe) . (...) - C:\Program Files\McAfee\MSC\McAPexe.exe
SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/12/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 06/12/2013 344064 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 05/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 31/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 05/09/2013 109568 | (Cachedrv server) . (...) - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
SR - | Auto 12/08/2013 77576 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
SR - | Auto 12/08/2013 298760 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
SR - | Auto 27/08/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 01/04/2014 2818888 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Disabled 10/07/1658 0 | (McMPFSvc) . (...) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 05/09/2013 87552 | (omniserv) . (.Softex Inc..) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
SR - | Auto 01/01/2000 290520 | (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 08s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by SA PHIRA at 07/04/2014 06:49:32
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by SA PHIRA at 07/04/2014 06:49:34
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13044 - (06/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 196936 Items scanned in 00mn 38s
---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 1422 Legitimates filtered by white list
End of the scan (408 lines in 03mn 09s)(0)