~ Rapport de ZHPDiag v2013.10.2.3 - Nicolas Coolman  (02/10/2013)
~ Lancé par Jeremy (02/10/2013 22:50:41)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16688 (Defaut)
MFIE: Mozilla Firefox 24.0
GCIE: Google Chrome v29.0.1547.76
OPIE: Opera vStable 15.0.1147.153
OBIE: Safari v5.34.57.2

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Business Edition, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : PWCMP
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Spybot - Search & Destroy v2.0.12
Windows Defender W8

---\\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer
eMule

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8011 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 109 GB (54%) free of 200 GB

---\\ Mode de connexion au système
~ Computer Name: LENOVO-HARDOUIN
~ User Name: Jeremy
~ All Users Names: UpdatusUser, Jeremy, HomeGroupUser$, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Jeremy\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Jeremy\AppData\Roaming\
~ %Desktop% : C:\Users\Jeremy\Desktop\
~ %Favorites% : C:\Users\Jeremy\Favorites\
~ %LocalAppData% : C:\Users\Jeremy\AppData\Local\
~ %StartMenu% : C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 109 Go of 200 Go)
D: Hard drive, Flash drive, Thumb drive (Free 301 Go of 466 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 36 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.6DBE239FF1C9650A794C974B8C7913D7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/08/2013 - 05:12:06.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/356
~ Mes musiques (My Musics) : 1/2014
~ Mes Favoris (My Favorites) : 1/635
~ Mes Documents (My Documents) : 3/4
~ Mon Bureau (My Desktop) : 2/12
~ Menu demarrer (Programs) : 1/36
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.995E42865C9800C913D78AE161EFC716] - (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe   [937976] [PID.5340]
[MD5.EE6BB6A87296DA1D0E3B6181CDB4C2FF] - (.Lenovo Corporation - Lenovo® AVFramework Native 32-Bit Server.) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe   [593408] [PID.4860]
[MD5.F7128E5772F9312F0D111A5FA5D41773] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [20684656] [PID.6204]
[MD5.224F6B374852153C8C24BED141AE3A20] - (...) -- ysWOW64\rundll32.exe   [0] [PID.6752]
[MD5.0ED04FAA4DC1974FE669AB3A945CBA04] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe   [3478600] [PID.6944]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.6964]
[MD5.C76BB6DD7EAA12C1335DDF6E21BE09D7] - (.Realtime Soft Ltd - RTSHookInterop.) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe   [84360] [PID.5704]
[MD5.43E946AAD268FEAFB1E286677E70CB5D] - (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe   [155488] [PID.7076]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [274840] [PID.664]
[MD5.1660C5986C679A7E523ED034CCFB6FE3] - (.Pas de propriétaire - Location Task Manager LPD Access Agent.) -- C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe   [14328] [PID.7144]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe   [17816] [PID.6696]
[MD5.8D4AFD5F4955A52C39C8C424FE5516D9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe   [1862024] [PID.5656]
[MD5.61484FC1984AE69B4F4E300135C2330F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [8034304] [PID.5164]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 14 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dgy7wig2.default\prefs.js
C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dgy7wig2.default\user.js
M3 - MFPP: Plugins - [Jeremy] -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dgy7wig2.default\searchplugins\googlefr-sans-personnalisation.xml
M3 - MFPP: Plugins - [Jeremy] -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\dgy7wig2.default\searchplugins\search-here.xml
M2 - MFEP: prefs.js [Jeremy - dgy7wig2.default\twitternotifier@naan.net] [] Echofon v2.5.2 (..)
M2 - MFEP: prefs.js [Jeremy - dgy7wig2.default\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}] [] SeoQuake v2.8.12.1 (..)
M2 - MFEP: prefs.js [Jeremy - dgy7wig2.default\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}] [] iMacros for Firefox v8.5.1 (..)
M2 - MFEP: prefs.js [Jeremy - dgy7wig2.default\{e3f6c2cc-d8db-498c-af6c-499fb211db97}] [] Page Speed v1.12.9.1 (..)
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 - Toolbar: Classic Explorer Bar [64Bits] - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Email Verifier Lite.lnk . (.Live Software Inc - Live Email Verifier.)  -- C:\Program Files (x86)\Live Software Inc\Live Email Verifier\Verifier.exe 
O4 - GS\Program [Public]: Intel(R) WiDi.lnk . (...)  -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe (.not file.)
O4 - GS\Program [Public]: Poedit.lnk . (.Vaclav Slavik - Poedit.)  -- C:\Program Files (x86)\Poedit\bin\poedit.exe 
O4 - GS\Program [Public]: Safari.lnk . (...)  -- C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Program [Public]: UltraMon.lnk . (...)  -- C:\windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico 
O4 - GS\QuickLaunch [Jeremy]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.)  -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe 
O4 - GS\QuickLaunch [Jeremy]: IETester.lnk . (.Core Services - IETester.)  -- C:\Program Files (x86)\Core Services\IETester\IETester.exe 
O4 - GS\QuickLaunch [Jeremy]: Maj Pass TLF.lnk . (...)  -- D:\Documents\_TLF\MAJ_pass 
O4 - GS\QuickLaunch [Jeremy]: Opera.lnk . (.Opera Software - Opera Internet Browser.)  -- C:\Program Files (x86)\Opera\launcher.exe 
O4 - GS\QuickLaunch [Jeremy]: Pixie.lnk . (.Nattyware - The ultimate colour picker.)  -- D:\Utilitaires\install\_Pixie\pixie.exe 
O4 - GS\QuickLaunch [Jeremy]: Safari.lnk . (...)  -- C:\windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\QuickLaunch [Jeremy]: Saisie des temps.lnk . (...)  -- D:\Documents\_TLF\relevés_heures\Releves_missions 
O4 - GS\QuickLaunch [Jeremy]: Scrapebox.lnk . (.Softtouch Software Design - ScrapeBox.)  -- D:\SEO\scrapebox\scrapebox.exe 
O4 - GS\QuickLaunch [Jeremy]: Sruler.lnk . (...)  -- D:\Utilitaires\install\_SRuler\SRULER.exe
O4 - GS\QuickLaunch [Jeremy]: VLC.lnk . (...)  -- C:\Program Files (x86)\vlc-2.0.7\vlc.exe (.not file.)
O4 - GS\QuickLaunch [Jeremy]: Xenu.lnk . (...)  -- C:\Program Files (x86)\Xenu\Xenu.exe
O4 - GS\Program [Jeremy]: Activer Bluetooth.lnk . (...)  -- C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe (.not file.)
O4 - GS\Desktop [Jeremy]: Atelier - Raccourci.lnk . (...)  -- D:\Documents\Clients\Atelier 
O4 - GS\Desktop [Jeremy]: Documents.lnk . (...)  -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 
O4 - GS\Desktop [Jeremy]: En_cours.lnk . (...)  -- D:\En_cours 
O4 - GS\Desktop [Jeremy]: Refonte_TLF.lnk . (...)  -- D:\Refonte
O4 - GS\Desktop [Jeremy]: SEO.lnk . (...)  -- D:\SEO 
~ Global Startup: 81 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: UltraMon.lnk . (...)  -- C:\windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico \auto (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe  =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 
O4 - HKLM\..\Run: [TpShocks] . (.Lenovo. - ThinkVantage Active Protection System.) -- C:\Windows\System32\TpShocks.exe 
O4 - HKLM\..\Run: [LnvMobHotspotClient] . (.Lenovo - Mobile Hotspot Client Application.) -- C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe 
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] . (.Lenovo Corporation - Lenovo® AVFramework Native 32-Bit Server.) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe 
O4 - HKLM\..\Run: [LenovoOptMouseUpdate] . (.Lenovo Group Limited - External Application Support for Optical Mo.) -- C:\Program Files\Lenovo\HOTKEY\extapsup.exe 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SoftEther VPN Client UI Helper] . (.SoftEther Project at University of Tsukuba, - SoftEther VPN.) -- C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe 
O4 - HKCU\..\Run: [BrowserChoice] . (.Microsoft Corporation - Choix de navigateur .) -- C:\Windows\BrowserChoice\browserchoice.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe  =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe 
O4 - HKLM\..\Wow6432Node\Run: [RotateImage] . (.Ricoh co.,Ltd. - RCIMGDIR.) -- C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe 
O4 - HKLM\..\Wow6432Node\Run: [PWMTRV] rundll32 C:\Program Files (x86)\ThinkPad\UTILIT~1\PWMTR64V.dll (.not file.) 
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe 
O4 - HKLM\..\Wow6432Node\Run: [BingDesktop] . (.Microsoft Corp. - Bing Desktop Application.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe 
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe 
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe 
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe 
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe 
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
O4 - HKUS\S-1-5-21-2929662197-1039328106-1145122480-1001\..\Run: [BrowserChoice] . (.Microsoft Corporation - Choix de navigateur .) -- C:\Windows\BrowserChoice\browserchoice.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Classic IE Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- Clé orpheline
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1895F29-81E5-4C52-B688-071FA09CBF51}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE9A03D-B4A4-4FF4-A93F-82283A3F5B96}: DhcpDomain = tlfdom.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{D1895F29-81E5-4C52-B688-071FA09CBF51}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DBE9A03D-B4A4-4FF4-A93F-82283A3F5B96}: DhcpDomain = tlfdom.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: psfus . (...) -- C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Location Task Manager (LocationTaskManager) . (.Pas de propriétaire - Location Task Manager.) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 31 Legitimates Filtered in 00mn 15s



---\\ Logiciels installés (O42)
O42 - Logiciel: Fast Blog Finder 3 - (...) [HKLM][64Bits] -- Fast Blog Finder 3_is1
O42 - Logiciel: Incrustation - (...) [HKLM][64Bits] -- OnScreenDisplay
O42 - Logiciel: Live Email Verifier - (.Live Software Inc.) [HKLM][64Bits] -- Live Email Verifier
O42 - Logiciel: Live Email Verifier - (.Live Software Inc.) [HKLM][64Bits] -- {DAE33BC4-6739-4A53-A251-A4E175A5459A}
~ Logic: 156 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Micro Fox]
~ Key Software: 254 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/08/2013 - 19:58:55 - [25,124] --H-D C:\ProgramData\{FCAF7277-48D7-4C29-9CF3-0080D39EF16C}
O43 - CFD: 02/10/2013 - 22:49:38 - [1,352] ----D C:\Users\Jeremy\AppData\Roaming\ClassicShell
O43 - CFD: 06/08/2013 - 10:00:57 - [0,001] --H-D C:\Users\Jeremy\AppData\Local\5f3BdoS2tvJ
O43 - CFD: 06/08/2013 - 10:00:57 - [0,001] --H-D C:\Users\Jeremy\AppData\Local\HeS3l41sbUDth
O43 - CFD: 06/08/2013 - 10:00:57 - [0] --HAD C:\Users\Jeremy\AppData\Local\QlJbQMT9kXHJ
O43 - CFD: 06/08/2013 - 10:00:57 - [0,001] --H-D C:\Users\Jeremy\AppData\Local\tkHaqcQjemWdWM
O43 - CFD: 06/08/2013 - 10:00:57 - [0] --HAD C:\Users\Jeremy\AppData\Local\Vr9q9qunAB
~ Program Folder: 207 Legitimates Filtered in 00mn 04s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/10/2013 - 15:42:02 ---A- . (...) -- C:\autoexec.bat   [0]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 02/10/2013 - 21:22:44 ---A- . (...) -- C:\Windows\MBR.exe   [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 02/10/2013 - 21:22:44 ---A- . (...) -- C:\Windows\PEV.exe   [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 02/10/2013 - 21:22:44 ---A- . (...) -- C:\Windows\grep.exe   [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 02/10/2013 - 21:22:44 ---A- . (...) -- C:\Windows\sed.exe   [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 02/10/2013 - 21:22:44 ---A- . (...) -- C:\Windows\zip.exe   [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 02/10/2013 - 21:28:35 ---A- . (...) -- C:\Windows\system.ini   [215]
O44 - LFC:[MD5.DAA6AAD525D12F8985695B882301336F] - 18/09/2013 - 16:21:05 ---A- . (...) -- C:\Windows\win.ini   [167]
~ Files: 51 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.DD815FB6CB1A9F02F6B5F8F9E6422839] - 02/10/2013 - 06:52:42 ---A- - C:\Windows\Prefetch\UPEKSVR.EXE-7F47F19B.pf
O45 - LFCP:[MD5.8F0655F13016CDDBA21057EAF9A08E70] - 02/10/2013 - 08:18:15 ---A- - C:\Windows\Prefetch\SRULER.EXE-CC607CCF.pf
O45 - LFCP:[MD5.9F6CB9ACB168117293C47CA8014F83C6] - 02/10/2013 - 09:32:30 ---A- - C:\Windows\Prefetch\PIXIE.EXE-9BD70E8B.pf
O45 - LFCP:[MD5.A76472F15C1073368149BD01B51E98C9] - 02/10/2013 - 13:11:05 ---A- - C:\Windows\Prefetch\BRIDGE.EXE-C9549E9B.pf
O45 - LFCP:[MD5.4AFA7B232A75F70B48B08D20DB58B4FC] - 02/10/2013 - 13:21:38 ---A- - C:\Windows\Prefetch\EPR_WORKER.EXE-E1D942E7.pf
O45 - LFCP:[MD5.907CF22256F5D93F235E2A880641C7CE] - 02/10/2013 - 13:29:16 ---A- - C:\Windows\Prefetch\APDFPR.EXE-D122BCD8.pf
O45 - LFCP:[MD5.008B3DFD4D874EB89077A077A432E57E] - 02/10/2013 - 13:33:33 ---A- - C:\Windows\Prefetch\ADVANCED_PDF_PASSWORD_RECOVER-B870293F.pf
O45 - LFCP:[MD5.A54A687CD3DAE5F3800BE7F03B465735] - 02/10/2013 - 14:08:16 ---A- - C:\Windows\Prefetch\ULTRAMON.EXE-5F1405D4.pf
O45 - LFCP:[MD5.E9F3E269DCD0D1A889A3FEDCDE05A573] - 02/10/2013 - 14:54:38 ---A- - C:\Windows\Prefetch\ULCDRSVR.EXE-713923AD.pf
O45 - LFCP:[MD5.7B0EA913C1C08F08CB34C0D189E32142] - 02/10/2013 - 14:54:38 ---A- - C:\Windows\Prefetch\ZEROCONFIGSERVICE.EXE-7DE04027.pf
O45 - LFCP:[MD5.6AD93D5A2845A0BB228B9566448273C7] - 02/10/2013 - 15:27:13 ---A- - C:\Windows\Prefetch\CLASSICIE_64.EXE-D85CA797.pf
O45 - LFCP:[MD5.357CEA193D9256DFCF31665F1E227BB9] - 02/10/2013 - 15:40:14 ---A- - C:\Windows\Prefetch\CF16A076-1E23-4419-A249-8273A-3DECD115.pf
O45 - LFCP:[MD5.9B36AE58559DBF72968FD376C00DAACC] - 02/10/2013 - 15:40:14 ---A- - C:\Windows\Prefetch\TPOSD.EXE-086D2EA4.pf
O45 - LFCP:[MD5.EB2C7E2849560C62AD900D4ACED95365] - 02/10/2013 - 15:41:14 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-1C134EF0.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.C2D98AC6E96D826DFB5BCC00D2D0036F] - 02/10/2013 - 15:41:20 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA33.EXE-2F690975.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.877D08CC5F6223971A4E75FF2510FBB6] - 02/10/2013 - 15:41:22 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA34.EXE-42BEC3FA.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.60C5630A2755AE04D0EEE77E1DE21A74] - 02/10/2013 - 15:55:43 ---A- - C:\Windows\Prefetch\SPYHUNTER4.EXE-3B4E3201.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.35FA45697DCD0783B1395498FD455DC6] - 02/10/2013 - 16:00:39 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-08BD946B.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.8BA419AE5E2868379A20D54C6C24A905] - 02/10/2013 - 16:00:42 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-7CBFF389.pf  =>Crapware.SpyHunter
O45 - LFCP:[MD5.0F3833FFDE00C0FDE6EAE4D3D68620EC] - 02/10/2013 - 16:01:05 ---A- - C:\Windows\Prefetch\OFFERCAST_AVIRAV7_.EXE-E30E75AF.pf
O45 - LFCP:[MD5.0515D9A79481BF98364331347D9E3C18] - 02/10/2013 - 16:01:21 ---A- - C:\Windows\Prefetch\AVWEBG7.EXE-2F55E1C8.pf
O45 - LFCP:[MD5.CAC1E797ECF4A0450552CC79921E7A00] - 02/10/2013 - 16:02:35 ---A- - C:\Windows\Prefetch\TOASTNOTIFIER.EXE-271D6148.pf
O45 - LFCP:[MD5.5A4880DC46636F74614C17A1882A8B4C] - 02/10/2013 - 16:11:35 ---A- - C:\Windows\Prefetch\CCUAC.EXE-F70E7BC4.pf
O45 - LFCP:[MD5.8F69A6784165D63DEC51E5DF38423559] - 02/10/2013 - 16:15:21 ---A- - C:\Windows\Prefetch\HTTPD.EXE-47004AC6.pf
O45 - LFCP:[MD5.6E080C23A435B48501188EC6A69BE344] - 02/10/2013 - 16:15:21 ---A- - C:\Windows\Prefetch\MYSQLD.EXE-3EBB62D8.pf
O45 - LFCP:[MD5.5E48052D77344A280DCB1F02733083E7] - 02/10/2013 - 16:15:21 ---A- - C:\Windows\Prefetch\RCIMGDIR.EXE-113D62AA.pf
O45 - LFCP:[MD5.CDED5A589B55D35E2AA22374237FE3C1] - 02/10/2013 - 16:54:14 ---A- - C:\Windows\Prefetch\BECYPDFMETAEDIT-2.37.0-EN.EXE-81EEEE88.pf
O45 - LFCP:[MD5.21429788EEA7E8CAED8172963B427B6C] - 02/10/2013 - 16:55:55 ---A- - C:\Windows\Prefetch\BECYPDFMETAEDIT.EXE-E7F46D77.pf
O45 - LFCP:[MD5.C4CBA340AE2CE1976A699EAA8353A105] - 02/10/2013 - 16:58:35 ---A- - C:\Windows\Prefetch\PASSWORDRECOVERY.EXE-29147F87.pf
O45 - LFCP:[MD5.55051E4DA99A7F26E4D8BE2D75018129] - 02/10/2013 - 17:01:03 ---A- - C:\Windows\Prefetch\UNINSTALLTEMP1903250.EXE-A9BE8793.pf
O45 - LFCP:[MD5.4D48B44FFD676CE03FFEF7D81E776A5F] - 02/10/2013 - 17:09:09 ---A- - C:\Windows\Prefetch\PDFPASSWORDREMOVER.EXE-1836CA27.pf
O45 - LFCP:[MD5.5289E0BD2F187A053E7C4B9388CA426C] - 02/10/2013 - 17:28:59 ---A- - C:\Windows\Prefetch\SUSETSCHED.EXE-8FE5C39D.pf
O45 - LFCP:[MD5.1F530AC93AD374ADFFE58669AA9B4F56] - 02/10/2013 - 17:29:00 ---A- - C:\Windows\Prefetch\UNCSETTING.EXE-E7BFACE2.pf
O45 - LFCP:[MD5.CC9132DCEC0971931D4DA9C51A685D72] - 02/10/2013 - 17:29:04 ---A- - C:\Windows\Prefetch\TVSU.EXE-F26C9DB8.pf
O45 - LFCP:[MD5.5479C030234E8FABB35091347B80251E] - 02/10/2013 - 17:29:07 ---A- - C:\Windows\Prefetch\SUSERVICE.EXE-E9225F7B.pf
O45 - LFCP:[MD5.179A894FDB8596BD533E49DB4B904C93] - 02/10/2013 - 17:29:08 ---A- - C:\Windows\Prefetch\UNCSERVER.EXE-7F050647.pf
O45 - LFCP:[MD5.7FBE56498A6D41CD5450DF3F8C3991C6] - 02/10/2013 - 17:29:11 ---A- - C:\Windows\Prefetch\UACSDK.EXE-A83AEEFD.pf
O45 - LFCP:[MD5.022D60A5F9552907EA8F0706059E04F1] - 02/10/2013 - 17:29:13 ---A- - C:\Windows\Prefetch\TVSUKERNEL.EXE-B952FDED.pf
O45 - LFCP:[MD5.BEE6838C5FCDF379A2C936C42E0F5B5F] - 02/10/2013 - 17:29:33 ---A- - C:\Windows\Prefetch\IA.EXE-01C7315C.pf
O45 - LFCP:[MD5.E8C500C23AFDBE1A49B15E29D804AC38] - 02/10/2013 - 17:29:35 ---A- - C:\Windows\Prefetch\DM.EXE-86DC07CB.pf
O45 - LFCP:[MD5.0E623C8ADC33E7C3D780DA42C78DD64B] - 02/10/2013 - 17:29:35 ---A- - C:\Windows\Prefetch\TPISYSIDSU.EXE-B322DC5B.pf
O45 - LFCP:[MD5.D44D89FB51BF60607A20C567CAE9282C] - 02/10/2013 - 17:29:37 ---A- - C:\Windows\Prefetch\LPUDETECTOR_32.EXE-BA7522F2.pf
O45 - LFCP:[MD5.CAF0C2567923CDA249DE9C5CD79A5EA2] - 02/10/2013 - 17:29:38 ---A- - C:\Windows\Prefetch\LPUDETECTOR_64.EXE-054B82D4.pf
O45 - LFCP:[MD5.347574E0A852EF09188DCDB45EA1147E] - 02/10/2013 - 17:29:40 ---A- - C:\Windows\Prefetch\BFUDET.EXE-01052D84.pf
O45 - LFCP:[MD5.2858E24C621676D6C73326A009DD1503] - 02/10/2013 - 17:29:51 ---A- - C:\Windows\Prefetch\CONFIGSERVICE.EXE-C2BA6FB9.pf
O45 - LFCP:[MD5.A4564FE1FB854BDB492EC447A81361AA] - 02/10/2013 - 19:29:31 ---A- - C:\Windows\Prefetch\IWRAP.EXE-93ABC663.pf
O45 - LFCP:[MD5.58E6A46BAE556CA71E95C17774468FF7] - 02/10/2013 - 19:29:31 ---A- - C:\Windows\Prefetch\MICMUTEC.EXE-827559BA.pf
O45 - LFCP:[MD5.D37D49ADCE7A0414ADD5B9B0A255F799] - 02/10/2013 - 19:29:41 ---A- - C:\Windows\Prefetch\MICMUTE.EXE-E5BEDC63.pf
O45 - LFCP:[MD5.D41B37855E859CA04A86238C5A43F05E] - 02/10/2013 - 19:29:41 ---A- - C:\Windows\Prefetch\TPHKLOAD.EXE-DDCC0662.pf
O45 - LFCP:[MD5.A170D0114E36A2E40B179CB5A5B4BEFC] - 02/10/2013 - 19:30:13 ---A- - C:\Windows\Prefetch\ULTRAMONTASKBAR.EXE-81222D24.pf
O45 - LFCP:[MD5.A1CD07B939EFFEF9149D06A16A43635D] - 02/10/2013 - 20:09:32 ---A- - C:\Windows\Prefetch\SDROOTALYZER.EXE-56F6D1BB.pf
O45 - LFCP:[MD5.BA51F411A8CB37F95EC027D783084096] - 02/10/2013 - 20:34:18 ---A- - C:\Windows\Prefetch\ULTRAMONDESKTOP.EXE-59B2C44E.pf
O45 - LFCP:[MD5.79331154E1904BE8D8870F67A4E4EB1B] - 02/10/2013 - 20:50:11 ---A- - C:\Windows\Prefetch\FIXDAMAGE.EXE-A2DCB28F.pf
O45 - LFCP:[MD5.E9CC4E11A356F1C8A60A19420548C60C] - 02/10/2013 - 20:51:42 ---A- - C:\Windows\Prefetch\ADCTL.EXE-C82C89B6.pf
O45 - LFCP:[MD5.A8BCECD3FAA6DDD7AC57808D327E16BC] - 02/10/2013 - 20:51:50 ---A- - C:\Windows\Prefetch\TPSHOCKS.EXE-FDBC9B25.pf
O45 - LFCP:[MD5.F3554292B77322E2F779A9E423EF5A11] - 02/10/2013 - 20:51:51 ---A- - C:\Windows\Prefetch\TPKNRRES.EXE-24996101.pf
O45 - LFCP:[MD5.0278D7335B7E6ED15117B4A40C9A1783] - 02/10/2013 - 20:51:52 ---A- - C:\Windows\Prefetch\EXTAPSUP.EXE-914EADF9.pf
O45 - LFCP:[MD5.8C6EAE198E3A3823581B8B424FCA4A52] - 02/10/2013 - 20:52:03 ---A- - C:\Windows\Prefetch\AVCONTROLCENTER32.EXE-64543542.pf
O45 - LFCP:[MD5.74C85DA12074E18EFD9B959C48CE1B13] - 02/10/2013 - 21:13:21 ---A- - C:\Windows\Prefetch\NYSTGPPI.EXE-7A558C0B.pf
O45 - LFCP:[MD5.34EC69C12320FF42A2C92BD207C0F354] - 02/10/2013 - 21:21:48 ---A- - C:\Windows\Prefetch\SETPATH.3XE-42B09B7E.pf
O45 - LFCP:[MD5.561472B39A1DDF2CC0FE21497CAD15F8] - 02/10/2013 - 21:21:58 ---A- - C:\Windows\Prefetch\CHCP.COM-B1798D15.pf
O45 - LFCP:[MD5.E75B867005959363641D854716AD326A] - 02/10/2013 - 21:22:00 ---A- - C:\Windows\Prefetch\HANDLE64.EXE-214A7FF9.pf
O45 - LFCP:[MD5.096B5A7BBAF6359C9BBE7339AA4028B5] - 02/10/2013 - 21:23:00 ---A- - C:\Windows\Prefetch\CF23674.3XE-4F9E9259.pf
O45 - LFCP:[MD5.473772FE1CA842601265BD2241BB0F23] - 02/10/2013 - 21:23:47 ---A- - C:\Windows\Prefetch\SF.EXE-F431D88D.pf
O45 - LFCP:[MD5.F1AA54C65A2E465CD35432B2F5467CF6] - 02/10/2013 - 21:24:29 ---A- - C:\Windows\Prefetch\SORT.EXE-318FF9A2.pf
O45 - LFCP:[MD5.6426FC0B80970699E65FDCB6F9C4C019] - 02/10/2013 - 21:25:35 ---A- - C:\Windows\Prefetch\MTEE.3XE-B0314E65.pf
O45 - LFCP:[MD5.BC999CC923184E4844D6C7262681BC8D] - 02/10/2013 - 21:28:09 ---A- - C:\Windows\Prefetch\PV.3XE-AED04A2C.pf
O45 - LFCP:[MD5.F968B5ADB93291507366987996D76492] - 02/10/2013 - 21:28:19 ---A- - C:\Windows\Prefetch\CATCHME.3XE-AE44844F.pf
O45 - LFCP:[MD5.A829DAA2D59257E1448672F43B0CECCF] - 02/10/2013 - 21:28:38 ---A- - C:\Windows\Prefetch\S0RT.3XE-DCF3C763.pf
O45 - LFCP:[MD5.44F5AAA570FE7D5EF3F36BE3B46C815E] - 02/10/2013 - 21:28:47 ---A- - C:\Windows\Prefetch\ROUTE.3XE-DD1D49A1.pf
O45 - LFCP:[MD5.6C8B2B9AA7F24E7AF83F327B68FA2D31] - 02/10/2013 - 21:29:01 ---A- - C:\Windows\Prefetch\NIRCMDB.EXE-9AE67F23.pf
O45 - LFCP:[MD5.CDC40EC0A1B4DDC2E86AF23248F4F821] - 02/10/2013 - 21:29:05 ---A- - C:\Windows\Prefetch\SORT.EXE-EA1A5446.pf
O45 - LFCP:[MD5.4E8BDFB9195BB7BBE6779A5EC8B1419A] - 02/10/2013 - 21:29:13 ---A- - C:\Windows\Prefetch\DUMPHIVE.3XE-CD6C6EC0.pf
O45 - LFCP:[MD5.C2FE0EADF2446E2EB256410A32B6AE9E] - 02/10/2013 - 21:29:13 ---A- - C:\Windows\Prefetch\SQLITE3.3XE-06BDBE0F.pf
O45 - LFCP:[MD5.C55BF36A05FBA405D08BA56337BAE275] - 02/10/2013 - 21:29:45 ---A- - C:\Windows\Prefetch\DD.3XE-916BDDF6.pf
O45 - LFCP:[MD5.E2E7A64F7F906FA55F3E8382F1C9B30E] - 02/10/2013 - 21:29:46 ---A- - C:\Windows\Prefetch\CHCP.COM-F8EF3271.pf
O45 - LFCP:[MD5.0867B7744CDE7019D9B36BA7E2EF0142] - 02/10/2013 - 21:29:47 ---A- - C:\Windows\Prefetch\HANDLE64.EXE-A56DD196.pf
O45 - LFCP:[MD5.C04F79E9E31E88C3D238C59C04859785] - 02/10/2013 - 21:29:48 ---A- - C:\Windows\Prefetch\CLASSICSTARTMENU.EXE-B2535E93.pf
O45 - LFCP:[MD5.A35B5252085E8F8003ED23D59114CD4E] - 02/10/2013 - 21:33:36 ---A- - C:\Windows\Prefetch\RELPOST.EXE-AC41CDAF.pf
O45 - LFCP:[MD5.125F7F9B0838513E203106D95DC9AAD6] - 02/10/2013 - 21:34:06 ---A- - C:\Windows\Prefetch\FMAPP.EXE-27BB1E17.pf
O45 - LFCP:[MD5.0F10E60A69406E178AC7305584BCE9C5] - 02/10/2013 - 21:35:07 ---A- - C:\Windows\Prefetch\LNVHOTSPOTSVC.EXE-8BC07810.pf
O45 - LFCP:[MD5.CD1305102918A8AD7DA27AAC5D98D3FE] - 02/10/2013 - 21:35:37 ---A- - C:\Windows\Prefetch\PWMDBSVC.EXE-42AD9568.pf
O45 - LFCP:[MD5.BCD21AD6AD3196B70AE07CB6BCCAFD09] - 02/10/2013 - 21:39:36 ---A- - C:\Windows\Prefetch\ULTRAMONUIACC.EXE-6631670D.pf
O45 - LFCP:[MD5.FC49AC211DA7290712012AB4D84ABA7A] - 02/10/2013 - 21:39:38 ---A- - C:\Windows\Prefetch\MBAR-1.07.0.1005.EXE-9519D0E0.pf
O45 - LFCP:[MD5.0DEF5D3F6A69D2301DCF181D5C8B4466] - 02/10/2013 - 21:39:38 ---A- - C:\Windows\Prefetch\RTSHOOKINTEROP.EXE-1E2D4745.pf
O45 - LFCP:[MD5.A4F99B923647DF4F67C43771EFA3750B] - 11/09/2013 - 08:03:05 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-D8CC3B5E.pf
O45 - LFCP:[MD5.F3D73EEA2EC296451415D646071C67EF] - 11/09/2013 - 13:10:29 ---A- - C:\Windows\Prefetch\VPNCLIENT_X64.EXE-AFE5EEEF.pf
O45 - LFCP:[MD5.829D9BD3440A67F414AF43B91B8473A4] - 11/09/2013 - 13:11:14 ---A- - C:\Windows\Prefetch\VPNCMGR_X64.EXE-25CC1971.pf
O45 - LFCP:[MD5.315B8BA28ABEEB13DA2112072B0CCC32] - 11/09/2013 - 13:19:58 ---A- - C:\Windows\Prefetch\SCRAPEBOX.EXE-55F2C049.pf
O45 - LFCP:[MD5.5527F12E029C8FBF4DE3461DCBF00672] - 11/09/2013 - 13:42:49 ---A- - C:\Windows\Prefetch\SBBACKLINKCHECK2.SB-156919EA.pf
O45 - LFCP:[MD5.C9E497C91918BA0ABA9007CCFAA26DFA] - 11/09/2013 - 13:44:17 ---A- - C:\Windows\Prefetch\SBPAGEAUTHORITY.SB-D3C0252D.pf
O45 - LFCP:[MD5.35619E469DA05D9FD3838B54CB3D825F] - 17/09/2013 - 09:04:18 ---A- - C:\Windows\Prefetch\SYSTEMPROPERTIESREMOTE.EXE-A8B3EF40.pf
O45 - LFCP:[MD5.0D4A291F607B7874FCE885DA0E25B755] - 18/09/2013 - 12:03:37 ---A- - C:\Windows\Prefetch\CLASSICEXPLORERSETTINGS.EXE-6B18E136.pf
O45 - LFCP:[MD5.3ACA1236F24831F98AF399A3893B5522] - 20/09/2013 - 07:56:51 ---A- - C:\Windows\Prefetch\ERASER 6.0.10.2620.EXE-A14F452E.pf
O45 - LFCP:[MD5.EEF349549C4CD7B286A803E14B2899B2] - 20/09/2013 - 08:04:38 ---A- - C:\Windows\Prefetch\LONGFILE.EXE-63C13605.pf
O45 - LFCP:[MD5.AD7FE77804715D2B53EC7224917B89DD] - 20/09/2013 - 13:48:33 ---A- - C:\Windows\Prefetch\EMULE.EXE-6F3A59E3.pf
O45 - LFCP:[MD5.B14E184944D8C38BA9BF098131A6612F] - 23/09/2013 - 06:50:36 ---A- - C:\Windows\Prefetch\TPNUMLKD.EXE-3E305432.pf
O45 - LFCP:[MD5.DE5B4369ABDA3B5838613A15D0B0C024] - 26/09/2013 - 13:23:23 ---A- - C:\Windows\Prefetch\ULTRAMON.SCR-832BA96C.pf
O45 - LFCP:[MD5.21AB3E81A186647BA1ED83E3166F989E] - 27/09/2013 - 08:35:26 ---A- - C:\Windows\Prefetch\SEOSOFT_INSTALL.TMP-3B658B31.pf
O45 - LFCP:[MD5.6C0F16B3E87F776FC147757ABBA9C633] - 27/09/2013 - 08:35:27 ---A- - C:\Windows\Prefetch\SEOSOFT_INSTALL.TMP-B03A19F4.pf
O45 - LFCP:[MD5.07F16A1C9FB3F1FE1E560D59579980C0] - 27/09/2013 - 16:54:50 ---A- - C:\Windows\Prefetch\BTWUIEXT.EXE-86E9CF7C.pf
O45 - LFCP:[MD5.33CC87B98BC63A9DACFBBC0E4DA29501] - 30/09/2013 - 07:10:57 ---A- - C:\Windows\Prefetch\SEOSOFT.EXE-0057E3D1.pf
O45 - LFCP:[MD5.917EA48F259D1CD57054CFD345AB5544] - 30/09/2013 - 07:16:31 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-573C3AB0.pf
O45 - LFCP:[MD5.7DAD8DC9C2A8CDD44EB9296E12C7E7A5] - 30/09/2013 - 07:24:24 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.26851CA2FA88307704414176EECF087F] - 30/09/2013 - 11:07:39 ---A- - C:\Windows\Prefetch\ACROBAT ELEMENTS.EXE-C5A8A910.pf
~ Prefetcher: 465 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] - 30/08/2013 - 08:48:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65336]
~ Drivers: 19 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/10/2013 - 08:08:33 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml   [57]
O61 - LFC: 01/10/2013 - 08:08:33 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml   [4602]
O61 - LFC: 01/10/2013 - 16:02:45 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\Microsoft\Publisher\pubcmd12.dat   [1017]
O61 - LFC: 02/10/2013 - 12:59:22 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists   [263766]
O61 - LFC: 02/10/2013 - 16:29:49 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\iSpring Solutions\isfree6_0.txt   [68]
O61 - LFC: 02/10/2013 - 17:20:38 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Local State   [40691]
O61 - LFC: 02/10/2013 - 17:20:38 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt   [4]
O61 - LFC: 02/10/2013 - 19:47:30 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\Opera Software\Opera Stable\History   [94208]
O61 - LFC: 02/10/2013 - 21:28:32 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\ZHP\HOSTS.txt   [27]  =>.Nicolas Coolman
O61 - LFC: 02/10/2013 - 21:32:25 ---A- . (...) -- C:\Users\Jeremy\AppData\Local\Lenovo\Power Manager\ResumeLogs.xml   [78]
O61 - LFC: 02/10/2013 - 21:49:38 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\ClassicShell\DataCache.db   [1249401]
O61 - LFC: 02/10/2013 - 21:49:38 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\ClassicShell\StartMenuLog.txt   [114518]
O61 - LFC: 02/10/2013 - 21:50:23 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\ZHP\TestsZHPDiag.txt   [2864]  =>.Nicolas Coolman
O61 - LFC: 02/10/2013 - 21:51:17 ---A- . (...) -- C:\Users\Jeremy\AppData\Roaming\ZHP\Log.txt   [18903]  =>.Nicolas Coolman
~ 5 Fichiers temporaires (Temporary files)
~ Files: 258 Legitimates Filtered in 00mn 10s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <OperaStable> <Opera Stable>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Launcher.exe
O68 - StartMenuInternet: <Safari.exe> <Safari>[HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [Jeremy - dgy7wig2.default] user_pref("extensions.crossrider.bic", "13bd748096308e8fd5dcef10db0ca2b4"); =>PUP.CrossRider
~ Keys:  Scanned in 00mn 00s



---\\ Recherche dans la clé de registre Feature Controls (IFC) (O81)
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.215969882AAFFF1973DC855A4045BF68] [SPRF][02/10/2013] (...) -- C:\Users\Jeremy\Desktop\base_2_10_2013.reg   [336717352]
~ Files: 2 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "6789F87B3EC7FC940888005A3CE32455" . (..) -- C:\windows\Installer\{B78F9876-7CE3-49CF-8088-00A5C33E4255}\ARPPRODUCTICON.exe
O90 - PUC: "C18EF7DEC873D1145B4B05B979B82A40" . (.UltraMon.) -- C:\windows\Installer\{ED7FE81C-378C-411D-B5B4-509B978BA204}\IcoUltraMon.ico
O90 - PUC: "E1F3EB3A2742112478538E32B94ED9F9" . (.Burn.Now 4.5.) -- C:\windows\Installer\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\ARPPRODUCTICON.exe
~ Update Products: 119 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1680D58707D9935334597684D88DCF95] [WIS][21/11/2012] (.Nalpeiron - Nalpeiron License Management.) -- C:\Windows\Installer\47f38.msi   [81920]
[MD5.DD3821F20A0343D4A87C2534B2069E15] [WIS][05/08/2013] (.Live Software Inc - Email Verifier Installation.) -- C:\Windows\Installer\8b318f.msi   [271872]
~ WIS: 121 Legitimates Filtered in 00mn 02s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 24/09/2013 257416 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2013 46808 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 04/07/2013 565760 |  (AVControlCenter) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
SR - | Auto 23/04/2013 2228440 |  (BcmBtRSupport) . (.Broadcom Corporation..) - C:\Windows\System32\BtwRSupportService.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/04/2013 958680 |  (btwdins) . (.Broadcom Corporation..) - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
SS - | Demand 28/08/2012 276288 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 02/08/2013 626416 |  (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Auto 05/08/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/08/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 05/09/2013 66344 |  (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 10/12/2012 732160 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SS - | Demand 10/12/2012 803872 |  (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 31/05/2013 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 30/05/2013 167736 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/07/2013 2044408 |  (Lenovo Settings Service) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
SR - | Auto 16/08/2012 559504 |  (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 04/07/2013 504320 |  (LENOVO.CAMMUTE) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
SR - | Auto 19/04/2013 127072 |  (LENOVO.MICMUTE) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
SR - | Auto 04/07/2013 504320 |  (LENOVO.TPKNRSVC) . (.Lenovo Group Limited.) - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
SR - | Auto 04/07/2013 687104 |  (LENOVO.TVTVCAM) . (.Lenovo Corporation.) - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
SR - | Auto 11/08/2012 136288 |  (Lenovo.VIRTSCRLSVC) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
SR - | Auto 30/05/2013 364856 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/06/2013 468984 |  (LnvHotSpotSvc) . (.Lenovo.) - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
SR - | Auto 21/06/2013 465912 |  (LocationTaskManager) . (...) - C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
SS - | Demand 08/08/2013 30184 |  (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SS - | Demand 01/10/2013 118680 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 02/08/2013 273136 |  (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 08/11/2012 70152 |  (nlsX86cc) . (.Nalpeiron Ltd..) - C:\windows\SysWOW64\NLSSRV32.exe
SR - | Auto 17/07/2013 884512 |  (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 17/07/2013 1260320 |  (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Demand 01/08/2013 1668904 |  (Power Manager DBC Service) . (.Lenovo.) - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
SR - | Auto 02/08/2013 149744 |  (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Demand 13/11/2012 1103392 |  (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Demand 13/11/2012 1369624 |  (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Demand 13/11/2012 168384 |  (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 06/08/2013 4307000 |  (SEVPNCLIENT) . (.SoftEther Project at University of Tsukuba,.) - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
SS - | Auto 25/07/2013 162672 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 04/02/2013 155824 |  (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 21/09/2013 565672 |  (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 17/07/2013 383776 |  (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 26/06/2013 22376 |  (SUService) . (...) - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
SS - | Demand 19/02/2010 517096 |  (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 10/07/1658 0 | C:\Windows\System32\TPHDEXLG64.exe (TPHDEXLGSVC) . (.Lenovo..) - c:\System32\TPHDEXLG64.exe
SR - | Auto 19/04/2013 145808 |  (TPHKLOAD) . (.Lenovo Group Limited.) - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
SR - | Auto 10/01/2008 61440 |  (UleadBurningHelper) . (.Ulead Systems, Inc..) - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
SS - | Demand 23/06/2013 24576 |  (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
SS - | Demand 23/06/2013 12867584 |  (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 02/08/2013 3378416 |  (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services:  Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Jeremy at 02/10/2013 22:51:56
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Jeremy at 02/10/2013 22:51:58

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 12932 - (02/10/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 6

C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-1C134EF0.pf   =>Crapware.SpyHunter^
C:\Windows\Prefetch\WISECUSTOMCALLA33.EXE-2F690975.pf   =>Crapware.SpyHunter^
C:\Windows\Prefetch\WISECUSTOMCALLA34.EXE-42BEC3FA.pf   =>Crapware.SpyHunter^
C:\Windows\Prefetch\SPYHUNTER4.EXE-3B4E3201.pf   =>Crapware.SpyHunter^
C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-08BD946B.pf   =>Crapware.SpyHunter^
C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-7CBFF389.pf   =>Crapware.SpyHunter^
~ Additionnel Scan: 444458 Items scanned in 00mn 14s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter   =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider   =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26611908-rootkit-tdss   =>Rootkit.TDSS
~ MSI: 3 link(s) detected in 00mn 14s



~ 1868 Legitimates filtered by white list
End of the scan (627 lines in 01mn 31s)(0)