~ Rapport de ZHPDiag v2014.4.14.26 - Nicolas Coolman (14/04/2014) ~ Lancé par alex (15/04/2014 14:32:38) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16863 MFIE: Mozilla Firefox 28.0 (Defaut) GCIE: Google Chrome v34.0.1847.116 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : GMQHT Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système avast! Free Antivirus v9.0.2016 Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 13 Plugin Adobe Reader XI Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3909 MB (54% free) System Restore: Activé (Enable) System drive C: has 460 GB (67%) free of 682 GB ---\\ Mode de connexion au système ~ Computer Name: PC-ALEX ~ User Name: alex ~ All Users Names: HomeGroupUser$, alex, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\alex\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\alex\AppData\Roaming\ ~ %Desktop% : C:\Users\alex\Desktop\ ~ %Favorites% : C:\Users\alex\Favorites\ ~ %LocalAppData% : C:\Users\alex\AppData\Local\ ~ %StartMenu% : C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 460 Go of 682 Go) D: CD-ROM drive (Free 0 Go of 0 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 44 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.07/03/2014 - 01:08:30.) -- C:\Windows\System32\wininet.dll [2240000] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.16/01/2014 - 00:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.27/01/2014 - 04:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/10958 ~ Mes musiques (My Musics) : 460/4279 ~ Mes Favoris (My Favorites) : 1/6 ~ Mes Documents (My Documents) : 3/489 ~ Mon Bureau (My Desktop) : 4/14136 ~ Menu demarrer (Programs) : 1/23 ~ Hidden Files: Scanned in 00mn 27s ---\\ Processus lancés [MD5.E72E98FEB4160E8B40075604EFC723EC] - (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe [1067232] [PID.3036] [MD5.0EFF23C3D910380746D4F56BA5C746C4] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1192784] [PID.3056] [MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3312] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4308] [MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4360] [MD5.775DDB699B40C42E1BD799CC0EBF3528] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8215552] [PID.4784] [MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5604] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé) G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé) G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé) ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\crplbalz.default\prefs.js ~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. - FreeYouTubeToMP3Converter.) -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe O4 - GS\Desktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation - OpenOffice 4.0.1.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [alex]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [alex]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar [alex]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [alex]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - GS\Program [alex]: Corbeille.lnk - Clé orpheline O4 - GS\Program [alex]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [alex]: Youtube Downloader HD.lnk . (...) -- C:\Program Files (x86)\Youtube Downloader HD\YouTubeDownloaderHD.exe ~ Global Startup: 47 Legitimates Filtered in 00mn 01s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKCU\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe O4 - HKLM\..\Wow6432Node\Run: [RadioController] . (.Dritek System Inc. - RF Button Helper.) -- C:\Program Files (x86)\RadioController\RfBtnHelper.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm Atheros Commnucations - Extension Core.) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe O4 - HKUS\S-1-5-21-154100775-86352665-3950086217-1001\..\Run: [Badoo Desktop] . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5E529D00-E454-499E-B5DD-02AD5A384C76}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{78F19859-F85E-419C-9CCE-90921F69AA86}: DhcpNameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{78F19859-F85E-419C-9CCE-90921F69AA86}: DhcpDomain = WDS01.COM O17 - HKLM\System\CS1\Services\Tcpip\..\{5E529D00-E454-499E-B5DD-02AD5A384C76}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{78F19859-F85E-419C-9CCE-90921F69AA86}: DhcpNameServer = 127.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{78F19859-F85E-419C-9CCE-90921F69AA86}: DhcpDomain = WDS01.COM O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. - Elan Service.) - C:\Program Files\Elantech\ETDService.exe ~ Services: 19 Legitimates Filtered in 00mn 26s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk * ) - File not found O34 - HKLM BootExecute: (BootDefrag.exe) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Mega Browse] =>PUP.MegaBrowse [HKLM\Software\Wow6432Node\Mega Browse] =>PUP.MegaBrowse ~ Key Software: 251 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 17/07/2013 - 16:30:16 - [1,346] ----D C:\Users\alex\AppData\Roaming\lm ~ Program Folder: 160 Legitimates Filtered in 00mn 23s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.8411BF1A6A7F112AD97D4B4AC53256AD] - 05/04/2014 - 10:43:42 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo O44 - LFC:[MD5.846DE6DC68C6B1062E79C25D01CBFA66] - 09/04/2014 - 17:23:51 ---A- . (...) -- C:\Windows\win.ini [194] O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 12/04/2014 - 15:57:29 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722] ~ Files: 54 Legitimates Filtered in 00mn 21s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.6FDF840B75EFE830A4BD8E1F569C2490] - 02/04/2014 - 17:53:35 ---A- - C:\Windows\Prefetch\R-3.0.3-WIN.TMP-ABC1CA94.pf O45 - LFCP:[MD5.21081B70AF2DADEBF0B2893D75388E5C] - 02/04/2014 - 17:53:40 ---A- - C:\Windows\Prefetch\R-3.0.3-WIN.TMP-3140214B.pf O45 - LFCP:[MD5.18E54B679ED869F463CD4634989EFD6D] - 02/04/2014 - 17:56:29 ---A- - C:\Windows\Prefetch\RGUI.EXE-74871015.pf O45 - LFCP:[MD5.553DFB941CA8ACF4BEDEFDF5732BFA3A] - 07/04/2014 - 21:42:24 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-44C90B62.pf O45 - LFCP:[MD5.FFA2E8F0D820D2D3F3F6D72531E06240] - 09/04/2014 - 18:14:26 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-C3CFD54A.pf O45 - LFCP:[MD5.D49EF978A0209F1A0B183837CE3D836E] - 09/04/2014 - 20:45:43 ---A- - C:\Windows\Prefetch\FILTERAPP_C64.EXE-962B38CF.pf O45 - LFCP:[MD5.8412DB49CD1470D27F4C246D6921B335] - 09/04/2014 - 20:59:42 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-624B0602.pf O45 - LFCP:[MD5.3B36C30BBB21D6A100AF95ABC3BB03A5] - 10/04/2014 - 12:50:31 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.FE8FB8A55A841182530A66184BE07C1D] - 11/04/2014 - 16:28:46 ---A- - C:\Windows\Prefetch\DOPDFCL7.EXE-EDF4B6C6.pf O45 - LFCP:[MD5.04733D2594C80FF378291D5467CAA3E7] - 12/04/2014 - 21:19:06 ---A- - C:\Windows\Prefetch\YOUTUBE_DOWNLOADER_HD_SETUP.T-35B10902.pf O45 - LFCP:[MD5.1B22B200ED769353DC3416869750133C] - 12/04/2014 - 21:19:10 ---A- - C:\Windows\Prefetch\YOUTUBE_DOWNLOADER_HD_SETUP.E-03C2D621.pf O45 - LFCP:[MD5.60B93A68D866539EB83BDD4D9675469A] - 12/04/2014 - 21:19:11 ---A- - C:\Windows\Prefetch\YOUTUBE_DOWNLOADER_HD_SETUP.T-9C2F79A4.pf O45 - LFCP:[MD5.DE0BB4672366350182B1BC59E2FC91F0] - 12/04/2014 - 21:19:48 ---A- - C:\Windows\Prefetch\YOUTUBEDOWNLOADERHD.EXE-FB59C4BB.pf O45 - LFCP:[MD5.27626550C3637C7E3E4DDB300FD4693D] - 14/04/2014 - 09:57:56 ---A- - C:\Windows\Prefetch\DSIWMIS.EXE-238692B9.pf O45 - LFCP:[MD5.AB7DCCE2B1FAE623B73F43D0690A98CA] - 14/04/2014 - 12:47:37 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-B444BC8E.pf O45 - LFCP:[MD5.4EF7A9E5FD811BDAF518878435C54FB7] - 14/04/2014 - 13:03:49 ---A- - C:\Windows\Prefetch\W9XPOPEN.EXE-3BCF8146.pf O45 - LFCP:[MD5.4A0A6921520132FC186165EB8AC6E7E2] - 14/04/2014 - 13:03:54 ---A- - C:\Windows\Prefetch\WININST_6.EXE-B6CED721.pf O45 - LFCP:[MD5.2E5C24D4A49A889224AE95AC075743E4] - 14/04/2014 - 13:12:37 ---A- - C:\Windows\Prefetch\SOFTONICDOWNLOADER_POUR_MICRO-95B18528.pf =>Toolbar.Conduit O45 - LFCP:[MD5.F9B350DCD346C8F5605321C3E9160BF2] - 14/04/2014 - 13:28:37 ---A- - C:\Windows\Prefetch\WININST_7.1.EXE-1AA2A4B1.pf O45 - LFCP:[MD5.34A54BDCD92023C9D91833406EC53A81] - 14/04/2014 - 13:28:48 ---A- - C:\Windows\Prefetch\04 PYCAIRO-1.4.12-1.WIN32-PY2-284764EC.pf O45 - LFCP:[MD5.4359E11DFA7238940552F971DE00E313] - 14/04/2014 - 13:29:25 ---A- - C:\Windows\Prefetch\WSHOST.EXE-05F0A3AF.pf O45 - LFCP:[MD5.D3FD8000A71214DB415285270CFC47BB] - 14/04/2014 - 13:41:59 ---A- - C:\Windows\Prefetch\FREEZIPVIEWER.EXE-573EC391.pf O45 - LFCP:[MD5.2E9DACE99F4A3C70585593C578FDD57B] - 14/04/2014 - 14:52:13 ---A- - C:\Windows\Prefetch\UTILMEGABROWSE.EXE-AC40BD42.pf =>PUP.MegaBrowse O45 - LFCP:[MD5.E3D5407B37E46B515F9F4F86DFEA9427] - 14/04/2014 - 15:12:20 ---A- - C:\Windows\Prefetch\RGUI.EXE-C98B93E5.pf O45 - LFCP:[MD5.7F772AD8F89EC72CCBE5538D8460A520] - 14/04/2014 - 16:14:00 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-95D433D1.pf O45 - LFCP:[MD5.903D4800003A70A173D0445805C0AFC2] - 14/04/2014 - 16:26:29 ---A- - C:\Windows\Prefetch\SYSINST.EXE-6D72EC77.pf O45 - LFCP:[MD5.19634EDCEA36F4EB7ACECD8C4296D805] - 14/04/2014 - 16:28:27 ---A- - C:\Windows\Prefetch\02 PYGTK-2.12.1-2.WIN32-PY2.5-8CA32755.pf O45 - LFCP:[MD5.E8EDA386A78EF62DB7B15A78C7641BA5] - 15/04/2014 - 08:15:42 ---A- - C:\Windows\Prefetch\LMUTILPS32.EXE-9827F12C.pf O45 - LFCP:[MD5.F24541961B0D94D7BB1E16B4774EF8F0] - 15/04/2014 - 13:06:58 ---A- - C:\Windows\Prefetch\BRCMCARDREADER.EXE-49383653.pf O45 - LFCP:[MD5.F022C4F4964AFA5657D722CB647F2C62] - 15/04/2014 - 13:06:58 ---A- - C:\Windows\Prefetch\DKRUN32.EXE-8583E6AC.pf O45 - LFCP:[MD5.878249F0AB320C8AE849C082CF5A3C91] - 15/04/2014 - 13:06:58 ---A- - C:\Windows\Prefetch\HD-LOGROTATORSERVICE.EXE-CE5E7913.pf O45 - LFCP:[MD5.854289D846063B73B076BB0FBEE44CC4] - 15/04/2014 - 13:15:25 ---A- - C:\Windows\Prefetch\INSTUP.EXE-3AF05CB9.pf O45 - LFCP:[MD5.E320BE22FF61846CCF55B95643B2DB3A] - 21/03/2014 - 11:17:27 ---A- - C:\Windows\Prefetch\OLRSUBMISSION.EXE-C94F6010.pf O45 - LFCP:[MD5.9167610AD129AE3FE4280462EAE6465A] - 26/03/2014 - 12:54:22 ---A- - C:\Windows\Prefetch\UPGRADE.EXE-023944AE.pf O45 - LFCP:[MD5.479B8D727E35E0BA096ECB07F53AA951] - 28/03/2014 - 19:08:24 ---A- - C:\Windows\Prefetch\UNINST_PRISM 6 (TRIAL).EXE-D22DA93E.pf O45 - LFCP:[MD5.1D4719A7E74D6CB993CA8F0A8C2399C6] - 29/03/2014 - 17:14:22 ---A- - C:\Windows\Prefetch\WMP11-WINDOWSXP-X86-FR-FR.EXE-4CA69792.pf O45 - LFCP:[MD5.1F26B2044E019588C52BD03AFE3FF461] - 29/03/2014 - 17:15:33 ---A- - C:\Windows\Prefetch\WMP11-WINDOWSXP-X86-FR-FR [1]-1FFE6CE4.pf O45 - LFCP:[MD5.C4F89EB77D0923D765320662CF8D68C4] - 29/03/2014 - 17:21:12 ---A- - C:\Windows\Prefetch\AVSMEDIAPLAYER.TMP-3EEF5966.pf O45 - LFCP:[MD5.09DAF9E4AEBB6CA624CCC3F23A18F9F5] - 29/03/2014 - 17:21:14 ---A- - C:\Windows\Prefetch\AVSMEDIAPLAYER.TMP-0FEC67EF.pf O45 - LFCP:[MD5.2CF8703B8C6D166E1F3FB2F973B34D6B] - 29/03/2014 - 17:21:50 ---A- - C:\Windows\Prefetch\REGISTRATION.TMP-97435973.pf O45 - LFCP:[MD5.E2AA25AD821F566DBC7097F74169969C] - 29/03/2014 - 17:22:02 ---A- - C:\Windows\Prefetch\AVSMEDIAPLAYER.EXE-D20AF44C.pf ~ Prefetcher: 41 Legitimates Filtered in 00mn 01s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableCAD"=1 ~ MWPS: 21 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 09/04/2014 - 17:22:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 09/04/2014 - 17:22:30 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928] O58 - SDL:[MD5.27069CFFF29B7F04F4B1BB10154BE52B] - 19/10/2012 - 03:52:32 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968] O58 - SDL:[MD5.0BD906A79F9CE3013F7D9D0AC45F9F9D] - 19/10/2012 - 03:52:30 ---A- . (.Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040] O58 - SDL:[MD5.BBEFD1442896352FBACEC3319959B278] - 20/11/2012 - 11:48:40 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [331152] O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 01:12:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288] O58 - SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] - 28/10/2013 - 01:12:12 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568] O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:[MD5.8411BF1A6A7F112AD97D4B4AC53256AD] - 05/04/2014 - 10:43:42 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo ~ Drivers: 21 Legitimates Filtered in 00mn 03s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 12/04/2014 - 14:35:08 -SHA- . (...) -- C:\Users\alex\Documents\Scanned Documents\Thumbs.db [403968] O61 - LFC: 13/04/2014 - 14:35:08 ---A- . (...) -- C:\Users\alex\Links\Desktop.lnk [481] O61 - LFC: 13/04/2014 - 14:35:08 ---A- . (...) -- C:\Users\alex\Links\Downloads.lnk [912] O61 - LFC: 13/04/2014 - 14:35:08 ---A- . (...) -- C:\Users\alex\Links\RecentPlaces.lnk [383] ~ Files: 46 Legitimates Filtered in 01mn 09s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.04B47DEEB298AE90A0C42DEAED71F8BA] [SPRF][15/04/2014] (...) -- C:\Users\alex\Desktop\adwcleaner.exe [1426178] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{EA8FC579-585B-48FE-A17F-E8FA80DC1866}" |In - Private - P6 - TRUE | .(...) -- C:\Users\alex\AppData\Local\Temp\7zS0ACE\hppiw.exe (.not file.) O87 - FAEL: "{4E5BDB3C-4B08-4081-97C3-3A54711C1E6C}" |In - Private - P17 - TRUE | .(...) -- C:\Users\alex\AppData\Local\Temp\7zS0ACE\hppiw.exe (.not file.) O87 - FAEL: "TCP Query User{45416439-B004-4981-B9F1-167EABB0880F}C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{6EF2FF97-A242-4190-82C0-FD37E820CA3F}C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "TCP Query User{26826DBB-F5EB-41D5-9824-5491DA3DF332}C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb O87 - FAEL: "UDP Query User{74BE60B1-E2EB-4A3C-89CA-927672DBB43B}C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\alex\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb ~ Firewall: 242 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "1BF4A48A307DBD84980E866B94D98210" . (..) -- C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe ~ Update Products: 75 Legitimates Filtered in 00mn 00s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASAPI32 =>PUP.MegaBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MegaBrowse_RASMANCS =>PUP.MegaBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASAPI32 =>PUP.MegaBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateMegaBrowse_RASMANCS =>PUP.MegaBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilMegaBrowse_RASAPI32 =>PUP.MegaBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilMegaBrowse_RASMANCS =>PUP.MegaBrowse ~ BTK: 59 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 23/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 16/11/2012 469648 | (DeviceFastLaneService) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe SS - | Demand 25/02/2014 1431888 | (FLEXnet Licensing Service 64) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe SS - | Auto 17/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 17/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 15/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 28/01/2013 227456 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe SR - | Auto 02/02/2011 18656 | (Autodesk Content Service) . (...) - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe SR - | Auto 09/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 20/08/2012 176640 | (BrcmCardReader) . (.Broadcom Corp..) - C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe SR - | Auto 20/12/2013 402192 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe SR - | Auto 20/12/2013 385808 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe SR - | Auto 10/12/2012 350544 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Demand 23/10/2012 658064 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe SR - | Auto 20/11/2012 100752 | (ETDService) . (.ELAN Microelectronics Corp..) - C:\Program Files\Elantech\ETDService.exe SR - | Auto 20/09/2012 29696 | C:\Users\alex\AppData\Local\Temp\7zS0ACE\hpslpsvc64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 26/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SR - | Auto 19/02/2013 96880 | (RfButtonDriverService) . (.Dritek System INC..) - C:\Windows\RfBtnSvc64.exe SR - | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation ~ Services: Scanned in 00mn 09s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by alex at 15/04/2014 14:37:25 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by alex at 15/04/2014 14:37:27 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13044 - (14/04/2014) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKCU\Software\Mega Browse] =>PUP.MegaBrowse^ [HKLM\Software\Wow6432Node\Mega Browse] =>PUP.MegaBrowse^ ~ Additionnel Scan: 309709 Items scanned in 00mn 22s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.webs.com/apps/blog/show/41917380-pup-megabrowse =>PUP.MegaBrowse http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb ~ MSI: 3 link(s) detected in 00mn 00s ~ 1067 Legitimates filtered by white list End of the scan (496 lines in 05mn 11s)(0)