~ Rapport de ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014) ~ Lancé par Morue (12/03/2014 23:28:04) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16521 MFIE: Mozilla Firefox 27.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 8.1, 64-bit (Build 9600) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : C34D6 Windows License : OK ~ Windows Remaining Initializations Number : 999 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Windows Defender W8 ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI Java 7 Update 51 Java 7 Update 51 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3973 MB (52% free) System Restore: Activé (Enable) System drive C: has 286 GB (65%) free of 435 GB ---\\ Mode de connexion au système ~ Computer Name: MORUE ~ User Name: Morue ~ All Users Names: Morue, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\J\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\J\AppData\Roaming\ ~ %Desktop% : C:\Users\J\Desktop\ ~ %Favorites% : C:\Users\J\Favorites\ ~ %LocalAppData% : C:\Users\J\AppData\Local\ ~ %StartMenu% : C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 286 Go of 435 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.63DC38C3E4564B2405D562855643ABA2] - (.Microsoft Corporation - Explorateur Windows.) (.14/11/2013 - 08:37:16.) -- C:\Windows\Explorer.exe [2328872] [MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Application de démarrage de Windows.) (.22/08/2013 - 10:58:29.) -- C:\Windows\System32\Wininit.exe [144384] [MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 04:10:28.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.7C94FDA3809015B8F2208D2E1C221F17] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.22/08/2013 - 10:55:08.) -- C:\Windows\System32\Winlogon.exe [564736] [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/12/2013 - 09:54:07.) -- C:\Windows\System32\sppcomapi.dll [447488] [MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296] [MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 13:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464] [MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 12:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576] [MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 09:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352] [MD5.5DB26D7E0216D0BF364A81D3829AD7B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.22/08/2013 - 12:38:00.) -- C:\Windows\system32\Drivers\DfsC.sys [134656] [MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 12:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336] [MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Pilote de port i8042.) (.22/08/2013 - 12:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520] [MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\IpNat.sys [142848] [MD5.79B6F3DF7CDFD12159871FF71464F0CE] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.15/02/2014 - 21:21:28.) -- C:\Windows\system32\Drivers\MRxSmb.sys [403456] [MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 12:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624] [MD5.4412D565C0278C401575E11072C7DCE3] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.22/08/2013 - 14:25:41.) -- C:\Windows\system32\Drivers\ntfs.sys [2011488] [MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Pilote de port parallèle.) (.22/08/2013 - 12:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208] [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 12:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832] [MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.14/11/2013 - 08:16:40.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584] [MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 14:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520] [MD5.C85C075DE5B6D0FE116043054DE8EE02] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.31/01/2014 - 17:15:23.) -- C:\Windows\system32\Drivers\volsnap.sys [311640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/12546 ~ Mes musiques (My Musics) : 1/10262 ~ Mes Videos (My Videos) : 2/103 ~ Mes Favoris (My Favorites) : 1/3 ~ Mes Documents (My Documents) : 1/600 ~ Mon Bureau (My Desktop) : 2/5 ~ Menu demarrer (Programs) : 1/23 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3780] [MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3800] [MD5.2E2F360FF158A67F8128EFAAF974189C] - (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776] [PID.3876] [MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.3960] [MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4036] [MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2572] [MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.4464] [MD5.672E1B3140D78F01E5563C32A72E3ED3] - (.Pas de propriétaire - VaioCare Window Listener Application.) -- C:\Program Files\Sony\VAIO Care\listener.exe [62464] [PID.5048] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2624] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1488] [MD5.497E84A1B6767142987A17574C57C04E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe [1863560] [PID.2848] [MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.5904] ~ Processes Running: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Autres liens utilisateurs (O4) O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ~ Global Startup: 37 Legitimates Filtered in 00mn 00s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKLM\..\Wow6432Node\Run: [ISBMgr.exe] . (.Sony Corporation - ISB Utility.) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\policies\Explorer\Run: [BtvStack] . (.Qualcomm®Atheros® - Extension Core.) -- C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-3022924795-3176320782-3063755660-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe ~ Application: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29 O17 - HKLM\System\CCS\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C1FDB2BF-32D7-4090-B559-BF94674A478E}: DhcpNameServer = 192.54.120.29 O17 - HKLM\System\CS1\Services\Tcpip\..\{D02164CF-5529-45FC-B311-7458EFD032E1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AtherosSvc (AtherosSvc) . (.Windows (R) Win 7 DDK provider - Windows Setup API.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ZAtheros Bt and Wlan Coex Agent (ZAtheros Bt and Wlan Coex Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: 17 Legitimates Filtered in 00mn 02s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Synaptics TouchPad Enhancements.job [264] ~ Scheduled Task: 16 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKLM\Software\Internet Content Filter] [HKLM\Software\Wow6432Node\Internet Content Filter] ~ Key Software: 232 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 11/10/2012 - 17:36:22 - [0] ----D C:\ProgramData\Internet Content Filter ~ Program Folder: 138 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.967C7DAFF9D85100E396772D3E957DA9] - 01/03/2014 - 15:22:33 ---A- . (...) -- C:\Windows\DirectX.log [946] O44 - LFC:[MD5.110BE5198A63D3FF3CE9C30F1DC12EC3] - 12/03/2014 - 04:48:18 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [386722] ~ Files: 47 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.8C1E7A63911147AE487627EE0811B392] - 04/03/2014 - 10:01:57 ---A- - C:\Windows\Prefetch\CDEX.EXE-8F648B50.pf O45 - LFCP:[MD5.5323F36B172895628837716CC8B570D4] - 04/03/2014 - 19:02:08 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-4F12BBBD.pf O45 - LFCP:[MD5.20EA56EE55E3C03AA6C54C799B4DD6B9] - 04/03/2014 - 19:31:10 ---A- - C:\Windows\Prefetch\VIRTUALDUB.EXE-31CF4C5E.pf O45 - LFCP:[MD5.F4649BE145E37D3B955DAB5A8661792C] - 07/03/2014 - 18:44:27 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.E16CC231007B8F9BE7CC19D8B19BEF6A] - 08/03/2014 - 12:14:00 ---A- - C:\Windows\Prefetch\WLXTRANSCODE.EXE-EBF285AB.pf O45 - LFCP:[MD5.B00689E141E947DF02004725EBB7C931] - 08/03/2014 - 12:47:59 ---A- - C:\Windows\Prefetch\FONTVIEW.EXE-29AA2259.pf O45 - LFCP:[MD5.898CD436230DA9CA4F10A92440B62087] - 12/03/2014 - 05:03:17 ---A- - C:\Windows\Prefetch\VESMGRSUB.EXE-5F3BF9F4.pf O45 - LFCP:[MD5.44588D64C8FB319C576DC1D2412B9CA1] - 12/03/2014 - 05:11:57 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-E57CFFD5.pf O45 - LFCP:[MD5.A708159B4E4EC95B1B950D4CDFD085E8] - 12/03/2014 - 05:31:56 ---A- - C:\Windows\Prefetch\RELPOST.EXE-9967872C.pf O45 - LFCP:[MD5.A9419F30B6FADF620B903D4EDC17EE17] - 12/03/2014 - 05:34:24 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-946B024A.pf O45 - LFCP:[MD5.8FB9A212129C92878DA9D83B71CC0285] - 12/03/2014 - 05:36:01 ---A- - C:\Windows\Prefetch\DIFXINST64.EXE-7208E477.pf O45 - LFCP:[MD5.43B498F4F593FD59693A38C3C38BD21F] - 12/03/2014 - 06:27:46 ---A- - C:\Windows\Prefetch\MSERT.EXE-AA79E7B7.pf O45 - LFCP:[MD5.4149B27B70E9FC02A6A134CA82114297] - 12/03/2014 - 06:43:44 ---A- - C:\Windows\Prefetch\VCADMIN.EXE-D3DFB322.pf O45 - LFCP:[MD5.37693D2B456E1BD4B2CDE30B22492021] - 12/03/2014 - 08:00:26 ---A- - C:\Windows\Prefetch\WSHOST.EXE-EAFFA074.pf O45 - LFCP:[MD5.65BB143F025400E2A88E7A554E3447B8] - 12/03/2014 - 19:56:27 ---A- - C:\Windows\Prefetch\ESRV_SVC.EXE-4D949A93.pf O45 - LFCP:[MD5.03CDFE96B5F3755255FD8304BA06B676] - 12/03/2014 - 19:56:34 ---A- - C:\Windows\Prefetch\ESRV.EXE-20910D24.pf O45 - LFCP:[MD5.ED02708E255CA76708BF7391249C5764] - 12/03/2014 - 22:55:34 ---A- - C:\Windows\Prefetch\PfPre_673969fd.db O45 - LFCP:[MD5.B2316B5E7DBF3EE20FA94F902F5D3022] - 15/02/2014 - 22:13:51 ---A- - C:\Windows\Prefetch\VAIO GATE.EXE-DA064CAE.pf O45 - LFCP:[MD5.6156692A8C2BDE853B83608D11A52919] - 15/02/2014 - 22:29:10 ---A- - C:\Windows\Prefetch\EP0000310545.EXE-B3837583.pf O45 - LFCP:[MD5.00CE82F7A30F862E608F2359B3AE2A1A] - 15/02/2014 - 22:38:54 ---A- - C:\Windows\Prefetch\EP0000310293.EXE-CD9C8853.pf O45 - LFCP:[MD5.73749E69DB6EECB0B217BF2BDD23097D] - 15/02/2014 - 22:45:25 ---A- - C:\Windows\Prefetch\EP0000313051.EXE-AAA46E19.pf O45 - LFCP:[MD5.4128718A20BA1ECBD7833A5994F15119] - 15/02/2014 - 22:45:26 ---A- - C:\Windows\Prefetch\EP0000310299.EXE-FC90EB9F.pf O45 - LFCP:[MD5.0CDB82F9DEB8737C058B38526CE43455] - 15/02/2014 - 22:45:35 ---A- - C:\Windows\Prefetch\SHELLEXEPROXY.EXE-41782C6C.pf O45 - LFCP:[MD5.106AD266AED74CA8AA28944B82DD88EE] - 15/02/2014 - 22:45:40 ---A- - C:\Windows\Prefetch\VAIO CONTROL CENTER.EXE-C2E391F3.pf O45 - LFCP:[MD5.C04C5CBF2A33C7C1AC3FA39C003C9251] - 15/02/2014 - 23:08:52 ---A- - C:\Windows\Prefetch\SWBUNDLE.EXE-3B90F436.pf O45 - LFCP:[MD5.F2A8A8CF3ABF67E46C2AF486737093C0] - 16/02/2014 - 02:31:53 ---A- - C:\Windows\Prefetch\SYSTEMSETTINGS.EXE-94FD71BB.pf O45 - LFCP:[MD5.686E21074FA0E78E57687799B913833E] - 16/02/2014 - 12:59:07 ---A- - C:\Windows\Prefetch\KEYGEN.EXE-914F4DAB.pf O45 - LFCP:[MD5.5F14CA9FCEEBA9BF8A6C6190EFD249DF] - 16/02/2014 - 13:09:01 ---A- - C:\Windows\Prefetch\CDEX_1.7_BETA_4_196.EXE-B03AC06E.pf O45 - LFCP:[MD5.5945827ED66EB0F3D73A70983F56C3D9] - 16/02/2014 - 13:32:57 ---A- - C:\Windows\Prefetch\PHOTOSAPP.EXE-522B4C9D.pf O45 - LFCP:[MD5.66BA27B3B6EA8C68B58B683FECF646D9] - 18/02/2014 - 21:01:01 ---A- - C:\Windows\Prefetch\LAME_V3.99.3_FOR_WINDOWS.TMP-D99A503A.pf O45 - LFCP:[MD5.6D03C16AEC1D47305A92AD9B0729E6E6] - 22/02/2014 - 20:35:13 ---A- - C:\Windows\Prefetch\WLSETTINGS.EXE-8FF545BD.pf O45 - LFCP:[MD5.10B254804E8DAC97D9858A5FBE081FB1] - 24/02/2014 - 02:11:34 ---A- - C:\Windows\Prefetch\SETUP-STUB.EXE-09EB30B1.pf O45 - LFCP:[MD5.51F76BED87BE11D107F81EC75C3C676F] - 28/02/2014 - 05:52:27 ---A- - C:\Windows\Prefetch\FSAVAILUX.EXE-84333236.pf ~ Prefetcher: 299 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] - 13/08/2013 - 00:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624] O58 - SDL:[MD5.F1CE49C11A9833A5D2EC32443A142064] - 06/12/2013 - 14:37:50 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35232] O58 - SDL:[MD5.D8AD76AB13299C52D1D3C58FD3ADAF59] - 27/11/2013 - 02:53:58 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [52128] O58 - SDL:[MD5.1ED7A8574A28357097A5CB4063C96B00] - 15/02/2014 - 22:20:24 ---A- . (...) -- C:\Windows\System32\Drivers\semav6thermal64ro.sys [13792] O58 - SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] - 22/08/2013 - 13:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 17 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 09/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Sin City 2, a dame to kill for.mp4 [24617906] O61 - LFC: 11/03/2014 - 23:28:54 -SHA- . (...) -- C:\Users\J\Downloads\Thumbs.db [234496] O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 1\Thumbs.db [134656] O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 2\Thumbs.db [67072] O61 - LFC: 11/03/2014 - 23:34:11 -SHA- . (...) -- C:\Users\J\Videos\Game of thrones 3\Thumbs.db [76800] O61 - LFC: 11/03/2014 - 23:34:12 -SHA- . (...) -- C:\Users\J\Videos\Thumbs.db [103424] O61 - LFC: 11/03/2014 - 23:34:13 -SHA- . (...) -- C:\Users\J\Videos\Videos\Thumbs.db [364544] O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\Log.txt [31835] =>.Nicolas Coolman O61 - LFC: 12/03/2014 - 23:28:40 ---A- . (...) -- C:\Users\J\AppData\Roaming\ZHP\TestsZHPDiag.txt [2731] =>.Nicolas Coolman O61 - LFC: 12/03/2014 - 23:28:54 ---A- . (...) -- C:\Users\J\Links\Photos iCloud.lnk [160] O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Electra heart (clip).mp4 [73770912] O61 - LFC: 12/03/2014 - 23:34:12 ---A- . (...) -- C:\Users\J\Videos\Marina & The Diamonds - Lies (clip).mp4 [67624996] ~ 15 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 379 Legitimates Filtered in 05mn 54s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {116591E8-7A94-4226-9CD6-79D0D0DD1C25} [DefaultScope] - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) ~ WIS: 76 Legitimates Filtered in 00mn 12s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Demand 11/02/2013 235216 | (McComponentHostServiceSony) . (.McAfee, Inc..) - C:\Program Files (x86)\Sony\MSS\3.0.318\McCHSvc.exe SS - | Demand 13/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 28/09/2013 625240 | (NetworkSupport) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 08/08/2012 123616 | (SOHCImp) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe SS - | Demand 08/08/2012 460512 | (SOHDms) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe SS - | Demand 08/08/2012 78048 | (SOHDs) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe SS - | Demand 01/12/2011 289952 | (SpfService) . (.Sony Corporation.) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe SS - | Demand 29/05/2013 377768 | (USER_ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe SS - | Demand 19/07/2012 476328 | (VAIO Power Management) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Power Management\SPMService.exe SS - | Demand 08/08/2012 972000 | (VCFw) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 07/09/2013 312448 | (AtherosSvc) . (.Windows (R) Win 7 DDK provider.) - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 29/05/2013 377768 | (ESRV_SVC) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 07/08/2012 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe SR - | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 29/05/2013 266168 | (SampleCollector) . (.Intel Corporation.) - C:\Program Files\Sony\VAIO Care\VCPerfService.exe SR - | Auto 27/08/2013 93072 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SR - | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 18/08/2012 68776 | (VAIO Event Service) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe SR - | Demand 09/08/2013 57944 | (VCService) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Care\VCService.exe SR - | Demand 01/08/2013 1368624 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\VUAgent.exe SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 07/09/2013 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe ~ Services: Scanned in 00mn 16s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Morue at 12/03/2014 23:35:12 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Morue at 12/03/2014 23:35:15 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13031 - (12/03/2014) Clés trouvées (Keys found) : 1 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\APN PIP] =>Toolbar.Ask ~ Additionnel Scan: 282874 Items scanned in 00mn 17s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 1 link(s) detected in 00mn 17s ~ 1596 Legitimates filtered by white list End of the scan (433 lines in 07mn 28s)(0)