~ ZHPDiag v2015.10.2.147 Par Nicolas Coolman (2015/10/02) ~ Démarré par Jigeai (Administrator) (2015/10/03 22:44:57) ~ Site: http://www.nicolascoolman.fr ~ Facebook: https://www.facebook.com/nicolascoolman1 ~ Etat de la version: Version OK ~ Mode: Scanner ~ Rapport: C:\Documents and Settings\Jigeai\Bureau\ZHPDiag.txt ~ Rapport: C:\Documents and Settings\Jigeai\Application Data\ZHP\ZHPDiag.txt ~ UAC: Deactivate ~ Démarrage du système: Normal (Normal boot) Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Navigateurs Internet (3) - 0s GCIE: Google Chrome v43.0.2357.81 MFIE: Mozilla Firefox 41.0.1 (x86 fr) v41.0.1 MSIE: Internet Explorer v8.0.6001.18702 ---\\ Informations sur les produits Windows (3) - 0s Windows Automatic Updates : OK Windows Activation Technologies : KO Windows Genuine Advantage : KO ---\\ Logiciels de protection (2) - 2s Avira Antivirus v15.0.12.420 Malwarebytes Anti-Malware version 2.0.4.1028 ---\\ Surveillance de Logiciels (2) - 2s Adobe Flash Player 18 NPAPI Adobe Reader 9.3 - Français ---\\ Informations sur le système (6) - 0s ~ Operating System: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32-bit ~ Boot mode: Normal (Normal boot) Total RAM: 2061.356 MB (47% free) ~ System Restore: Activé (Enable) ~ System drive C: has 25 GB free of 77 GB ---\\ Mode de connexion au système (3) - 0s ~ Computer Name: ASUS ~ User Name: Jigeai ~ Logged in as Administrator ---\\ Enumération des unités disques (6) - 0s ~ Drive C: has 25 GB free of 77 GB (System) ~ Drive D: has 3 GB free of 35 GB ~ Drive E: has 3 GB free of 92 GB ~ Drive F: has 2 GB free of 5 GB ~ Drive G: has 9 GB free of 66 GB ~ Drive I: has 4 GB free of 7 GB ---\\ Etat du Centre de Sécurité Windows (9) - 0s [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ---\\ Recherche particulière de fichiers génériques (23) - 2s [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) () -- C:\WINDOWS\Explorer.exe [1037824] © [MD5.93AD0B78C7357A05F50E594EC7C22300] - (.Microsoft Corporation - Exécuter une DLL en tant qu'application.) () -- C:\WINDOWS\System32\rundll32.exe [33792] © [MD5.E1948B1F45A176FB4A0251446A5AE86D] - (.Microsoft Corporation - Internet Extensions for Win32.) () -- C:\WINDOWS\System32\wininet.dll [920064] © [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows.) () -- C:\WINDOWS\System32\Winlogon.exe [512000] © [MD5.D76A076ADB74F8132924E498D63123A2] - (.Microsoft Corporation - DNS Client API DLL.) () -- C:\WINDOWS\System32\dnsapi.dll [149504] © [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\WINDOWS\System32\drivers\AFD.sys [138496] © [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) () -- C:\WINDOWS\System32\drivers\atapi.sys [96512] © [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\WINDOWS\System32\drivers\Cdfs.sys [63744] © [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\WINDOWS\System32\drivers\Cdrom.sys [62976] © [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) () -- C:\WINDOWS\System32\drivers\Fips.sys [44672] © [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) () -- C:\WINDOWS\System32\drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) () -- C:\WINDOWS\System32\drivers\i8042prt.sys [54144] © [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) () -- C:\WINDOWS\System32\drivers\Imapi.sys [42112] © [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\WINDOWS\System32\drivers\IpNat.sys [152832] © [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) () -- C:\WINDOWS\System32\drivers\IPSec.sys [75264] © [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\WINDOWS\System32\drivers\MRxSmb.sys [456320] © [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\WINDOWS\System32\drivers\netBT.sys [162816] © [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) () -- C:\WINDOWS\System32\drivers\ntfs.sys [574976] © [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) () -- C:\WINDOWS\System32\drivers\Parport.sys [80384] © [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [51328] © [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\WINDOWS\System32\drivers\rdpdr.sys [196224] © [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) () -- C:\WINDOWS\System32\drivers\redbook.sys [58752] © [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) () -- C:\WINDOWS\System32\drivers\volsnap.sys [53376] © ---\\ Processus lancés (22) - 1s [MD5.C1342DDE1D9D33B670DC91F146AFEBAA] - (.Emsisoft GmbH - Online Armor Component.) -- C:\Program Files\Online Armor\oacat.exe [584864] [PID.1340] [MD5.DFF023B4100EB120D2DC62F3AC393A05] - (.Emsisoft GmbH - Online Armor Component.) -- C:\Program Files\Online Armor\oasrv.exe [4457688] [PID.1380] [MD5.5AC144F03B31AFAB6717AD3622D1680D] - (.Atheros - ACS.) -- C:\WINDOWS\system32\acs.exe [499796] [PID.1768] © [MD5.E20B4F23EB153635D67944F63454EC84] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\Antivirus\sched.exe [461672] [PID.1800] © [MD5.E8FE4FCE23D2809BD88BCC1D0F8408CE] - (...) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832] [PID.1972] [MD5.E20B4F23EB153635D67944F63454EC84] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files\Avira\Antivirus\avguard.exe [461672] [PID.2008] © [MD5.650D03E40F93FAE323CB841F80368E5C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744] [PID.2040] © [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.128] © [MD5.509E1FC322865956D237144D4F5ABF79] - (...) -- C:\Program Files\Sony\PlayMemories Home\dfs.exe [149528] [PID.204] [MD5.754EFD0B227B21160E3A27229F52FDDA] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [182696] [PID.408] © [MD5.4CD6D452B3232771E7CE81C4D512D94A] - (...) -- C:\Documents and Settings\Jigeai\Application Data\MediaFire Desktop\MFUsnMonitorService.exe [456176] [PID.452] [MD5.DF51A0FF457305774C96B1F62FD7EF38] - (.Sony Corporation - Device Information Provider.) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304] [PID.108] © [MD5.76648BCBEB840B391E85DAD2DC04FFC9] - (.Avira Operations GmbH & Co. KG - Avira.ServiceHost.) -- C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [240872] [PID.2368] © [MD5.C063DA6EB1E91722611EE1ACE9A7DE96] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Program Files\Avira\Antivirus\avshadow.exe [434368] [PID.3876] © [MD5.2CC9A09302592884E442C9D6D4B306CA] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.EXE [17881600] [PID.3304] © [MD5.8792F13FD4EEE4C1C8C93086011A1A0A] - (.Emsisoft GmbH - Online Armor Component.) -- C:\Program Files\Online Armor\oaui.exe [7558464] [PID.2648] [MD5.27F8A7A78773427E5D931628F89D6839] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files\Avira\Antivirus\avgnt.exe [782008] [PID.2868] © [MD5.E84528D2B426A26313667A66F4869066] - (.Emsisoft GmbH - Online Armor Component.) -- C:\Program Files\Online Armor\oahlp.exe [3976672] [PID.3236] [MD5.4C62D08215EBD1C9FEB395550183DC99] - (.Avira Operations GmbH & Co. KG - Avira Launcher.) -- C:\Program Files\Avira\Launcher\Avira.Systray.exe [135800] [PID.2140] © [MD5.09B1747D1576FE7E5ECE2201C8F0936B] - (.Dropbox, Inc. - Dropbox.) -- C:\Documents and Settings\Jigeai\Application Data\Dropbox\bin\Dropbox.exe [36710768] [PID.2500] © [MD5.601C233CDC2422AD7244D423ED8DFB50] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [377000] [PID.3820] © [MD5.DD7DAC8A6913EB893372091E96871F95] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Jigeai\Bureau\Pb LectSeule\ZHPDiag3.exe [1940992] [PID.4108] © ---\\ Google Chrome, Démarrage,Recherche,Extensions (8) - 0s G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.google.com G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc. G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc. ---\\ Firefox, Plugins,Demarrage,Recherche,Extensions (12) - 1s M0 - MFSP: prefs.js [Jigeai - 77m3z3k6.default] http://lafibre.orange.fr/ P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\firefox@ghostery.com.xpi P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\info@youtube-mp3.org.xpi P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}.xpi P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\searchplugins\googletranslate.xml P2 - EXT FILE: (...) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\searchplugins\qwantcom.xml P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} © P2 - EXT: (.Avira - Segurança do navegador Avira.) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\abs@avira.com P2 - EXT: (.WOT Services Oy - WOT.) -- C:\Documents and Settings\Jigeai\Application Data\Mozilla\Firefox\Profiles\77m3z3k6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} © P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll © P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll © ---\\ Internet Explorer,Démarrage,Recherche,URLSearchHook (11) - 0s R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/ R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer ---\\ Internet Explorer,Proxy Management (6) - 0s R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Internet Explorer,IniFiles, Autoloading programs (3) - 0s F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe (.Microsoft Corporation.) © F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) © F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ---\\ Etude du fichier hosts (1) - 0s ~ Le fichier hôte est sain (The hosts file is clean) (20) ---\\ Browser Helper Object de navigateur (BHO) (4) - 0s O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll © O2 - BHO: Increase performance and video formats for your HTML5